claude-code-proxy-patterns

Facilitates multi-provider model routing for Claude Code using OAuth proxy patterns, enhancing integration and resilience.

Install this skill

or

0/100

Security score

The claude-code-proxy-patterns skill was audited on Mar 7, 2026 and we found 29 security issues across 5 threat categories, including 10 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 79

Python subprocess execution

SourceSKILL.md

79	result = subprocess.run(

medium line 209

Curl to non-GitHub URL

SourceSKILL.md

209	curl -s http://127.0.0.1:8082/health \| jq .

low line 159

Access to hidden dotfiles in home directory

SourceSKILL.md

159	3. ~/.claude/.credentials.json -> Authorization: Bearer (plaintext fallback)

low line 197

Access to hidden dotfiles in home directory

SourceSKILL.md

197	~/.claude/bin/proxy-toggle enable # Adds env vars, creates flag file, checks health

low line 198

Access to hidden dotfiles in home directory

SourceSKILL.md

198	~/.claude/bin/proxy-toggle disable # Removes env vars, removes flag file

low line 199

Access to hidden dotfiles in home directory

SourceSKILL.md

199	~/.claude/bin/proxy-toggle status # Shows routing flag, proxy process, .zshenv state

medium line 256

Access to hidden dotfiles in home directory

SourceSKILL.md

256	\| CCP-05 \| MEDIUM \| Reading `~/.claude/.credentials.json` as primary \| Keychain is SSoT; credential file is stale fallback \|

medium line 280

Access to hidden dotfiles in home directory

SourceSKILL.md

280	\| `~/.claude/tools/claude-code-proxy-go/main.go` \| Go proxy source \|

medium line 281

Access to hidden dotfiles in home directory

SourceSKILL.md

281	\| `~/.claude/tools/claude-code-proxy-go/oauth_refresh.go` \| OAuth auto-refresh (80 lines) \|

medium line 282

Access to hidden dotfiles in home directory

SourceSKILL.md

282	\| `~/.claude/tools/claude-code-proxy-go/.env` \| Provider config (chmod 600) \|

medium line 284

Access to hidden dotfiles in home directory

SourceSKILL.md

284	\| `~/.zshenv` \| Environment (ANTHROPIC_BASE_URL) \|

medium line 282

Access to .env file

SourceSKILL.md

282	\| `~/.claude/tools/claude-code-proxy-go/.env` \| Provider config (chmod 600) \|

high line 3

Access to system keychain/keyring

SourceSKILL.md

3	description: Claude Code OAuth proxy patterns and anti-patterns for multi-provider model routing. TRIGGERS - proxy Claude Code, OAuth token Keychain, route Haiku to MiniMax, ANTHROPIC_BASE_URL, model

high line 69

Access to system keychain/keyring

SourceSKILL.md

69	### WP-01: Keychain OAuth Token Reading

high line 71

Access to system keychain/keyring

SourceSKILL.md

71	Read OAuth tokens from macOS Keychain where Claude Code stores them.

high line 94

Access to system keychain/keyring

SourceSKILL.md

94	The Keychain stores a JSON envelope with the `claudeAiOauth` key.

high line 138

Access to system keychain/keyring

SourceSKILL.md

138	Avoid repeated Keychain subprocess calls by caching the token for 5 minutes.

medium line 143

Access to system keychain/keyring

SourceSKILL.md

143	_OAUTH_CACHE_TTL = 300 # Re-read from Keychain every 5 minutes

medium line 158

Access to system keychain/keyring

SourceSKILL.md

158	2. Keychain OAuth token -> Authorization: Bearer + anthropic-beta

high line 240

Access to system keychain/keyring

SourceSKILL.md

240	Background goroutine refreshes OAuth tokens every 30 minutes, 5 minutes before expiry. Falls back to Keychain if API refresh fails.

high line 255

Access to system keychain/keyring

SourceSKILL.md

255	\| CCP-04 \| HIGH \| Lowercase keychain service `"claude-code-credentials"` \| Actual name has space: `"Claude Code-credentials"` \|

high line 256

Access to system keychain/keyring

SourceSKILL.md

256	\| CCP-05 \| MEDIUM \| Reading `~/.claude/.credentials.json` as primary \| Keychain is SSoT; credential file is stale fallback \|

high line 309

Access to system keychain/keyring

SourceSKILL.md

309	\| Keychain read returns empty \| Wrong service name (CCP-04) \| Use `"Claude Code-credentials"` (with space) \|

high line 315

Access to system keychain/keyring

SourceSKILL.md

315	\| Token expired after 5 min \| Cache TTL (WP-05) \| Normal behavior; proxy re-reads from Keychain \|

low line 38

External URL reference

SourceSKILL.md

38	\| ANTHROPIC_BASE_URL=http://127.0.0.1:8082 (Go proxy)

low line 130

External URL reference

SourceSKILL.md

130	export ANTHROPIC_BASE_URL="http://127.0.0.1:8082"

low line 176

External URL reference

SourceSKILL.md

176	\| MiniMax M2.5-highspeed \| `https://api.minimax.io/anthropic` \| Returns `base_resp` field, extra `thinking` block \|

low line 209

External URL reference

SourceSKILL.md

209	curl -s http://127.0.0.1:8082/health \| jq .

low line 228

External URL reference

SourceSKILL.md

228	Location: `/usr/local/bin/claude-proxy` \| Environment: `ANTHROPIC_BASE_URL=http://127.0.0.1:8082` in `.zshenv`

Scanned on Mar 7, 2026

View Security Dashboard

Install this skill with one command

/learn @terrylica/claude-code-proxy-patterns

GitHub Stars 17

Rate this skill

Categorydevelopment

UpdatedMarch 29, 2026

openclaw backend ml-ai-engineer backend-developer devops-sre development

terrylica/cc-skills