This is a security research tool that demonstrates a serious localhost vulnerability in popular Android VPN clients like v2rayNG, NekoBox, and Clash. Any app with basic INTERNET permission can scan localhost ports, detect unauthenticated SOCKS5 proxies exposed by these VPN apps, and tunnel through them to reveal your real exit IP and server config. The implementation is thorough: it fingerprints VPN clients by port patterns (10808/10809 for xray, 7890/9090 for Clash), reads /proc/net/tcp to find listening ports without root, checks hidden Android capabilities like IS_VPN, and does MTU analysis. If you're building VPN clients or need to audit mobile privacy assumptions, this shows exactly how exposed localhost services become attack surfaces. The full detection pipeline runs 14 phases from interface detection to geolocation.
npx skills add https://github.com/aradotso/trending-skills --skill yourvpndead-vpn-detection