freeguard-setup 安全扫描报告 — 低风险 | ClawSafe

15 /100

freeguard-setup

Use when a user wants to set up, use, or troubleshoot FreeGuard VPN - guides non-technical users through installation, login, connection, and daily usage with friendly step-by-step instructions

This is an instruction-only skill that guides users through VPN setup via the freeguard CLI binary. The skill itself performs no network requests, file writes, or credential handling — it only instructs the agent to run documented CLI commands. The primary risk lies in the proprietary (closed-source) freeguard binary, not this skill.

技能名称freeguard-setup

分析耗时36.0s

引擎pi

✓

可以安装

The skill is safe to use as documented. However, users should be aware they are trusting the proprietary freeguard CLI binary with their credentials and network traffic. Verify the binary source and checksum before installation. Consider requesting an open-source alternative if transparency is a concern.

安全发现 3 项

严重性	安全发现	位置
中危	Closed-source proprietary binary The freeguard CLI binary is proprietary and not open-source. Users must trust Planetlink Inc. that it behaves as documented. No independent code review is possible. `The CLI source code is proprietary (not open-source). All credentials are sent exclusively to freeguardvpn.com over HTTPS.` → If security transparency is required, request an open-source alternative or verify the binary through other means (e.g., company audits, third-party analysis).	`SKILL.md:6`
低危	Sudo execution required for TUN mode The skill instructs the agent to run 'sudo freeguard connect' which modifies system network settings. While documented and requiring user consent, this is a high-privilege operation. `Only proceed after user confirms. Then run: sudo freeguard connect --json` → Ensure users understand they are granting elevated privileges. Always use the non-elevated fallback option when possible.	`SKILL.md:195`
低危	Binary download from GitHub without mandatory integrity check Option B installation downloads binaries from GitHub and verifies via SHA256 checksum. However, the user must manually confirm before proceeding, and the skill explicitly warns not to proceed if checksum fails. `curl -fsSL https://github.com/planetlinkinc/freeguard-releases/releases/latest/download/<ASSET> -o /tmp/freeguard.tar.gz` → Checksum verification is properly implemented. No action needed.	`SKILL.md:130`

资源类型	声明权限	推断权限	状态	证据
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md instructs running 'freeguard doctor', 'sudo freeguard connect', 'brew i…
网络访问	`READ`	`READ`	✓ 一致	SKILL.md declares access to freeguardvpn.com (HTTPS) and github.com for binary d…
文件系统	`READ/WRITE`	`READ/WRITE`	✓ 一致	SKILL.md declares ~/.freeguard/ read/write for config and credentials
技能调用	`NONE`	`NONE`	—	No skill invocation observed
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No database access
环境变量	`NONE`	`NONE`	—	No environment variable access

1 项发现

🔗

中危外部 URL 外部 URL

https://freeguardvpn.com

SKILL.md:72

目录结构

1 文件 · 22.2 KB · 520 行

Markdown 1f · 520L

└─ 📝 SKILL.md Markdown 520L · 22.2 KB

安全亮点

✓ Skill is instruction-only — performs no autonomous network requests, file writes, or credential handling

✓ User consent gates are clearly defined before privileged operations (install, sudo, payment)

✓ SHA256 checksum verification is required before binary installation

✓ Credential handling is delegated to the CLI binary, not done by the skill itself

✓ No base64 encoding, eval(), or other obfuscation techniques found

✓ No suspicious indicators: no direct IP connections, no env variable iteration, no hidden HTML comments

✓ Homebrew installation path provides additional trust (signed formula, checksum-verified)

✓ Open-source Homebrew tap repositories provide some transparency

✓ HTTPS-only network access declared for freeguardvpn.com

✓ Local credential storage with 0600 permissions is a good security practice