Mihomo CLI
ReviewAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it says—control a local Mihomo/Clash proxy—but it can read the local API secret and run commands that change proxy routing or restart the proxy.
Before installing, be aware that this skill lets the agent inspect local proxy state, active connections, and Mihomo configuration, and can change or restart the local proxy when asked. Prefer read-only checks first and reserve switch/restart actions for explicit user requests.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing this skill allows the agent to use your local Mihomo controller credentials to inspect and operate the proxy.
The helper reads the Mihomo API secret from local config and uses it as a bearer token for controller requests. This is expected for controlling Mihomo, but it is still local credential access.
MIHOMO_SECRET=$(grep -E "^\s*secret:" "$MIHOMO_CONFIG_PATH" ...) [ -n "$MIHOMO_SECRET" ] && curl_args+=(-H "Authorization: Bearer $MIHOMO_SECRET")
Only install if you are comfortable with the agent reading Mihomo configuration and using the local API secret; avoid pointing MIHOMO_HOST at untrusted remote hosts.
A switch or restart could temporarily disrupt connectivity or change which route your traffic uses.
The skill documents commands that can change the active proxy route or restart Mihomo, while also instructing the agent to confirm the user's intent before those higher-impact actions.
scripts/mihomo-cli.sh switch GLOBAL "🇭🇰 E0 香港核心" ... scripts/mihomo-cli.sh restart ... Before `switch` or `restart`, be sure that changing the active route is actually what the user wants.
Use read-only commands such as status, proxies, groups, and connections first; run switch, flush, or restart only when you explicitly want that change.