Mihomo Proxy Management
v1.0.0Manage mihomo (Clash Meta) proxy instances via REST API. Use when user mentions mihomo, clash, proxy switching, or needs to: (1) Check proxy status/version,...
⭐ 0· 60·0 current·0 all-time
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the instructions and referenced API endpoints: the SKILL.md only issues REST calls to mihomo endpoints (version, proxies, connections, cache, restart, upgrade, etc.), which is consistent with proxy management. Nothing in the instructions demands unrelated cloud credentials or other unrelated system access.
Instruction Scope
The SKILL.md directs the agent to use environment variables MIHOMO_URL and MIHOMO_SECRET for requests and to store them in the session environment; however, the skill metadata declares no required env vars. The instructions also run curl and jq; jq is used in examples but is not listed as a required binary. The instructions perform potentially disruptive operations (restart, upgrade, close-all-connections) which are legitimate for management but are powerful — user confirmation should be required before issuing them. The delay-test endpoints call an external URL (gstatic) to measure latency, which is expected for delay-testing but entails outbound network requests.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so it does not write code to disk or download external archives. That limits the install-time risk.
Credentials
SKILL.md expects a sensitive secret (MIHOMO_SECRET) and a host URL (MIHOMO_URL). The skill metadata lists no required environment variables or primary credential, so there is a metadata mismatch: sensitive info is needed at runtime but not declared. The secret is appropriate for the stated purpose, but the omission means the platform and user may not realize a credential will be requested or accessed. The examples also assume 'jq' is available but the skill doesn't declare that dependency.
Persistence & Privilege
always is false and the skill does not request persistent installation or modification of other skills. Autonomous invocation is allowed (platform default) but not combined with other high-risk indicators here.
What to consider before installing
This skill is functionally aligned with managing a local mihomo (Clash Meta) instance, but there are a few practical and privacy concerns you should consider before installing:
- The SKILL.md uses MIHOMO_SECRET and MIHOMO_URL (sensitive connection info) and instructs storing them in the environment, but the skill metadata does not declare any required env vars. Ask the author to add MIHOMO_SECRET (and optionally MIHOMO_URL) to the requires.env/primary credential fields so you and the platform can review how secrets are handled.
- Examples call jq but the manifest lists no required binaries. If you install this skill, ensure jq is available or the example commands will fail.
- The skill can call restart and upgrade endpoints — these are legitimate management operations but are disruptive. Require explicit user consent before the skill issues restart/upgrade/close-all requests.
- Delay testing uses an external URL (https://www.gstatic.com/generate_204) to measure latency; this is expected but means the skill will make outbound network requests. If you are concerned about network probing, review or sandbox usage.
If you trust the source and plan to use it against your local mihomo instance, ask the author to correct the metadata (declare MIHOMO_SECRET and MIHOMO_URL, list jq as a binary dependency) and consider only providing the secret at runtime after explicit confirmation. If the source is unknown or untrusted, test in an isolated environment first and avoid supplying production secrets.Like a lobster shell, security has layers — review code before you run it.
latest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Mihomo Proxy Management
Control mihomo instances via REST API.
Connection Info
Default values, override with user-provided:
- Host:
http://127.0.0.1:9090 - Secret: Ask user if not provided
Store connection in environment for session:
MIHOMO_URL="http://host:9090"
MIHOMO_SECRET="your-secret"
Common Operations
Check Status
# Version
curl -s -H "Authorization: Bearer $MIHOMO_SECRET" "$MIHOMO_URL/version"
# All proxies
curl -s -H "Authorization: Bearer $MIHOMO_SECRET" "$MIHOMO_URL/proxies" | jq '.proxies | keys'
# Active connections count
curl -s -H "Authorization: Bearer $MIHOMO_SECRET" "$MIHOMO_URL/connections" | jq '.connections | length'
Switch Proxy
# Switch node in a group
curl -X PUT -H "Authorization: Bearer $MIHOMO_SECRET" \
-H "Content-Type: application/json" \
-d '{"name":"节点名"}' \
"$MIHOMO_URL/proxies/策略组名"
Test Delay
# Test specific proxy
curl -s -H "Authorization: Bearer $MIHOMO_SECRET" \
"$MIHOMO_URL/proxies/节点名/delay?url=https://www.gstatic.com/generate_204&timeout=5000"
# Test all proxies in group
curl -s -H "Authorization: Bearer $MIHOMO_SECRET" \
"$MIHOMO_URL/group/策略组名/delay?url=https://www.gstatic.com/generate_204&timeout=5000"
Manage Connections
# List connections
curl -s -H "Authorization: Bearer $MIHOMO_SECRET" "$MIHOMO_URL/connections" | jq '.connections[] | {id, metadata}'
# Close all
curl -X DELETE -H "Authorization: Bearer $MIHOMO_SECRET" "$MIHOMO_URL/connections"
Cache & Config
# Flush DNS cache
curl -X POST -H "Authorization: Bearer $MIHOMO_SECRET" "$MIHOMO_URL/cache/dns/flush"
# Flush FakeIP cache
curl -X POST -H "Authorization: Bearer $MIHOMO_SECRET" "$MIHOMO_URL/cache/fakeip/flush"
# Reload config
curl -X PUT -H "Authorization: Bearer $MIHOMO_SECRET" "$MIHOMO_URL/configs?force=true"
# Restart mihomo
curl -X POST -H "Authorization: Bearer $MIHOMO_SECRET" "$MIHOMO_URL/restart"
API Reference
For complete endpoint list, see references/api.md.
Files
2 totalSelect a file
Select a file to preview.
Comments
Loading comments…