Skills
skills/terrylica/cc-skills/claude-code-proxy-patterns/Gen Agent Trust Hub

claude-code-proxy-patterns

Fail

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The reference file references/launchd-configuration.md contains a hardcoded API key (sk-cp-49GSmHBfC0c65pvYrFoZZy8xEjOVxXrUiTIJn65ynTvgzoiGEvM7q9V5dYYe6PwjMfZaGelKoE2oTq1hKnttv8ODm36O8gklUIi1eaTVOKbPILlIPfNcM0E) within the launchd plist configuration template.
  • [DATA_EXFILTRATION]: The skill provides logic to programmatically extract sensitive OAuth credentials from the macOS Keychain using the security command-line utility. This is documented in SKILL.md (Working Pattern WP-01) and detailed in references/oauth-internals.md.
  • [COMMAND_EXECUTION]: The skill instructs the user to use sudo to perform system-level operations, including copying files to restricted directories (/Library/LaunchDaemons/) and loading services via launchctl. It establishes a persistence mechanism through a launchd daemon configured with RunAtLoad and KeepAlive, ensuring the proxy runs automatically and restarts on failure.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 4, 2026, 09:51 AM