ClawAudit verdict
tpn-proxy
Accesses credentials AND makes external network calls
Routes HTTP traffic through TPN SOCKS5 proxies with transparent documentation of API destinations, never echoes or logs the API key, validates user-provided input, and the network_out capability is fully explained by the proxy routing purpose.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
What it does
These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence — it does not verify that one flows into another. Read the code to confirm a live chain.
Accesses credentials AND makes external network calls — potential credential theft
LLM02 · ASI03
Findings (7)
Possible hardcoded credential
references/api-examples.md · code · api_key = 'YOUR_API_KEY
Recursive delete from root or home — destructive command
references/security-assessment.md · prose · downgraded · rm -rf /
Base64 decode (atob) — may hide malicious payloads
references/x402-examples.md · code · atob(
Popular HTTP library — network access
references/api-examples.md · code · node-fetch
POSTs data to external URL
references/api-examples.md · code · .post(
"https://
Base64 encoding/decoding
references/x402-examples.md · code · base64-encode
Makes HTTP request to external URL
references/api-examples.md · code · fetch( 'https://
Permissions & capabilities
Requires 1 environment variable. (1 sensitive: TPN_API_KEY). Requires 1 system binary. (1 elevated: curl).
network_outcredential_access Thanks — recorded.