Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Clash Controller
v1.0.0控制 Clash for Windows 代理:启动、关闭、查看状态、切换节点。触发词:Clash、代理、代理开关、开启代理、关闭代理、代理状态、切换节点、Clash for Windows。
⭐ 0· 186·0 current·0 all-time
byLostOmato@icenoodle
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description and code align on controlling Clash for Windows via the External Controller API (querying status, switching proxies). However the SKILL.md claims 'process control' (start/stop the Clash process) and file-path-based configuration awareness; the provided skill.js does not perform OS-level process management nor does it read the config file — it only calls the local REST API. This mismatch could be benign (documentation drift) but is inconsistent.
Instruction Scope
SKILL.md asks the user to enable Clash's External Controller and points to the config file and secret; runtime code uses only local HTTP calls to 127.0.0.1:61222 and does not read any files or environment variables. The instructions do not direct the agent to access unrelated files or remote endpoints — scope is mostly limited to the local Clash API — but the doc and implementation diverge about reading config or managing the process.
Install Mechanism
There is no install spec and no external downloads. The package is instruction-only with a small skill.js and package.json; it uses only Node's built-in http module. Low install risk.
Credentials
The skill requests no environment variables, yet skill.js contains a hard-coded API secret ('ff62c2da-...') which it sends in an Authorization header to the local controller. SKILL.md refers to a secret in the Clash config but the code ignores the user's config and uses the baked-in token. Embedding a secret in the code is poor practice (exposes the token in the repo/registry) and may cause failed operation or unexpected behavior if the token doesn't match the user's setup.
Persistence & Privilege
The skill does not request persistent or elevated platform privileges, is not always-enabled, does not alter other skills or global agent settings, and makes only local HTTP requests to 127.0.0.1. Autonomous invocation is allowed (default) but is not combined with broad credential access.
What to consider before installing
This skill mostly does what it says (controls Clash via the local REST API) but you should be cautious before installing:
- The repository contains a hard-coded API secret. That secret is sent to the local controller; remove or replace it and instead configure the skill to read your actual Clash external-controller secret from the config file or from an environment variable.
- SKILL.md mentions starting/stopping the Clash process and reading the config file, but the code does not do process control or file reads — expect only REST API calls. If you need process control, request or review additional code.
- Test on a non-production machine first: enable External Controller in Clash, verify the controller host/port/secret, and try the skill locally.
- If you do not want any reusable tokens stored in the skill, edit skill.js so it reads the secret from an environment variable (or from the local config) rather than using the baked-in token.
- Because the skill communicates with a local service using an auth token, ensure the token in your Clash config is private and the machine is secure; the skill does not appear to exfiltrate data externally, but exposing any token in a public registry is a privacy risk.
If you want higher assurance, request the author to remove hard-coded secrets and to document exactly how the skill obtains the correct secret (env var or config path) and whether it requires OS-level process control and how that will be implemented.Like a lobster shell, security has layers — review code before you run it.
latestvk976c2hh2b7v4np0knectqb4wx82y7s5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.