Skills
skills/aradotso/trending-skills/yourvpndead-vpn-detection/Gen Agent Trust Hub

yourvpndead-vpn-detection

Fail

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user or agent to clone source code and download binary releases from an untrusted external GitHub repository (github.com/loop-uh/yourvpndead.git).
  • [COMMAND_EXECUTION]: Documentation includes instructions to execute shell commands such as git clone, ./gradlew assembleDebug for building software, and adb install for side-loading APKs onto a device.
  • [DATA_EXFILTRATION]: The skill contains code modules designed to harvest sensitive information from the host device and its network environment:
  • SOCKS5/Proxy Probing: Exploits unauthenticated local SOCKS5 proxies to resolve and expose the VPN server's exit IP via external lookups.
  • API Harvesting: Probes local Clash and sing-box REST APIs to extract active network connection metadata, including destination IPs.
  • Package Enumeration: Utilizes the QUERY_ALL_PACKAGES permission to identify and list all installed applications on the device.
  • Environment Fingerprinting: Analyzes network interface properties (MTU) and scans /proc/net/tcp to identify running services and fingerprint VPN client software configurations.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 13, 2026, 07:45 AM