Back to skill
Skillv1.0.0
ClawScan security
URnetwork · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 4, 2026, 6:11 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions are internally consistent with managing proxies via an external URnetwork API, but the skill has no provenance (no source/homepage) and asks the agent to obtain sensitive auth codes/JWTs from humans — this creates a real risk of credential exposure and potential misuse.
- Guidance
- This skill appears to be what it says (tools to create proxies), but exercise caution before installing or using it: 1) The skill has no listed source or homepage — verify the referenced GitHub repo and the bringyour.com domains independently before trusting them. 2) It will ask you (or your agent) for an auth code which is exchanged for a JWT — treat that auth code/JWT as sensitive credentials. Do not provide permanent account credentials unless you trust the service. 3) Ask what the auth code's scope and lifetime are and prefer short-lived tokens; if unsure, do not proceed. 4) Avoid instructing the agent to store JWTs persistently unless you know where/how they will be stored and protected; plan a token revocation process. 5) Because the skill can create many egress proxies, consider whether its capabilities could be abused (rate limits, account misuse, or anonymous access to restricted resources). If you need this functionality, verify the service's legitimacy and prefer official clients or direct API integration with explicit credential handling rather than trusting an unproven skill.
Review Dimensions
- Purpose & Capability
- okThe name/description (create/manage HTTPS, SOCKS, WireGuard proxies) matches the runtime instructions: curl calls to api.bringyour.com, location search, and proxy creation endpoints. No unexpected binaries or env vars are requested. However, the package has no source/homepage listed and points to external domains (bringyour.com and a GitHub path), so provenance is unclear.
- Instruction Scope
- noteSKILL.md instructs the agent to ask the human for an auth code, exchange it for a JWT, store/reuse the JWT, and call network endpoints to enumerate locations and create proxies — all coherent for a proxy-management skill. The instructions do not ask the agent to read local files or environment variables. Concern: the agent will prompt for and handle sensitive auth codes/JWTs, and the doc recommends storing the JWT; the skill gives the agent discretion in selecting locations and enumerating egress IPs (which could be abused if not restricted).
- Install Mechanism
- okInstruction-only skill with no install spec and no code files; nothing is written to disk by an installer. This is the lowest-risk install profile, but it increases reliance on the agent following instructions correctly.
- Credentials
- noteNo environment variables or credentials are declared, which is consistent with the design of asking the human for a one-time auth code. That said, the skill depends on collecting a sensitive auth code/JWT from the user at runtime — a high-value secret. The SKILL.md also suggests storing the JWT for reuse without specifying safe storage, which raises credential handling concerns.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. There is no install step that modifies other skills or system configuration. The skill can be invoked autonomously per default platform settings (disable-model-invocation: false), which increases blast radius if combined with other issues but is not itself unusual.