URnetwork
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a disclosed proxy/VPN API instruction skill, but users should protect the reusable JWT and understand that proxy or WireGuard configs route traffic through an external service.
Before installing, confirm you trust URnetwork and the listed bringyour.com endpoints, provide auth codes only intentionally, protect any stored JWT, and be careful applying WireGuard configs because they can route all IP traffic through the service.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a WireGuard configuration is applied, the user's or agent's network traffic may route through URnetwork rather than the usual network path.
The skill can produce WireGuard configurations that may route all network traffic, which is expected for a VPN/proxy skill but has higher environmental impact than a single request.
**System-wide / OS Level** | **WireGuard** | Routes all IP packets.
Confirm the desired protocol and location before creating or applying proxy/VPN settings, and use system-wide WireGuard only when that is intended.
A stored JWT may allow continued access to the user's URnetwork account/API until it expires or is revoked.
The skill requires an account JWT and permits reuse of that credential; this is purpose-aligned for the service but should be handled as sensitive delegated authority.
When using the API or MCP server, the user JWT must be passed in an `Authorization: Bearer <JWT>` header. ... The JWT can be stored and reused.
Provide auth codes only when intending to use the service, store JWTs securely, and refresh or revoke credentials when they are no longer needed.
URnetwork's external services can see the account token use and requested proxy locations needed to create the configuration.
The skill relies on external API and MCP endpoints that will receive authentication and proxy-location requests; this is expected for the integration but is a data boundary users should notice.
The API is hosted at: https://api.bringyour.com - The MCP server is hosted at: https://mcp.bringyour.com
Use the skill only if you trust the URnetwork endpoints and avoid sending unnecessary sensitive context with proxy-creation requests.
A user could overestimate the privacy or reliability guarantees of the proxy/VPN service.
The privacy and access language is broad marketing language; users should not treat it as a guarantee of complete anonymity or universal access.
It's designed to keep users anonymous by default and give them access to all the content in the world.
Treat the service as a proxy/VPN tool, not a complete anonymity guarantee, and follow normal privacy and legal precautions.
Users have less registry-level provenance to verify before sending credentials to the named service endpoints.
There is no local package to install, but the registry provenance is limited for a skill that directs use of external endpoints and account authentication.
Source: unknown Homepage: none No install spec — this is an instruction-only skill.
Verify the service identity and API documentation independently before providing an auth code or reusing a JWT.