中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 15/100
Last scan:2 days ago Rescan
15 /100
freeguard-setup
Use when a user wants to set up, use, or troubleshoot FreeGuard VPN - guides non-technical users through installation, login, connection, and daily usage with friendly step-by-step instructions
This is an instruction-only skill that guides users through VPN setup via the freeguard CLI binary. The skill itself performs no network requests, file writes, or credential handling — it only instructs the agent to run documented CLI commands. The primary risk lies in the proprietary (closed-source) freeguard binary, not this skill.
Skill Namefreeguard-setup
Duration36.0s
Enginepi
Safe to install
The skill is safe to use as documented. However, users should be aware they are trusting the proprietary freeguard CLI binary with their credentials and network traffic. Verify the binary source and checksum before installation. Consider requesting an open-source alternative if transparency is a concern.

Findings 3 items

Severity Finding Location
Medium
Closed-source proprietary binary
The freeguard CLI binary is proprietary and not open-source. Users must trust Planetlink Inc. that it behaves as documented. No independent code review is possible.
The CLI source code is proprietary (not open-source). All credentials are sent exclusively to freeguardvpn.com over HTTPS.
→ If security transparency is required, request an open-source alternative or verify the binary through other means (e.g., company audits, third-party analysis).
 SKILL.md:6
Low
Sudo execution required for TUN mode
The skill instructs the agent to run 'sudo freeguard connect' which modifies system network settings. While documented and requiring user consent, this is a high-privilege operation.
Only proceed after user confirms. Then run: sudo freeguard connect --json
→ Ensure users understand they are granting elevated privileges. Always use the non-elevated fallback option when possible.
 SKILL.md:195
Low
Binary download from GitHub without mandatory integrity check
Option B installation downloads binaries from GitHub and verifies via SHA256 checksum. However, the user must manually confirm before proceeding, and the skill explicitly warns not to proceed if checksum fails.
curl -fsSL https://github.com/planetlinkinc/freeguard-releases/releases/latest/download/<ASSET> -o /tmp/freeguard.tar.gz
→ Checksum verification is properly implemented. No action needed.
 SKILL.md:130
ResourceDeclaredInferredStatusEvidence
Shell WRITE WRITE ✓ Aligned SKILL.md instructs running 'freeguard doctor', 'sudo freeguard connect', 'brew i…
Network READ READ ✓ Aligned SKILL.md declares access to freeguardvpn.com (HTTPS) and github.com for binary d…
Filesystem READ/WRITE READ/WRITE ✓ Aligned SKILL.md declares ~/.freeguard/ read/write for config and credentials
Skill Invoke NONE NONE No skill invocation observed
Clipboard NONE NONE No clipboard access
Browser NONE NONE No browser automation
Database NONE NONE No database access
Environment NONE NONE No environment variable access
1 findings
🔗
Medium External URL 外部 URL
https://freeguardvpn.com
SKILL.md:72

File Tree

1 files · 22.2 KB · 520 lines
Markdown 1f · 520L
└─ 📝 SKILL.md Markdown 520L · 22.2 KB

Security Positives

✓ Skill is instruction-only — performs no autonomous network requests, file writes, or credential handling
✓ User consent gates are clearly defined before privileged operations (install, sudo, payment)
✓ SHA256 checksum verification is required before binary installation
✓ Credential handling is delegated to the CLI binary, not done by the skill itself
✓ No base64 encoding, eval(), or other obfuscation techniques found
✓ No suspicious indicators: no direct IP connections, no env variable iteration, no hidden HTML comments
✓ Homebrew installation path provides additional trust (signed formula, checksum-verified)
✓ Open-source Homebrew tap repositories provide some transparency
✓ HTTPS-only network access declared for freeguardvpn.com
✓ Local credential storage with 0600 permissions is a good security practice