masterhttprelayvpn-proxy
Audited by Snyk on Apr 23, 2026
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill instructs users to embed and copy shared secrets/deployment IDs verbatim between Code.gs and config.json (and even prints a generated auth_key), which forces handling and output of secrets directly and enables exfiltration.
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.90). While several links are benign utility or local endpoints (127.0.0.1, api.ipify.org, script.google.com, example.com), this skill instructs installing and running third‑party code from an untrusted GitHub repo that performs MITM TLS interception (requires installing a local CA) and references a non‑official PyPI mirror — a high‑risk combination that could be abused to distribute malware or intercept credentials.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). This project intentionally implements domain-fronting and DPI-evasion and performs local TLS MITM (including generating/storing a CA private key and instructing users to install the CA), which enables plaintext interception of HTTPS traffic (credentials, cookies, tokens), covert tunneling/exfiltration via Google Apps Script relays, and exposure to remote misuse (LAN/0.0.0.0 binding and public Apps Script deployments); combined with optional third‑party PyPI mirrors this constitutes high-risk, clearly abusive functionality.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill operates as a local MITM HTTP/SOCKS5 proxy that relays and decrypts arbitrary public web traffic to target websites via the Google Apps Script relay (see "Traffic flow" and the "Using curl/requests" examples), so it clearly ingests untrusted third‑party web content that the agent would read and that could influence actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The proxy contacts a Google Apps Script web app (deployed via https://script.google.com/ using the provided Deployment ID / script_id like "AKfycb..."), which executes remote server-side code at runtime and is a required dependency for the relay, so it constitutes a runtime external code execution dependency.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). Flagged: the skill explicitly instructs installing a locally generated CA into system/global trust stores using sudo/administrative commands and enabling system-wide MITM TLS interception and LAN sharing, which modify the machine's security state and require elevated privileges.
Issues (6)
Insecure credential handling detected in skill instructions.
Suspicious download URL detected in skill instructions.
Malicious code pattern detected in skill scripts.
Third-party content exposure detected (indirect prompt injection risk).
Unverifiable external dependency detected (runtime URL that controls agent).
Attempt to modify system services in skill instructions.