Clash Controller
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly matches its stated Clash-control purpose, but it hardcodes a controller secret and recommends a LAN-exposing proxy setting that users should review before installing.
Review the hardcoded Clash API secret before installing. Use your own private secret through a proper configuration mechanism, avoid enabling `allow-lan` unless you intentionally want LAN devices to reach the proxy, and install only if you are comfortable letting the agent change your system proxy routing.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user configures Clash to use this published secret, the controller credential is no longer private; if they use a different secret, the skill may fail or encourage unsafe credential reuse.
The skill hardcodes a Clash controller authentication secret and uses it as a Bearer token to control the local API. This is sensitive local control authority and is not presented as a user-provided credential.
const secret = 'ff62c2da-1504-446b-986f-f13ba034e8a5'; ... 'Authorization': `Bearer ${secret}`Require the Clash API secret to be supplied by the user through a declared config or environment variable, and do not publish a fixed shared controller secret.
Other devices on the same network may be able to use or probe the user's proxy service if the system and firewall allow it.
The recommended Clash configuration enables LAN access, which is not necessary for a local Windows proxy controller and may expose the proxy service to other devices on the network.
allow-lan: true
Keep LAN access disabled unless explicitly needed, document the exposure clearly, and bind control interfaces to localhost.
Installing the skill allows the agent to turn proxy routing on or off when it invokes the skill.
The skill directly mutates Clash's GLOBAL proxy selection through the local API. This is expected for the skill's purpose, but it affects how the user's network traffic is routed.
await request('/proxies/GLOBAL', 'PUT', { name: '自动选择' }); ... await request('/proxies/GLOBAL', 'PUT', { name: 'DIRECT' });Install only if you want the agent to control Clash proxy routing, and consider requiring explicit user confirmation for changes.