ClawHub

Proxy Auto

Security checks across malware telemetry and agentic risk

Overview

This appears to be a proxy-enabling skill, but it may automatically route sensitive network traffic through an insufficiently described third-party proxy path.

Install only if you trust the proxy operator and understand that requests, destinations, package downloads, and possibly credentials or payloads may transit that proxy. Use it only for explicitly approved traffic, avoid sending secrets through it unless necessary, and disable it when not needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs users to route GitHub, OpenAI, package installation, and other external traffic through a SOCKS5/HTTP proxy, but it does not warn that the proxy operator can observe request metadata and potentially inspect or influence some traffic. In a security-sensitive agent context, silently normalizing proxy use increases the risk of credential leakage, sensitive prompt/data exposure, and supply-chain manipulation via proxied package downloads.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The description states the skill will 'automatically enable VMess proxy when external network access is needed,' but it does not define what conditions trigger that behavior or require explicit user approval. Ambiguous automatic proxy activation can lead to unexpected routing of traffic through a third-party proxy, creating confidentiality, integrity, and policy-compliance risks if sensitive requests are sent through the tunnel.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal