URnetwork

Create and manage HTTPS, SOCKS, or WireGuard proxies via URnetwork API to connect anonymously through specific countries, regions, or cities worldwide.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 1 · 202 · 0 current installs · 0 all-time installs

by@xcolwell

MIT-0

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

The name/description (create/manage HTTPS, SOCKS, WireGuard proxies) matches the runtime instructions: curl calls to api.bringyour.com, location search, and proxy creation endpoints. No unexpected binaries or env vars are requested. However, the package has no source/homepage listed and points to external domains (bringyour.com and a GitHub path), so provenance is unclear.

ℹ

Instruction Scope

SKILL.md instructs the agent to ask the human for an auth code, exchange it for a JWT, store/reuse the JWT, and call network endpoints to enumerate locations and create proxies — all coherent for a proxy-management skill. The instructions do not ask the agent to read local files or environment variables. Concern: the agent will prompt for and handle sensitive auth codes/JWTs, and the doc recommends storing the JWT; the skill gives the agent discretion in selecting locations and enumerating egress IPs (which could be abused if not restricted).

✓

Install Mechanism

Instruction-only skill with no install spec and no code files; nothing is written to disk by an installer. This is the lowest-risk install profile, but it increases reliance on the agent following instructions correctly.

ℹ

Credentials

No environment variables or credentials are declared, which is consistent with the design of asking the human for a one-time auth code. That said, the skill depends on collecting a sensitive auth code/JWT from the user at runtime — a high-value secret. The SKILL.md also suggests storing the JWT for reuse without specifying safe storage, which raises credential handling concerns.

✓

Persistence & Privilege

always is false and the skill is user-invocable. There is no install step that modifies other skills or system configuration. The skill can be invoked autonomously per default platform settings (disable-model-invocation: false), which increases blast radius if combined with other issues but is not itself unusual.

What to consider before installing

This skill appears to be what it says (tools to create proxies), but exercise caution before installing or using it: 1) The skill has no listed source or homepage — verify the referenced GitHub repo and the bringyour.com domains independently before trusting them. 2) It will ask you (or your agent) for an auth code which is exchanged for a JWT — treat that auth code/JWT as sensitive credentials. Do not provide permanent account credentials unless you trust the service. 3) Ask what the auth code's scope and lifetime are and prefer short-lived tokens; if unsure, do not proceed. 4) Avoid instructing the agent to store JWTs persistently unless you know where/how they will be stored and protected; plan a token revocation process. 5) Because the skill can create many egress proxies, consider whether its capabilities could be abused (rate limits, account misuse, or anonymous access to restricted resources). If you need this functionality, verify the service's legitimacy and prefer official clients or direct API integration with explicit credential handling rather than trusting an unproven skill.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0

Download zip

latestvk978jnmdbh1bhrvsx6xqjzg0es8292zm

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Welcome to URnetwork for Agents

URnetwork is a decentralized privacy network. It's designed to keep users anonymous by default and give them access to all the content in the world.

Humans use the apps (Android, iOS, Chrome). Agents use the API and MCP skills:

The API spec is at: https://github.com/urnetwork/connect/blob/main/api/bringyour.yml
The API is hosted at: https://api.bringyour.com
The MCP server is hosted at: https://mcp.bringyour.com

Agents should consider the guidance below when using the API and MCP server.

Authentication

When using the API or MCP server, the user JWT must be passed in an Authorization: Bearer <JWT> header.

To get the JWT, ask the human for an auth code, and then convert that auth code to a JWT using the API /auth/code-login route. An example curl is below, piped to jq to extract the by_jwt property from the result:

curl -X POST https://api.bringyour.com/auth/code-login -d '{"auth_code": "<AUTH CODE>"}' | jq ".by_jwt"

The JWT can be stored and reused. If the human asks to refresh the JWT, repeat the process starting with asking for an auth code.

When choosing a proxy technology, consider the following use cases:

Use Case	Recommended Protocol	Requirement
Scraping / Web Browsing	HTTPS	Best for TCP/Web. Always use HTTPS proxy unless there is a specific need to use HTTP. HTTP is usally only needed for specific test environments that do not support HTTPS. From the /network/auth-client response, inside the proxy_config_result object, use the https_proxy_url. No additional username or password are needed.
Low-level Sockets / UDP	SOCKS	Supports TCP+UDP sockets with SOCKS5. From the /network/auth-client response, inside the proxy_config_result object, use the socks_proxy_url or proxy_host and proxy_port, with the username access_token (empty password). The server supports remote DNS resolution (SOCKS5H).
System-wide / OS Level	WireGuard	Routes all IP packets. In the /network/auth-client request, proxy_config.enable_wg must be explicitly set to true. In the response, inside the proxy_config_result object, use the wg_config.config as the complete WireGuard config file.

When using the /network/find-locations route to query locations, always filter the returned locations array by the desired location_type (city, region, or country) to ensure the location_id matches the user's intent.

Location Type	Requirement
country	For countries.
region	For states, provinces, administrative regions, and metro areas.
city	For cities.

Using the MCP skill to create a HTTPS/SOCKS/WireGuard proxy

The MCP skill can be used to find available locations and create a HTTPS/SOCKS/WireGuard proxy to those locations. Any country, region, and city available on the network can be searched and selected using a query string.

When creating a proxy configuration, ask the human what country, region, or city they want to connect to. Then try to create a proxy for the query they tell you. If there are no matches, ask the human to broaden to a country or region. Then try to create a proxy for the query they tell you. If there are no matches, ask the human to broaden to a country. If there are still no matches, use the skill to find available countries and suggest they choose one of the top 10 countries.

Using the API to create a HTTPS/SOCKS/WireGuard proxy for a country

The API can be used directly to create a HTTPS/SOCKS/WireGuard proxy for a country.

Step 1, search for a list of locations using the route /network/find-locations. A curl example is below, piped to jq to extract the locations list.

curl -X POST -H 'Authorization: Bearer <JWT>' https://api.bringyour.com/network/find-locations -d '{"query": "<LOCATION NAME>"}' | jq '.locations'

Step 2, choose the location of interest and save the country_code property.

Step 3, create a proxy using the saved country code using the /network/auth-client route and setting the proxy_config.initial_device_state to have country_code.

curl -X POST -H 'Authorization: Bearer <JWT>' https://api.bringyour.com/network/auth-client -d '{"proxy_config": {"initial_device_state": {"country_code": "<COUNTRY CODE>"}}}'

Using the API to create a HTTPS/SOCKS/WireGuard proxy for a search location

The API can be used directly to search for a location and create a HTTPS/SOCKS/WireGuard proxy. A decision will have to be made to choose the location result that is most desired. Each location has a location_id that is fixed and can be saved in code.

Step 1, search for a list of locations using the route /network/find-locations. A curl example is below, piped to jq to extract the locations list.

curl -X POST -H 'Authorization: Bearer <JWT>' https://api.bringyour.com/network/find-locations -d '{"query": "<LOCATION NAME>"}' | jq '.locations'

Step 2, choose the location of interest and save the location_id property.

Step 3, create a proxy using the saved location_id using the /network/auth-client route and setting the the proxy_config.initial_device_state.location to have connect_location_id.location_id.

curl -X POST -H 'Authorization: Bearer <JWT>' https://api.bringyour.com/network/auth-client -d '{"proxy_config": {"initial_device_state": {"location": {"connect_location_id":{"location_id": "<LOCATION ID>"}}}}}'

Using the API to create a HTTPS/SOCKS/WireGuard proxy for a search location, enumerating all the egress IPs in that location

The API can be used directly to search for a location, enumerate the providers (egress IPs) in that location, and create a HTTPS/SOCKS/WireGuard proxy for each egress IP. A decision will have to be made to choose the location result that is most desired. Each location has a location_id that is fixed and can be saved in code. Additionally each provider has a client_id that is fixed and can be saved in code.

Step 1, search for a list of locations using the route /network/find-locations. A curl example is below, piped to jq to extract the locations list.

curl -X POST -H 'Authorization: Bearer <JWT>' https://api.bringyour.com/network/find-locations -d '{"query": "<LOCATION NAME>"}' | jq '.locations'

Step 2, choose the location of interest and save the location_id.

Step 3, fetch a ranked list of providers (egress IPs) for the location_id using the route /network/find-providers2. The sample size can be set to however many unique providers are needed. A curl example is below, piped to jq to extract the providers list.

curl -X POST -H 'Authorization: Bearer <JWT>' https://api.bringyour.com/network/find-providers2 -d '{"specs": [{"client_id": "<CLIENT ID>"}], "count": <COUNT>}' | jq '.providers'

Step 4, by looping over each client_id in the list, create a proxy using the client_id using the /network/auth-client route and setting the the proxy_config.initial_device_state.location to have connect_location_id.client_id.

curl -X POST -H 'Authorization: Bearer <JWT>' https://api.bringyour.com/network/auth-client -d '{"proxy_config": {"initial_device_state": {"location": {"connect_location_id":{"client_id": "<CLIENT ID>"}}}}}'

Files

1 total

Select a file

Select a file to preview.

Comments

Loading comments…