Skillv1.0.0

ClawScan security

Proxy Auto · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 3, 2026, 7:26 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is a small helper that toggles local proxy environment variables for commands targeting known external domains; it doesn't request secrets or download code, but some documentation claims (remote VMess node) are not implemented and it assumes placing a script under /root which you should verify before use.
Guidance: This helper merely configures local proxy environment variables; it does not provide or start a VMess proxy client. Before installing or sourcing: (1) verify who provides and runs the actual proxy service that should be listening on 127.0.0.1:10808/10809 — if you don't run a local VMess client, the proxy settings will fail or route traffic to nothing; (2) avoid blindly sourcing scripts into root-owned locations — consider placing the script in your user profile directory and review its contents (it's short and readable); (3) remember that routing API calls (OpenAI, GitHub, npm) through a proxy can expose request payloads, API keys, or tokens to the operator of that proxy — only use trusted proxies; (4) if you want the claimed VMess/backend behavior, confirm or provide a trusted local client or service that creates the localhost listeners rather than relying on undocumented remote infrastructure.

Review Dimensions

Purpose & Capability: noteThe name/description (automatic SOCKS5 proxy switching) matches the provided script and instructions: the script exports http/https/ALL_PROXY pointing at localhost and runs the requested command. However the README mentions a 'VMess over WebSocket' Singapore backend and optimizations for services — the code does not create or manage any VMess client nor connect to remote proxies. That claim appears to describe an external/local runtime dependency rather than implemented behavior.
Instruction Scope: noteSKILL.md instructs users to source a proxy script at /root/.openclaw/proxy-auto.sh or manually set environment variables and shows curl tests. The instructions do not read unrelated files or credentials. Minor inconsistency: the repo contains proxy.sh but the docs point to /root/.openclaw/proxy-auto.sh (an assumed install path). The script inspects command arguments for domain substrings and exports proxies only when matched — that's within the feature scope.
Install Mechanism: okThere is no install spec and the skill is effectively instruction-only with a single helper script included. Nothing is downloaded from external URLs and no archive extraction or package manager installs are declared, which is low-risk from an install perspective.
Credentials: okThe skill does not request environment variables, credentials, or config paths. The script sets local proxy environment variables only as needed. No secrets or unrelated credentials are required or accessed.
Persistence & Privilege: noteThe skill is not always-enabled and does not request elevated privileges in metadata. However SKILL.md suggests storing the script under /root/.openclaw/proxy-auto.sh; asking to place files in /root can be sensitive depending on your system and user context. The skill does not modify other skills or system-wide agent settings.