Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Mihomo Subscription Route Publisher
v1.0.0Update Mihomo site routing rules from natural-language requests, rebuild the published subscription, and verify the live output. 根据自然语言路由请求更新 Mihomo 规则、重建已发布...
⭐ 0· 29·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's purpose (update repo routing rules, regenerate worker, deploy, and verify rules.xiannai.me) matches what the SKILL.md instructs, but the skill does not declare any required credentials or environment variables even though worker deploys and git pushes normally require Cloudflare/GitHub/ssh tokens. The compatibility notes also mention wrangler and 1Password CLI, implying secret access. The absence of declared credentials is an incoherence.
Instruction Scope
Runtime instructions explicitly read and edit files under /home/grey/mihomo-fullstack-deploy, may validate or sync /etc/mihomo, run a local mihomo binary, redeploy a worker and call external endpoints (rules.xiannai.me). These operations require filesystem and possibly service privileges; the skill does not instruct reading unrelated user files, but it does assume the agent can modify system-level config and perform network deploys, which expands its scope beyond a simple formatter.
Install Mechanism
This is an instruction-only skill with no install spec or code files. That keeps install risk low — nothing is downloaded or written by an included installer.
Credentials
The skill declares no required env vars or primary credential, yet the workflow requires actions that normally need credentials (Cloudflare wrangler deploy, git push to canonical repo, possible use of 1Password to fetch secrets). The SKILL.md even warns not to reveal Cloudflare/GitHub tokens, implying they exist. Not declaring these environment/credential needs is disproportionate and opaque.
Persistence & Privilege
always:false and normal autonomous invocation are fine. However the skill’s actions include potentially modifying /etc/mihomo and restarting or running local binaries — operations that require elevated filesystem/service privileges on the host. While not a policy/privilege misconfiguration in metadata, this increases operational risk and should be considered before granting the agent those capabilities.
What to consider before installing
Before installing or running this skill, confirm these items: (1) The skill will read and edit files under /home/grey and may touch /etc/mihomo and run /usr/local/bin/mihomo — only allow it on a host you control or in a sandbox. (2) It appears to expect deployment and git push capabilities (Cloudflare wrangler, GitHub/SSH) but declares no credentials; ask the author which environment variables or secrets are required and how they should be provided (prefer use of a secrets manager rather than embedding tokens). (3) Because it calls external endpoints (rules.xiannai.me) and triggers redeploys, verify you trust that domain and the source of this skill. (4) If you cannot verify credentials and trust, test in a VM or container with limited privileges and no production secrets. (5) Ask the publisher to explicitly declare required credentials (e.g., CF_API_TOKEN, GITHUB_TOKEN, SSH keys) and to document any service restarts so you can audit before granting permission.Like a lobster shell, security has layers — review code before you run it.
cloudflarevk97ccfxd5xrvn813ps4kw0g3r1840j8alatestvk97ccfxd5xrvn813ps4kw0g3r1840j8amihomovk97ccfxd5xrvn813ps4kw0g3r1840j8aroutevk97ccfxd5xrvn813ps4kw0g3r1840j8asubscriptionvk97ccfxd5xrvn813ps4kw0g3r1840j8aworkervk97ccfxd5xrvn813ps4kw0g3r1840j8a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.