ClawHub

Mihomo Proxy Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is on-topic for managing mihomo, but its update helper can turn a subscription URL into shell execution and overwrite live proxy configuration without safeguards.

Review and harden the script before installing. Only use trusted subscription URLs, back up the existing mihomo config before updates, validate generated config before restart, and replace the shell-based downloader with safer argument-array execution or a native HTTP client plus strict URL and content validation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill tells the agent to fetch a user-provided subscription URL and save it to `/tmp/sub_raw.txt` without warning that this transmits data to an external endpoint and writes attacker-controlled content locally. This can expose the host to SSRF-like access to internal URLs, unsafe ingestion of untrusted configuration material, and accidental overwriting or downstream processing of malicious content.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill recommends `systemctl restart mihomo` as a routine action without warning that it changes live proxy behavior and can interrupt current network connectivity. On a remote system, restarting a proxy service may cut off dependent applications or the administrator's own access path, causing avoidable disruption.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script interpolates an attacker-controlled subscription URL into a shell command via execSync, using only single-quote wrapping for protection. A crafted URL containing a single quote can break out of the quoted context and trigger arbitrary shell command execution, which is especially dangerous on a Linux server managing network proxy configuration.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal