Clash Verge Controller

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed guide and sample client for controlling a Clash Verge/mihomo proxy controller, with no hidden install, persistence, or unrelated data handling found.

Install/use this only if you want an agent to help manage your Clash Verge controller. Keep the controller bound to 127.0.0.1 when possible, set a strong secret, avoid exposing it on 0.0.0.0 without firewall limits, and require explicit confirmation before mutating actions such as config updates, node switching, connection deletion, upgrades, or restarts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The trigger conditions are broad enough to activate on general mentions of Clash, remote management, node switching, or API usage, without clear exclusions for read-only vs. mutating operations. This increases the chance the skill is invoked in contexts where users only want information, but the skill steers toward operational control of a network proxy service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal