The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides a comprehensive Python script (scripts/cliproxyapi_manager.py) and shell/batch launchers to perform local configuration management and interact with the CLIProxyAPI service. This is the primary intended functionality.
[EXTERNAL_DOWNLOADS]: The skill communicates with a user-specified API endpoint (defaulting to localhost) to manage service configuration, view logs, and handle upstream AI provider credentials. These network operations are standard for an API management client.
[CREDENTIALS_UNSAFE]: The skill manages sensitive management keys and AI provider API tokens. It stores these in a local JSON file (~/.config/cliproxyapi/connections.json). Security risks are mitigated by the script's use of os.chmod to restrict file access to the current user only (0600 permissions) and a built-in redaction mechanism that filters secrets from terminal output unless explicitly requested with a --raw flag.
[INDIRECT_PROMPT_INJECTION]: As the skill ingests and processes responses from a remote API, it possesses an attack surface for indirect prompt injection if a compromised or malicious server returns instructions intended to manipulate the agent. However, the skill treats data as structured JSON and lacks any specific triggers for such attacks, making this a general operational risk factor rather than a specific vulnerability in the skill's code.

cliproxyapi-manager-skill