cliproxy-manager
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions in
SKILL.mddirect the AI to proactively search for management keys in sensitive locations, specifically theMANAGEMENT_PASSWORDenvironment variable and aconfig.yamlfile. This pattern encourages the agent to expose and handle high-privilege credentials. - [DATA_EXFILTRATION]: The script
scripts/cliproxy_api.pyincludes a configurable--urlparameter and methods to retrieve API keys (e.g., Gemini, Claude, OpenAI) from the service. An attacker could potentially manipulate the agent into transmitting these harvested keys to a malicious external server. - [EXTERNAL_DOWNLOADS]: The Python script
scripts/cliproxy_api.pyimports and relies on therequestslibrary for all network operations. - [DATA_EXPOSURE]: The
putcommand in the Python script contains logic that checks if the input data is a local file path (os.path.isfile(data)). If it is, the script reads the file content and sends it to the API, which could be exploited to leak local file contents if the AI is tricked into passing sensitive paths as arguments.
Audit Metadata