cliproxy-deploy
Warn
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute administrative commands on a remote host via SSH. This includes installing packages via
apt-get, modifying system firewall rules withufw, and performing file system operations such asrm -rfon the application directory and modifying shell profiles (~/.zshrc). - [EXTERNAL_DOWNLOADS]: The skill downloads the CLIProxyAPI source code from a non-whitelisted repository at
https://github.com/router-for-me/CLIProxyAPI. It also initiates the download of system-level packages (Go, Git) through the remote server's package manager. - [REMOTE_CODE_EXECUTION]: The application is launched using
go run, which involves runtime compilation and execution of external code. Additionally, the skill utilizes a dynamically generated Python script that is transferred and executed on the remote server to perform configuration file editing. - [CREDENTIALS_UNSAFE]: The skill manages sensitive authentication credentials, specifically OAuth tokens stored in JSON files within
~/.cli-proxy-api/. It automates the transfer of these secrets from the local machine to a remote VPS. Furthermore, it generates API keys and stores them in cleartext within shell configuration files (~/.zshrcor~/.bashrc) on the local machine. - [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8). It ingests untrusted data from the remote server's command outputs and incorporates user-provided variables like
<SSH_TARGET>and<NEW_KEY>directly into shell command strings without explicit sanitization or boundary markers.
Audit Metadata