cliproxy-newapi-stack
Fail
Audited by Snyk on May 14, 2026
Risk Level: CRITICAL
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill repeatedly instructs embedding real secrets (cpa_xxx, sk-xxx, NEWAPI_TOKEN, CLIPROXY_KEY) verbatim into commands, env files, and CLI arguments (e.g., ssh/export/verify lines), which requires the LLM to handle and emit secret values directly, creating a high exfiltration risk.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 0.95). High risk: the skill explicitly enables centralizing and transferring OAuth credentials to a VPS, suggests leaving an admin "backdoor" port, instructs disabling CLIProxyAPI cooldown (bypassing rate-limits), and includes direct SQLite writes to arbitrarily top up user quotas — collectively facilitating credential consolidation, unauthorized granting of credits (fraud/resale), and abuse of subscription accounts; additionally it pulls a third‑party Docker image (supply‑chain risk).
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The deploy script pulls and runs an external Docker image (calciumion/new-api:latest) at runtime via docker pull/run, which fetches and executes remote code on the VPS, making it a required external dependency used during skill execution.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). 包含明确的计费/充值操作:脚本 scripts/set_pricing.py 用于写入模型价格倍率(直接影响用户计费),scripts/topup.sh 用于“SQLite 直写 users.quota”以给用户充额度(实际改变可消费余额)。文档还说明可配置 Stripe/支付渠道的 TopUpLink。这些都是专门用于修改价格与用户余额/充值的具体工具/接口,不属于泛用浏览或通用 API 调用,因此满足“直接金融执行”定义。
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs SSHing as root and running scripts that edit /root configuration files, modify UFW, deploy/restart containers, and directly write to remote SQLite (and perform account setup), all of which modify system state and require elevated privileges.
Issues (5)
W007
HIGHInsecure credential handling detected in skill instructions.
E006
CRITICALMalicious code pattern detected in skill scripts.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata