Mihomo CLI
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: mihomo-cli Version: 1.0.0 The skill bundle provides a utility for managing local Mihomo/Clash proxy instances, which requires several high-risk capabilities. The script `scripts/mihomo-cli.sh` automatically discovers and reads local configuration files (e.g., in `~/.config/mihomo/`) to extract sensitive API secrets and uses `ps aux` to inspect running processes for configuration paths. While these behaviors are aligned with the stated purpose, the automated credential extraction and the instructions in `SKILL.md` encouraging broad system discovery constitute risky behaviors under the analysis threshold. Additionally, the script exhibits a minor JSON injection vulnerability in the `cmd_switch` function when constructing API request bodies.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing this skill allows the agent to use your local Mihomo controller credentials to inspect and operate the proxy.
The helper reads the Mihomo API secret from local config and uses it as a bearer token for controller requests. This is expected for controlling Mihomo, but it is still local credential access.
MIHOMO_SECRET=$(grep -E "^\s*secret:" "$MIHOMO_CONFIG_PATH" ...) [ -n "$MIHOMO_SECRET" ] && curl_args+=(-H "Authorization: Bearer $MIHOMO_SECRET")
Only install if you are comfortable with the agent reading Mihomo configuration and using the local API secret; avoid pointing MIHOMO_HOST at untrusted remote hosts.
A switch or restart could temporarily disrupt connectivity or change which route your traffic uses.
The skill documents commands that can change the active proxy route or restart Mihomo, while also instructing the agent to confirm the user's intent before those higher-impact actions.
scripts/mihomo-cli.sh switch GLOBAL "🇭🇰 E0 香港核心" ... scripts/mihomo-cli.sh restart ... Before `switch` or `restart`, be sure that changing the active route is actually what the user wants.
Use read-only commands such as status, proxies, groups, and connections first; run switch, flush, or restart only when you explicitly want that change.