Skillv2.4.8

ClawScan security

ProxyClaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 21, 2026, 7:23 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and required credential (IPLOOP_API_KEY) are consistent with a residential proxy client; there are no signs of unrelated privileges or hidden exfiltration in the provided files.
Guidance: This skill appears to do exactly what it says: route requests through IPLoop's residential proxies using curl and a single API key. Before installing/using it: 1) Treat IPLOOP_API_KEY as sensitive — avoid putting it in persistent shell profiles; prefer session-scoped exports or a secrets manager. 2) Be aware the proxy authentication (password) is sent to the proxy in plaintext and curl args may be visible to other users on the same host via process listings. 3) The service is designed for scraping and geo-targeting; ensure your usage complies with target sites' Terms of Service and applicable law. 4) Note the minor inconsistency between fetch.sh and setup.sh in how they supply proxy credentials (empty username vs 'user'); functionally both are plausible but you may want to standardize. 5) The registry metadata lacks a verified homepage entry — if you need stronger provenance, verify the upstream project (iploop.io / GitHub) before trusting long-term credentials or giving the skill autonomous, repeated access.

Review Dimensions

Purpose & Capability: okName/description (residential proxy access) matches the requested binary (curl), the single required env var (IPLOOP_API_KEY), and the provided scripts (fetch.sh, setup.sh) that perform proxied HTTP(S) requests. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: noteSKILL.md and the scripts focus on fetching URLs via proxy.iploop.io and optionally converting HTML to markdown. The instructions explicitly send requests to the proxy gateway and user-specified target URLs (expected). The SKILL.md correctly warns about process-listing exposure of curl args. Minor inconsistency: setup.sh uses --proxy-user "user:${IPLOOP_API_KEY}" while fetch.sh uses an empty username ":${IPLOOP_API_KEY}" — both are plausible but slightly inconsistent.
Install Mechanism: okThis is instruction-only with no install spec. The skill requires only curl (commonly available). No downloads, extract operations, or third-party installer URLs are present in the manifest.
Credentials: noteOnly one credential is required (IPLOOP_API_KEY), which is proportional to a proxy client. The documentation correctly highlights that proxy auth is sent to the proxy in plaintext and that curl command-line args can be visible in process listings — both are legitimate security cautions the user should heed.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills or system-wide settings, and has no install that grants persistent elevated privileges. Autonomous invocation is allowed (platform default) but not combined with other red flags.