github-proxy
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates downloading GitHub resources (repositories, raw files, release binaries) through third-party proxy services
githubproxy.ccandghfast.top. These services are unverified and not affiliated with official GitHub infrastructure. - [REMOTE_CODE_EXECUTION]: Using a third-party proxy for operations like
git cloneorwgetof raw script files creates a Man-in-the-Middle (MITM) risk. The proxy service has the capability to modify the content of the downloaded code or binaries before they reach the local environment, potentially injecting malicious payloads into scripts that the user intends to execute. - [CREDENTIALS_UNSAFE]: Automated security scans have flagged the domain
githubproxy.ccas associated with phishing. Users who attempt to use the proxy for private repositories or operations requiring authentication (like using Personal Access Tokens in URLs) risk exposing their credentials to the proxy operator. - [COMMAND_EXECUTION]: The provided Python script
scripts/convert_url.pyis used to automate the redirection of URLs to these unverified proxies, increasing the surface area for supply chain attacks if the proxy service is compromised.
Recommendations
- AI detected serious security threats
- Contains 7 malicious URL(s) - DO NOT USE
Audit Metadata