cc-gateway-ai-proxy

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs extracting refresh_tokens and per-client bearer tokens and to paste or print them verbatim into config files, env vars, and Authorization headers (e.g., curl and export lines), which requires the agent to handle and emit secrets directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The project intentionally instructs extraction and central storage of OAuth refresh tokens and per-machine bearer tokens, routes all user requests (including prompts) through a central proxy that normalizes/obfuscates device identity to present multiple machines as one, and encourages blocking direct network access so all traffic is forced through the gateway—these are deliberate patterns that enable credential theft, account impersonation, telemetry evasion, and potential data exfiltration; no obfuscated payloads, remote shells, or explicit hidden C2 endpoints are present in the provided content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's installation explicitly runs "git clone https://github.com/motiful/cc-gateway.git" followed by npm install / npm run (execute) which fetches remote code from that repository and executes it locally, so the GitHub URL is a runtime external dependency that can execute remote code.