ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

GitHub Hosts CN

GitHub Hosts 更新工具(中国用户专用)。安全地更新系统hosts文件以访问GitHub,保留原有非GitHub条目,仅替换GitHub相关地址。支持备份恢复、风险提示。当用户需要解决GitHub访问问题时使用此技能。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 52 · 0 current installs · 0 all-time installs
by@n1e
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (GitHub hosts updater for China) match what the skill does: reads /etc/hosts, fetches hosts from multiple public mirrors, merges GitHub entries, backs up, and writes the file. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md and update.js explicitly describe reading /etc/hosts, creating timestamped backups in ~/.openclaw/backups/github-hosts/, fetching remote hosts files, parsing/merging entries, writing /etc/hosts, and flushing DNS. The instructions are scoped to the stated task and include preview/restore options and an explicit user confirmation step.
Install Mechanism
No install script in the registry; the package is an npm project with update.js and package.json. Nothing is downloaded or executed at install time. At runtime the script fetches remote hosts data from listed public URLs (HelloGitHub, GitLab, Gitee, jsdelivr), which is expected for this function but is a trust surface to review.
Credentials
The skill requests no environment variables, no secrets, and no unrelated credentials. It does require Node.js and elevated privileges to modify /etc/hosts (documented). The requested permissions are proportional to the task.
Persistence & Privilege
The skill is not always: true and has default autonomous-invocation allowed by platform. It performs privileged actions (writing system hosts) and requires sudo; however the SKILL.md and code show an interactive confirmation and preview mode. Users should be aware that if an agent runs this skill without interactive confirmation (or with automated confirmation flags), it will perform privileged writes.
Assessment
This skill is coherent for updating GitHub host entries and includes sensible safeguards (preview, backups, restore). Before installing or running it: 1) Inspect and verify the listed data sources (raw.hellogithub.com, gitlab.com, gitee.com, jsdelivr) — if a source is compromised it can supply malicious IP mappings. 2) Use the --preview mode first to review exact changes and confirm backups exist. 3) Run in a trusted environment and avoid running with sudo in automated/unattended contexts; prefer manual confirmation. 4) Keep backups (the tool stores them under ~/.openclaw/backups/github-hosts/) and test restore. 5) If you need higher assurance, run it on a disposable/test machine or manually fetch and vet hosts content before applying. If you want me to, I can: list the exact domains the tool will change, fetch the current preview output from the fastest source (non-destructively), or help craft a checklist to vet the remote sources.
update.js:613
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
chinavk97fyhd1cm49mdq7yn1hctdw0s83qx8gdnsvk97fyhd1cm49mdq7yn1hctdw0s83qx8ggithubvk97fyhd1cm49mdq7yn1hctdw0s83qx8ghostsvk97fyhd1cm49mdq7yn1hctdw0s83qx8glatestvk97fyhd1cm49mdq7yn1hctdw0s83qx8gnetworkvk97fyhd1cm49mdq7yn1hctdw0s83qx8g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

GitHub Hosts CN - 中国用户专用 GitHub Hosts 更新工具

安全、智能地更新系统hosts文件,帮助中国用户正常访问GitHub。

🌟 特性

  • 🛡️ 安全优先:自动备份、保留原有配置、仅替换GitHub条目
  • 🌍 多源获取:从多个镜像源获取最新GitHub hosts(HelloGitHub、GitLab、Gitee等)
  • ⚡ 自动选择:并行测试所有源,使用最快的可用源
  • 💾 智能备份:时间戳备份,支持一键恢复
  • 🔍 精确替换:只替换GitHub相关域名,保留其他所有hosts配置
  • 📋 风险提示:执行前显示详细风险说明,需用户确认

📦 安装

cd /Users/claw/Documents/trae_projects/skills/github-hosts-cn
npm install

🚀 使用方法

# 更新GitHub hosts
node update.js

# 查看帮助
node update.js --help

# 恢复最近的备份
node update.js --restore

# 查看当前状态
node update.js --status

# 仅获取不更新(预览模式)
node update.js --preview

📊 数据源

URL类型优先级
HelloGitHubraw.hellogithub.com独立站点1
GitLab Mirrorgitlab.com/ineo6GitLab2
Gitee Mirrorgitee.com国内镜像3
JSDelivr CDNcdn.jsdelivr.netCDN4

🔧 工作流程

1. 显示风险提示 → 用户确认
2. 读取当前 /etc/hosts
3. 创建时间戳备份
4. 从多源获取最新GitHub hosts
5. 合并:保留非GitHub条目 + 新GitHub条目
6. 写入新的hosts文件
7. 刷新DNS缓存
8. 显示更新结果

🛡️ 安全机制

备份策略

  • 每次修改前自动备份
  • 备份文件命名:hosts.backup.YYYY-MM-DDTHH-mm-ss
  • 备份位置:~/.openclaw/backups/github-hosts/
  • 保留最近10个备份文件

合并策略

  • 识别所有GitHub相关域名(github.com, github.global.ssl.fastly.net等)
  • 保留hosts文件中的所有非GitHub条目
  • 仅替换GitHub相关IP地址

恢复机制

  • --restore 恢复最近备份
  • --restore <backup-file> 恢复指定备份

⚠️ 风险说明

修改hosts文件存在以下风险:

  1. 权限风险:需要sudo权限,请确保在可信环境执行
  2. 网络风险:错误的hosts可能导致无法访问某些网站
  3. IP失效风险:GitHub IP可能随时变化,需要定期更新
  4. 备份风险:请确保备份目录可写

建议:

  • 在执行前理解hosts文件的作用
  • 定期检查备份文件
  • 如遇问题立即使用 --restore 恢复

📋 系统要求

  • Node.js 16+
  • macOS / Linux
  • sudo权限(用于修改/etc/hosts)
  • 网络连接

📜 License

MIT

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…