Proxy Gateway

Secure HTTP Proxy for AI Agents — Give your AI agent unrestricted internet access with pay-per-use pricing. 10 free requests to start, then only $0.001 per A...

This project implements the advertised proxy and is generally coherent, but pay attention to the following before you install or use it: - Hosted vs self-hosted: The public endpoint (https://proxy.easky.cn) is custodial. Any request you send through the hosted proxy (URLs, headers, bodies, responses) can be seen by the operator — never send API keys, passwords, private keys, or sensitive/personal/internal data through the hosted service. The SKILL.md and SECURITY.md repeat this, and you should follow it. - Financial risk: The hosted model requires users to deposit USDC to a platform wallet. Only deposit amounts you can afford to lose and verify the operator's identity and code before trusting them with funds. - Metadata mismatch: The registry entry lists no required environment variables, but the code and docs reference ADMIN_TOKEN, HOSTED_WALLET, RPC_URL (Polygon), and optional Redis credentials. If you plan to self-host, set these env vars properly; if you plan to use the hosted endpoint, confirm who runs it and their trustworthiness. - Local port probing: The service will probe localhost for Clash proxy ports (127.0.0.1:7890/7893/9090). This is documented, but if you are running sensitive local services consider disabling the health check or self-hosting in an isolated environment. - Verify code & deployment: The repository includes a full implementation and audit artifacts. If you will self-host, review the source and dependencies, pin dependency versions, run it in an isolated container, and secure ADMIN_TOKEN and Redis. If you will use the hosted endpoint, independently verify the operator (domain ownership, reputation) before depositing funds. - Missing declared tools: The skill metadata requires python3/pip3, but README commands reference git, docker, and uvicorn; ensure your environment has the tools you need. If you want, I can: (1) list specific files/lines that reference ADMIN_TOKEN or HOSTED_WALLET, (2) show exact endpoints and which require authentication, or (3) produce a short checklist for securely self-hosting this service.

Type: OpenClaw Skill Name: proxy-gateway Version: 0.3.1 The bundle implements a professional HTTP proxy gateway for AI agents with a crypto-based pay-per-use model (USDC on Polygon). The code is well-architected, utilizing FastAPI, Pydantic for configuration, and Redis for atomic balance management. It includes extensive security documentation (SECURITY.md), clear privacy warnings regarding the custodial nature of the proxy, and instructions for self-hosting to mitigate privacy risks. The logic for on-chain transaction verification in app/managers/hosted_payment.py and URL forwarding in app/managers/proxy_manager.py is transparent and aligned with the stated purpose. No evidence of data exfiltration, unauthorized execution, or malicious prompt injection was found; local port probing of 127.0.0.1 is limited to verifying the availability of the required Clash proxy backend.