Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
ProxyClaw
Security checks across static analysis, malware telemetry, and agentic risk
Overview
ProxyClaw coherently provides proxy scraping, but it promotes anti-bot evasion, uses sensitive proxy credentials, and includes an optional persistent bandwidth-sharing node that needs careful review.
Install only if you knowingly need residential proxy scraping. Use a rotatable, low-quota IPLoop key, monitor usage, and avoid private or unauthorized targets. Do not run the earning Docker node unless you accept routing third-party traffic through your network; verify and pin the image, isolate it, and remove it when done.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
An agent could use this to access sites in ways that violate site rules, trigger blocking, consume proxy credits, or create legal/compliance risk.
Why it was flagged
The skill is not just a basic proxy; it advertises bypassing anti-bot protections and is intended for agent-run scraping of arbitrary sites.
Skill content
Stealth mode uses advanced browser fingerprinting + residential IPs: ... Bypasses Cloudflare, Akamai, and most anti-bot systems
Recommendation
Use only for authorized, permitted scraping of appropriate targets; require explicit user approval for sensitive, logged-in, CAPTCHA-protected, or high-volume targets.
What this means
A leaked or overused API key could spend the user's proxy bandwidth or allow someone else to use the account's proxy quota.
Why it was flagged
The user's API key is converted into the proxy password and supplied to curl for each request, which consumes the user's quota and may expose the key to local process inspection depending on platform and curl behavior.
Skill content
AUTH="iploop:${IPLOOP_API_KEY}" ... --proxy-user "$AUTH"Recommendation
Use a separate low-quota key where possible, run only on trusted single-user systems, monitor IPLoop usage, and rotate the key if exposure is suspected.
What this means
Users may trust the credential handling more than they should and run the tool in environments where other users or processes can observe command arguments.
Why it was flagged
The supplied fetch.sh builds a secret-bearing auth string and passes it to curl via `--proxy-user`, so the security claim is overconfident or under-supported.
Skill content
API key passed via `--proxy-user` (not in URL or command line args visible in `ps aux`)
Recommendation
Treat the API key as sensitive, avoid shared hosts, and prefer credential mechanisms that do not place secrets in command arguments.
What this means
A changed or compromised image could run persistent code on the user's machine and route traffic through the user's network.
Why it was flagged
The recommended earning node pulls a mutable `latest` Docker image from an external registry without a digest or signature in the artifacts.
Skill content
docker run -d --name iploop-node --restart=always ultronloop2026/iploop-node:latest
Recommendation
Do not run the node unless needed; verify the image source, pin a digest or reviewed version, and run it in an isolated environment.
What this means
Third-party proxy traffic may continue through the user's home or office connection, using bandwidth and potentially exposing the user to abuse complaints or reputation risk.
Why it was flagged
The earning node is designed to keep operating as a residential proxy endpoint after setup; the docs also recommend a Docker run mode with `--restart=always`.
Skill content
Share — Your idle bandwidth serves proxy requests through real residential IPs
Recommendation
Only run the bandwidth-sharing node with explicit intent; monitor it, avoid `--restart=always` unless necessary, and know how to stop and remove the container.
What this means
Sensitive target URLs or non-HTTPS content may be visible to the proxy service.
Why it was flagged
The skill discloses that requests are mediated by the IPLoop proxy and arbitrary target sites; this is purpose-aligned, but the proxy provider receives request metadata and the API key.
Skill content
Network destinations | `proxy.iploop.io:8880` (proxy gateway) + user-specified target URLs
Recommendation
Avoid sending private or sensitive URLs/data through the proxy unless you trust the provider; prefer HTTPS targets.