cliproxy-newapi-stack

Fail

Audited by Snyk on Jun 19, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). 该技能提示多处要求将真实凭据(如 SSH key 路径、CLIProxy 的 cpa_xxx、NewAPI 的 sk-xxx、账户密码等)以字面值嵌入命令、配置或 env 导出(例如 verify 脚本、export BASE_API_KEY、在 NewAPI 后台填入密钥),因此会迫使 LLM 读取/输出敏感 secret 值并存在外泄风险。

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The repository contains intentional credential centralization (scp of local OAuth JSONs to root on a remote VPS), direct remote DB modifications to alter pricing/quotas, and explicit recommendations to disable upstream protections and optionally keep an exposed "admin backdoor" port — behaviors enabling credential exfiltration, covert billing manipulation and persistent remote access.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The deploy_newapi.sh script performs a runtime "docker pull calciumion/new-api:latest" (docker.io/calciumion/new-api:latest), fetching and running a remote container image which executes remote code and is a required runtime dependency for this skill.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly a metering/billing layer for an API proxy and includes concrete, specific tools to change billing state: e.g. scripts/set_pricing.py (writes pricing ratios), scripts/topup.sh (direct SQLite edit to increase a user's quota ≈ USD value), and instructions to configure payment gateways (Stripe / 易支付 / TopUpLink). These are not generic helpers — they are explicitly for setting prices and altering user balances/quotas, i.e., executing financial-related operations. Therefore it grants direct financial execution capability.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly instructs SSH as root and making privileged changes — editing /root configuration, modifying UFW/firewall rules, restarting containers and writing system files via scripts — which require elevated privileges and modify the machine state.

Issues (5)

W007
HIGH

Insecure credential handling detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 19, 2026, 03:58 PM
Issues
5
Security Audit — snyk — cliproxy-newapi-stack