Clash VPN
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill mostly matches its Clash proxy-management purpose, but its sample configuration can expose proxy, controller, and DNS services to the local network while the script edits root-level settings.
Review the Clash configuration before using this skill. If you only need a local proxy, change the sample config to bind services to 127.0.0.1 and disable LAN access. Be aware that the script writes root-level Clash config, may store proxy credentials in config/backups, starts a background Clash process, and stops processes named 'clash'.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Other devices on the network could potentially use the proxy, query the DNS listener, or reach the Clash controller if the host network allows it.
The provided minimal configuration binds Clash LAN access, the external controller, and DNS listener to all interfaces, which can expose proxy/control services beyond the local machine.
allow-lan: true external-controller: 0.0.0.0:9090 ... dns: enable: true listen: 0.0.0.0:53
Default to local-only bindings unless LAN sharing is explicitly needed: set allow-lan to false, bind controller/DNS to 127.0.0.1, and use a controller secret or firewall rules if remote access is required.
Running the skill in the wrong environment could modify root-owned Clash configuration or system logs rather than a user-scoped proxy setup.
The script is designed around root/system paths and a system-installed Clash binary, so using it may require elevated privileges and will affect system-level proxy configuration.
CLASH_CONFIG="/root/.config/clash/config.yaml" CLASH_LOG="/var/log/clash.log" CLASH_BIN="/usr/local/bin/clash"
Use it only on a machine where you intentionally manage the system Clash instance, and verify the target paths and permissions before updating configuration.
Clash may keep running after the immediate task, and the stop command may terminate any process named 'clash', not just one started by this script.
The script starts Clash as a long-running background process and stops processes by name; this is expected for service management but should be user-controlled.
nohup "$CLASH_BIN" -f "$CLASH_CONFIG" > "$CLASH_LOG" 2>&1 & ... pkill -x clash
Confirm before starting or stopping the service, and check whether other Clash instances are running before using the stop command.