NodeMaven – Premium Proxies for Account Management, Automation, and Scraping

If the redacted value is a real proxy password, someone with access to the skill artifact could use the proxy account or cause costs and abuse tied to that account.

The supplied static scan says the skill file appears to contain a hardcoded proxy password. Proxy credentials are explicitly treated by the skill as secrets, so including one in the artifact could allow unauthorized proxy use or billing impact.

Providing these credentials lets the agent validate the account, configure proxy access, and potentially affect usage or sub-user settings.

The skill openly requires handling provider API keys, proxy usernames/passwords, and sub-user passwords. This is aligned with the proxy-management purpose, but it grants access to a paid external account.

The agent could guide actions that create accounts, buy proxy plans, or change service configuration.

The skill includes account creation and purchase workflows for a paid proxy service. This is part of its stated purpose, but spending money or changing provider account state is high-impact.

Misuse could lead to account bans, legal issues, or unintended traffic attributed to the user’s proxy account.

The skill is designed for proxy-backed automation and mentions anti-detect account workflows. That is disclosed and purpose-aligned, but it can be used in ways that violate platform rules or laws.

Users have less assurance that the instructions came from the official provider or a trustworthy maintainer.

The artifact has no declared source repository or homepage. There is no executable install payload, but provenance matters because the skill asks users to rely on provider endpoints and credentials.