Mihomo CLI
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing this skill allows the agent to use your local Mihomo controller credentials to inspect and operate the proxy.
The helper reads the Mihomo API secret from local config and uses it as a bearer token for controller requests. This is expected for controlling Mihomo, but it is still local credential access.
MIHOMO_SECRET=$(grep -E "^\s*secret:" "$MIHOMO_CONFIG_PATH" ...) [ -n "$MIHOMO_SECRET" ] && curl_args+=(-H "Authorization: Bearer $MIHOMO_SECRET")
Only install if you are comfortable with the agent reading Mihomo configuration and using the local API secret; avoid pointing MIHOMO_HOST at untrusted remote hosts.
A switch or restart could temporarily disrupt connectivity or change which route your traffic uses.
The skill documents commands that can change the active proxy route or restart Mihomo, while also instructing the agent to confirm the user's intent before those higher-impact actions.
scripts/mihomo-cli.sh switch GLOBAL "🇭🇰 E0 香港核心" ... scripts/mihomo-cli.sh restart ... Before `switch` or `restart`, be sure that changing the active route is actually what the user wants.
Use read-only commands such as status, proxies, groups, and connections first; run switch, flush, or restart only when you explicitly want that change.