ClawHub

mihomo Proxy Manager

Security checks across malware telemetry and agentic risk

Overview

This proxy manager mostly matches its stated purpose, but it can install a persistent privileged network service and exposes high-impact behavior that is not clearly disclosed.

Review carefully before installing. Only grant sudo if you intend to create a persistent proxy service, verify the mihomo release yourself, bind the controller to localhost with a secret, and avoid pasting subscription URLs in contexts where logs may be retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill clearly performs network operations and may access environment-derived configuration, yet it declares no explicit permissions. This creates a transparency and policy-enforcement gap: an agent or platform may invoke a skill with broader effective capabilities than reviewers or users expect, especially given it downloads binaries, fetches subscription URLs, and manages proxy configuration. In this context, proxy-management is inherently sensitive because it can route traffic through third-party infrastructure and handle credential-bearing subscription links.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The installer creates persistent services and attempts a privileged system-level installation via sudo, which materially expands its control over the host beyond a one-time binary download. In the context of a proxy daemon this may be functionally related, but it is still security-sensitive because it enables persistence, auto-start, and elevated networking capabilities without any explicit consent or policy guardrails in this file.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The installer writes persistent service definitions to system or user startup locations and may invoke sudo, but this file contains no user-visible warning, consent flow, or dry-run mode before making those changes. That is dangerous because persistence and privilege escalation are high-impact operations that users may not expect from a proxy-management skill.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The installer downloads a remote binary, writes it to disk, and later executes it to verify installation, yet there is no explicit user-facing disclosure in this file that code from the network will be installed and run locally. This is especially risky because the download integrity check only compares size and does not authenticate the binary's publisher or contents.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal