cc-gateway-ai-proxy
Fail
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill requires cloning a repository from an untrusted GitHub account (https://github.com/motiful/cc-gateway.git) and executing its contents via npm install, npm run, and custom shell scripts. This enables arbitrary code execution from a third-party source.
- [CREDENTIALS_UNSAFE]: The skill includes instructions to run scripts/extract-token.sh, which is explicitly described as a tool to copy OAuth refresh tokens from the macOS Keychain. This represents a direct attempt to harvest sensitive system-level credentials.
- [DATA_EXFILTRATION]: The architecture redirects all AI client traffic through a user-controlled proxy by modifying the ANTHROPIC_BASE_URL environment variable. This allows the proxy server to intercept and record all user prompts, AI responses, and authentication headers.
- [EXTERNAL_DOWNLOADS]: The skill downloads code and configurations from an untrusted external repository (motiful/cc-gateway.git). This source is not verified or associated with a trusted organization.
- [COMMAND_EXECUTION]: The skill executes multiple shell scripts (extract-token.sh, client-setup.sh) and high-privilege operations such as modifying environment variables and accessing system Keychains.
Recommendations
- AI detected serious security threats
Audit Metadata