Security Warning: ClawProxy Script Stole API Keys, Resulting in Significant OpenRouter Bill

What Happened

A developer purchased and installed a ClawProxy script from a Reddit user on what they believed was a secure, sandboxed environment. The system was a "reasonably security hardened version of 3.13 running on WSL Ubuntu 24.04 inside Windows 11 miniPC" with nothing else running intentionally as a sandbox.

Key Details from the Incident

• The installation was a closed source scripted install.
• The proxy service was visible on a local port via web UI.
• The developer put inference provider API keys into the proxy service, including one OpenRouter key that allowed paid model requests.
• This OpenRouter key was used nowhere else.
• The next day, the developer woke up to a large OpenRouter bill.
• The OpenRouter API key had been used by Google Vertex API as a traffic proxy, preventing traceback through OpenRouter to see the source.
• The usage was for Opus 4.6 overnight, described as a "very clever scam."
• The costs were significant and unrecoverable.

Aftermath and Red Flags

• The developer immediately uninstalled the proxy and contacted the seller.
• The seller blamed the developer for an "unsecure environment" with an offensive attitude.
• The developer realized the product was likely an intentional key stealer.
• When attempting to re-download the package for inspection, the distro git was closed.
• The seller refused to provide source code, claiming it was proprietary, and mentioned a "new version" - confirming suspicions.
• The developer requested a refund but expects not to receive one.

Security Takeaway

The developer emphasizes: "DO NOT TRUST YOUR CREDENTIALS OR KEYS WITH ANY PERSON OR ENTITY WHO YOU CANNOT HOLD ACCOUNTABLE IF THEY DO NEFARIOUS THINGS." This includes installing potentially key-stealing software, even on what appears to be a secure, sandboxed system.