Credential-handling risk report for leic4u/CLIProxyAPIPlus
phantomcreds detected repo-level code or deployment patterns that warrant maintainer review.
| Metric |
Value |
| Scan date |
2026-05-19 |
| Composite score |
1.000 |
| Findings |
6 |
| Issue-worthy findings |
5 |
| Discovery sources |
auth-bypass-go, callback-exposure-go |
Detected finding types: callback_exposure, exposed_secret, local_secret_mirror, management_auth_bypass, wildcard_management_cors
Secret-bearing credential material appears committed in current repository files
- Severity:
high
- Confidence:
confirmed
- Summary: Current repository files appear to contain committed API keys or webhook-style credential material. 1 redacted secret indicator were found in fetched repository files. Evidence is redacted in the report output.
Evidence:
.env.example:15 - [REDACTED:postgresql://user:[REDACTED:[REDACTED]]@localhost:5432/cliproxy]
Remote token backends still mirror auth material to local spool directories
- Severity:
high
- Confidence:
confirmed
- Summary: Remote-backed auth storage still creates local auth/config directories, so operator expectations about central-only secret storage are violated.
Evidence:
internal/store/objectstore.go:26 - objectStoreConfigKey = "config/config.yaml"internal/store/objectstore.go:27 - objectStoreAuthPrefix = "auths"internal/store/objectstore.go:30 - // ObjectStoreConfig captures configuration for the object storage-backed token store.internal/store/postgresstore.go:34 - SpoolDir string
OAuth callback listeners bind broadly and are published in default deployment files
- Severity:
medium
- Confidence:
confirmed
- Summary: Callback helpers intended for local browser round-trips are reachable beyond loopback by default.
Evidence:
internal/api/handlers/management/auth_files.go:154 - addr := fmt.Sprintf("0.0.0.0:%d", port)internal/auth/claude/oauth_server.go:90 - Addr: fmt.Sprintf(":%d", s.port),internal/auth/codex/oauth_server.go:87 - Addr: fmt.Sprintf(":%d", s.port),
Management proxy routes bypass API-key authentication
- Severity:
high
- Confidence:
confirmed
- Summary: The route wrapper skips auth for several management-related prefixes, expanding access to proxy/login functionality.
Evidence:
internal/api/modules/amp/routes.go:130 - // wrapManagementAuth skips auth for selected management paths while keeping authentication elsewhere.internal/api/modules/amp/routes.go:131 - func wrapManagementAuth(auth gin.HandlerFunc, prefixes ...string) gin.HandlerFunc {internal/api/modules/amp/routes.go:161 - authWithBypass = wrapManagementAuth(auth, "/threads", "/auth", "/docs", "/settings")
Wildcard CORS is applied to management endpoints
- Severity:
high
- Confidence:
confirmed
- Summary: Management routes inherit Access-Control-Allow-Origin: * with broad methods and headers, widening the browser attack surface.
Evidence:
internal/api/server.go:244 - engine.Use(corsMiddleware())internal/api/server.go:547 - mgmt := s.engine.Group("/v0/management")internal/api/server.go:1000 - c.Header("Access-Control-Allow-Origin", "*")
LLM Fix Guide
Recommended remediation order:
- Revoke or rotate the exposed credential(s):
credential material.
- Remove the committed secret material from the current default branch and replace it with environment-variable or secret-manager loading.
- If the secret existed in prior commits, rewrite history or invalidate the old credential so historical clones are harmless.
- Add secret-bearing files to
.gitignore and provide a safe template file such as .env.example instead of live credentials.
Suggested prompt for an LLM coding assistant:
Remove the exposed credential material from this repository without breaking runtime configuration.
Replace committed secrets with environment-variable loading or secret-manager integration.
Add or update ignore rules so secret-bearing files are not recommitted.
Preserve existing behavior, but migrate any checked-in .env, private-key, or service-account material to safe templates.
Assume the scanner evidence came from current files on the default branch, not from a full git-history scan.
Show the exact files changed and include a short post-fix verification checklist.
This report is based on current files fetched from the repository's default branch at scan time.
It does not by itself prove that older commits are clean or compromised.
This scan is evidence-first and probabilistic. It is not an accusation of malicious intent.
If any finding is incorrect or outdated, please reply with corrected context and exact file references.
Automated by phantomcreds.
Project repo · Created by James Sawyer at JS Labs.
Credential-handling risk report for
leic4u/CLIProxyAPIPlusphantomcreds detected repo-level code or deployment patterns that warrant maintainer review.
Detected finding types:
callback_exposure, exposed_secret, local_secret_mirror, management_auth_bypass, wildcard_management_corsSecret-bearing credential material appears committed in current repository files
highconfirmedEvidence:
.env.example:15 - [REDACTED:postgresql://user:[REDACTED:[REDACTED]]@localhost:5432/cliproxy]Remote token backends still mirror auth material to local spool directories
highconfirmedEvidence:
internal/store/objectstore.go:26 - objectStoreConfigKey = "config/config.yaml"internal/store/objectstore.go:27 - objectStoreAuthPrefix = "auths"internal/store/objectstore.go:30 - // ObjectStoreConfig captures configuration for the object storage-backed token store.internal/store/postgresstore.go:34 - SpoolDir stringOAuth callback listeners bind broadly and are published in default deployment files
mediumconfirmedEvidence:
internal/api/handlers/management/auth_files.go:154 - addr := fmt.Sprintf("0.0.0.0:%d", port)internal/auth/claude/oauth_server.go:90 - Addr: fmt.Sprintf(":%d", s.port),internal/auth/codex/oauth_server.go:87 - Addr: fmt.Sprintf(":%d", s.port),Management proxy routes bypass API-key authentication
highconfirmedEvidence:
internal/api/modules/amp/routes.go:130 - // wrapManagementAuth skips auth for selected management paths while keeping authentication elsewhere.internal/api/modules/amp/routes.go:131 - func wrapManagementAuth(auth gin.HandlerFunc, prefixes ...string) gin.HandlerFunc {internal/api/modules/amp/routes.go:161 - authWithBypass = wrapManagementAuth(auth, "/threads", "/auth", "/docs", "/settings")Wildcard CORS is applied to management endpoints
highconfirmedEvidence:
internal/api/server.go:244 - engine.Use(corsMiddleware())internal/api/server.go:547 - mgmt := s.engine.Group("/v0/management")internal/api/server.go:1000 - c.Header("Access-Control-Allow-Origin", "*")LLM Fix Guide
Recommended remediation order:
credential material..gitignoreand provide a safe template file such as.env.exampleinstead of live credentials.Suggested prompt for an LLM coding assistant:
This report is based on current files fetched from the repository's default branch at scan time.
It does not by itself prove that older commits are clean or compromised.
This scan is evidence-first and probabilistic. It is not an accusation of malicious intent.
If any finding is incorrect or outdated, please reply with corrected context and exact file references.
Automated by phantomcreds.
Project repo · Created by James Sawyer at JS Labs.