ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

github改hosts文件加速skill,仅针对windows

v1.0.0

Optimize GitHub access speed on Windows by finding the fastest IPs and updating the hosts file to reduce latency.

1· 24·0 current·0 all-time
byqz@vay-qz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the actions (resolve IPs, test latency, edit Windows hosts). However the SKILL.md lists domains to resolve (including objects.githubusercontent.com) but the script only writes entries for github.com and api.github.com; the Workflow section also mentions a duplicate github.com line that the script does not include. These inconsistencies are sloppy and reduce confidence.
!
Instruction Scope
Instructions instruct the agent to read and modify C:\Windows\System32\drivers\etc\hosts (system‑wide), run nslookup/ping/ipconfig, and implicitly require Administrator privileges. The script does not back up the hosts file, its pattern matching/replacement is brittle (may fail or clobber unrelated lines), and parsing relies on locale-specific output (e.g., Chinese ping output matching '平均'). Those behaviors expand scope beyond a simple 'helper' and carry risk to network access.
Install Mechanism
Instruction-only skill with no install actions; nothing is written to disk by an installer. This is the lowest install risk.
Credentials
No environment variables, credentials, or external config paths are requested — appropriate for the stated purpose.
!
Persistence & Privilege
The skill asks the agent to modify the system hosts file, a persistent, system‑wide change that requires Administrator rights. While 'always' is false, the modification itself is high‑privilege and can affect all apps on the machine; the SKILL.md notes this but does not instruct creating a backup or a safe rollback.
What to consider before installing
This skill does what it says (probe IPs and edit Windows hosts), but it performs a high‑privilege, system‑wide change with sloppy, locale‑dependent parsing and brittle replacement logic. Before installing or running it: (1) get the skill's source or homepage and review the exact script, (2) ensure you run it only with Administrator consent and after making a backup of C:\Windows\System32\drivers\etc\hosts, (3) prefer the script be modified to: back up hosts, validate IP ownership for GitHub, avoid locale‑dependent parsing, and use safer, more specific host entry replacement, (4) consider testing manually first rather than allowing an agent to run it autonomously. The domain/entry mismatches in the SKILL.md should be corrected before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97540c3v20gr8kjbfvtj1mbsh84qak1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments