NodeMaven – Premium Proxies for Account Management, Automation, and Scraping
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: nodemaven-premium-proxy Version: 1.0.0 The skill bundle provides a comprehensive and well-documented integration for the NodeMaven proxy service. It includes detailed instructions for an AI agent to handle API authentication, location resolution, and proxy configuration while emphasizing strict security hygiene, such as masking API keys and avoiding the persistence of credentials in logs or code artifacts (skill.md). No evidence of malicious intent, data exfiltration, or harmful prompt injection was found; the instructions are entirely aligned with the stated purpose of managing premium proxy infrastructure.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the redacted value is a real proxy password, someone with access to the skill artifact could use the proxy account or cause costs and abuse tied to that account.
The supplied static scan says the skill file appears to contain a hardcoded proxy password. Proxy credentials are explicitly treated by the skill as secrets, so including one in the artifact could allow unauthorized proxy use or billing impact.
suspicious.exposed_secret_literal ... Evidence: proxy_password: [REDACTED]
Do not install until the publisher confirms the value is only a dummy placeholder. If it was real, remove it from the skill, rotate the proxy credential, and publish only placeholders or environment-variable references.
Providing these credentials lets the agent validate the account, configure proxy access, and potentially affect usage or sub-user settings.
The skill openly requires handling provider API keys, proxy usernames/passwords, and sub-user passwords. This is aligned with the proxy-management purpose, but it grants access to a paid external account.
The agent handles three classes of secrets: ... NodeMaven API key ... Proxy credentials ... Sub-user passwords
Use a least-privilege API key if available, avoid pasting credentials into shared chats, rotate exposed keys/passwords, and confirm any account or sub-user changes before they happen.
The agent could guide actions that create accounts, buy proxy plans, or change service configuration.
The skill includes account creation and purchase workflows for a paid proxy service. This is part of its stated purpose, but spending money or changing provider account state is high-impact.
Guide the user through account creation, purchase, or API-key retrieval.
Require explicit user confirmation before any purchase, plan change, sub-user creation, password rotation, or other account mutation.
Misuse could lead to account bans, legal issues, or unintended traffic attributed to the user’s proxy account.
The skill is designed for proxy-backed automation and mentions anti-detect account workflows. That is disclosed and purpose-aligned, but it can be used in ways that violate platform rules or laws.
scraping, browser automation, and data collection ... stronger anti-detect setups
Use the skill only for authorized workflows and comply with target site terms, laws, and provider policies.
Users have less assurance that the instructions came from the official provider or a trustworthy maintainer.
The artifact has no declared source repository or homepage. There is no executable install payload, but provenance matters because the skill asks users to rely on provider endpoints and credentials.
Source: unknown; Homepage: none
Verify the NodeMaven domains and API documentation independently before entering credentials or making purchases.