Magic Internet Access
v1.7.1AI-powered Magic Internet Access engine for OpenClaw. AI驱动的魔法上网术——你的私人魔法上网管家。 自动抓取免费节点、测速、筛选,一步步引导小白完成配置。 Trigger on: VPN, proxy, 翻墙, 魔法上网, 科学上网, 梯子, 节点, sha...
⭐ 0· 394·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the included code: scraper, tester, and formatter implement scraping public node lists, parsing proxies, running TCP tests, and producing client configs. That functionality is expected for a free-node aggregator. Minor oddity: SKILL.md embeds a hard-coded tg://proxy link with a raw IP which is not required to implement scraping/testing and should be treated as an external pointer controlled by the skill author.
Instruction Scope
SKILL.md mandates the agent must run the bundled handler.py and must reply only with the script output (no extra text or clarifying Qs). handler.py invokes scraper.py and tester.py which (a) fetch multiple external URLs (raw GitHub content) and (b) open TCP connections to arbitrary IP:port pairs discovered in the feeds. This effectively performs network I/O and active connectivity checks under the user's account without further confirmation. The instructions also forbid troubleshooting or adding context, reducing oversight.
Install Mechanism
No install spec (instruction-only) and code files are bundled. No downloads from third-party URLs or archive extraction occur during install. The code shipped with the skill is local to the skill bundle; nothing in the install mechanism itself is suspicious.
Credentials
The skill declares no credentials or config paths. The scripts read/write data under the OPENCLAW_WORKSPACE (default: ~/.openclaw/workspace) and respect MAX_TEST_NODES. That is proportionate to their purpose. However, network activity (HTTP fetches and TCP connects to arbitrary hosts) is significant and can be noisy; the SKILL.md also includes a hard-coded Telegram MTProto proxy link pointing at an IP address (154.17.2.31), which is an external resource not explained by the description.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. It writes output files to the user's workspace (nodes_raw.json, nodes_tested.json) but does not change other skills or global config. Autonomous invocation (default) is allowed but not by itself flagged; combined with the forced execution instruction this increases the operational risk.
What to consider before installing
This skill's behavior mostly matches its description, but it will execute bundled Python scripts that (1) fetch many external URLs and (2) open TCP connections to whatever proxy servers it finds — effectively performing active network checks from your environment. Before installing or running it: review the bundled scripts yourself (scraper.py/tester.py/handler.py/formatter.py), consider running them in an isolated/sandboxed environment, and confirm you are comfortable with outbound network activity and creation of ~/.openclaw/workspace/nodes_*.json files. Pay special attention to the hard-coded tg://proxy link containing a raw IP in SKILL.md — verify that IP and link independently if you plan to use it. If you need tighter control, ask that the skill run only in a restricted environment (no outbound network or limited MAX_TEST_NODES), or prefer a version that requires explicit user approval before contacting external hosts.Like a lobster shell, security has layers — review code before you run it.
latestvk979xx95scw3fj410n8sqc9tes823sk9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.