Back to skill

Security audit

Mihomo CLI

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local Mihomo/Clash proxy helper whose sensitive powers match its stated purpose, though users should treat route changes, restarts, cache flushes, and API-secret use as deliberate actions.

Install only if you are comfortable letting the agent read Mihomo/Clash config paths and use the local controller secret. Start with read-only commands like status, proxies, groups, and connections, and only ask for switch, flush, restart, or raw API actions when you are prepared for possible routing changes, dropped connections, or proxy service disruption.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs the agent to execute shell commands (`scripts/mihomo-cli.sh ...`, `ps aux | grep ...`) but does not declare corresponding permissions. This creates a capability mismatch where a reviewer or runtime may underestimate the skill's ability to inspect local processes, read local config paths, and interact with a local privileged network-control API, increasing the chance of unintended local data exposure or state-changing actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation exposes multiple state-changing and potentially disruptive API operations, including restart, proxy switching, connection termination, cache flushing, and debug actions, without any caution, confirmation guidance, or safety boundaries. In the context of an agent skill meant to operate a local proxy controller, this increases the chance that an agent or user invokes disruptive actions on a live system without understanding the consequences.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script automatically locates Mihomo configuration files and extracts the API secret from them, allowing credential access without an explicit user acknowledgement. In the context of an agent skill, this is risky because a user may ask for status or proxy info and the tool silently escalates to reading local secrets and using them for authenticated administrative API calls.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script exposes state-changing administrative operations like DNS/FakeIP cache flush and service restart with no confirmation, dry-run, or safety gate. In an agent setting, a mistaken or overbroad invocation could disrupt network connectivity or alter system behavior immediately, especially since the same script can silently obtain credentials and target a running local controller.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
- `GET /traffic` - WebSocket stream of traffic stats
- `GET /logs?level=debug|info|warning|error` - WebSocket stream of logs
- `GET /connections` - List active connections
- `DELETE /connections/:id` - Close specific connection

### Providers
- `GET /providers/proxies` - List all proxy providers
Confidence
86% confidence
Finding
DELETE /connections/:id`

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.