cliproxy-deploy

Warn

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute administrative commands on a remote host via SSH. This includes installing packages via apt-get, modifying system firewall rules with ufw, and performing file system operations such as rm -rf on the application directory and modifying shell profiles (~/.zshrc).
  • [EXTERNAL_DOWNLOADS]: The skill downloads the CLIProxyAPI source code from a non-whitelisted repository at https://github.com/router-for-me/CLIProxyAPI. It also initiates the download of system-level packages (Go, Git) through the remote server's package manager.
  • [REMOTE_CODE_EXECUTION]: The application is launched using go run, which involves runtime compilation and execution of external code. Additionally, the skill utilizes a dynamically generated Python script that is transferred and executed on the remote server to perform configuration file editing.
  • [CREDENTIALS_UNSAFE]: The skill manages sensitive authentication credentials, specifically OAuth tokens stored in JSON files within ~/.cli-proxy-api/. It automates the transfer of these secrets from the local machine to a remote VPS. Furthermore, it generates API keys and stores them in cleartext within shell configuration files (~/.zshrc or ~/.bashrc) on the local machine.
  • [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8). It ingests untrusted data from the remote server's command outputs and incorporates user-provided variables like <SSH_TARGET> and <NEW_KEY> directly into shell command strings without explicit sanitization or boundary markers.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 19, 2026, 03:58 PM
Security Audit — agent-trust-hub — cliproxy-deploy