Mihomo Subscription Route Publisher

v1.0.0

Update Mihomo site routing rules from natural-language requests, rebuild the published subscription, and verify the live output. 根据自然语言路由请求更新 Mihomo 规则、重建已发布...

⭐ 0· 80·0 current·0 all-time

by@grey0758

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for grey0758/mihomo-subscription-route-publisher.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Mihomo Subscription Route Publisher" (grey0758/mihomo-subscription-route-publisher) from ClawHub.
Skill page: https://clawhub.ai/grey0758/mihomo-subscription-route-publisher
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install mihomo-subscription-route-publisher

ClawHub CLI

Package manager switcher

npx clawhub@latest install mihomo-subscription-route-publisher

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The skill's purpose (update repo routing rules, regenerate worker, deploy, and verify rules.xiannai.me) matches what the SKILL.md instructs, but the skill does not declare any required credentials or environment variables even though worker deploys and git pushes normally require Cloudflare/GitHub/ssh tokens. The compatibility notes also mention wrangler and 1Password CLI, implying secret access. The absence of declared credentials is an incoherence.

Instruction Scope

Runtime instructions explicitly read and edit files under /home/grey/mihomo-fullstack-deploy, may validate or sync /etc/mihomo, run a local mihomo binary, redeploy a worker and call external endpoints (rules.xiannai.me). These operations require filesystem and possibly service privileges; the skill does not instruct reading unrelated user files, but it does assume the agent can modify system-level config and perform network deploys, which expands its scope beyond a simple formatter.

✓

Install Mechanism

This is an instruction-only skill with no install spec or code files. That keeps install risk low — nothing is downloaded or written by an included installer.

Credentials

The skill declares no required env vars or primary credential, yet the workflow requires actions that normally need credentials (Cloudflare wrangler deploy, git push to canonical repo, possible use of 1Password to fetch secrets). The SKILL.md even warns not to reveal Cloudflare/GitHub tokens, implying they exist. Not declaring these environment/credential needs is disproportionate and opaque.

ℹ

Persistence & Privilege

always:false and normal autonomous invocation are fine. However the skill’s actions include potentially modifying /etc/mihomo and restarting or running local binaries — operations that require elevated filesystem/service privileges on the host. While not a policy/privilege misconfiguration in metadata, this increases operational risk and should be considered before granting the agent those capabilities.

What to consider before installing

Before installing or running this skill, confirm these items: (1) The skill will read and edit files under /home/grey and may touch /etc/mihomo and run /usr/local/bin/mihomo — only allow it on a host you control or in a sandbox. (2) It appears to expect deployment and git push capabilities (Cloudflare wrangler, GitHub/SSH) but declares no credentials; ask the author which environment variables or secrets are required and how they should be provided (prefer use of a secrets manager rather than embedding tokens). (3) Because it calls external endpoints (rules.xiannai.me) and triggers redeploys, verify you trust that domain and the source of this skill. (4) If you cannot verify credentials and trust, test in a VM or container with limited privileges and no production secrets. (5) Ask the publisher to explicitly declare required credentials (e.g., CF_API_TOKEN, GITHUB_TOKEN, SSH keys) and to document any service restarts so you can audit before granting permission.

Like a lobster shell, security has layers — review code before you run it.

cloudflarevk97ccfxd5xrvn813ps4kw0g3r1840j8alatestvk97ccfxd5xrvn813ps4kw0g3r1840j8amihomovk97ccfxd5xrvn813ps4kw0g3r1840j8aroutevk97ccfxd5xrvn813ps4kw0g3r1840j8asubscriptionvk97ccfxd5xrvn813ps4kw0g3r1840j8aworkervk97ccfxd5xrvn813ps4kw0g3r1840j8a

80downloads

0stars

1versions

Updated 3w ago

v1.0.0

MIT-0

Mihomo Subscription Route Publisher

Use this skill when the user says a site, domain, or Mihomo rule should use a specific route target and expects the published subscription to update. 当用户说某个网站、域名或 Mihomo 规则应该走某个目标出口，并希望已发布订阅同步更新时，使用这个 skill。

Read First | 先读这些

{baseDir}/README.md
{baseDir}/WORKFLOW.md
{baseDir}/FAQ.md
{baseDir}/CHANGELOG.md

Primary Rule | 核心原则

Treat /home/grey/mihomo-fullstack-deploy as the canonical source, rules.xiannai.me as the distribution layer, and live validation as mandatory before declaring success. 把 /home/grey/mihomo-fullstack-deploy 当作规范源，把 rules.xiannai.me 当作分发层，并把线上验证当作必选步骤。

Workflow | 执行流程

normalize the user request into explicit Mihomo rule lines 把自然语言请求归一化成明确的 Mihomo 规则行
map the requested node to a stable group when possible 尽量把节点名映射到稳定代理组
edit the canonical source file for that target 修改该目标对应的规范源文件
regenerate worker artifacts 重生成 worker 构建产物
validate syntax and config 校验语法和配置
deploy worker and trigger /sync 发布 worker 并触发 /sync
verify the live published artifact with ?ts= 用 ?ts= 校验线上已发布产物
update the local Linux runtime config only if needed 仅在需要时同步本机 Linux 运行时配置
commit and push if the repo should remain canonical upstream 如果仓库要保持上游规范源，就提交并推送

Stable Route Map | 稳定路由映射

直连 Canonical source: /home/grey/mihomo-fullstack-deploy/worker/src/inline-rules.js
故障转移 Canonical source: /home/grey/mihomo-fullstack-deploy/rules/user_ruleset/user_proxy_rules.txt
定向出口 Canonical source:
- /home/grey/mihomo-fullstack-deploy/etc/mihomo/config.yaml
- /home/grey/mihomo-fullstack-deploy/etc/mihomo/config.windows.yaml

Node-name aliases:

onlygays1 -> 故障转移
racknerd-reality -> 定向出口
DIRECT -> 直连

Strong Heuristics | 强判断规则

if the user names a raw node, prefer the stable group backed by that node
if the route should affect all clients, do not stop after only changing Linux
if only 故障转移 rules changed, do not restart local Mihomo unnecessarily
if 定向出口 rules changed, validate the Linux config and published Linux/Windows configs
if the repo is dirty in unrelated files, touch only the routing files required for the task
always verify remote output with cache busting

中文解释：

用户说的是裸节点名时，优先落到对应的稳定代理组。
如果目标是所有客户端生效，不要只改 Linux 就结束。
只改 故障转移 规则时，不要无意义重启本机 Mihomo。
改了 定向出口 时，要同时校验 Linux 配置和已发布的 Linux/Windows 配置。
仓库里有不相关脏文件时，只碰本次路由任务需要的文件。
远端验证必须带缓存穿透参数。

Safe Commands | 安全命令

sed -n '1,120p' /home/grey/mihomo-fullstack-deploy/rules/user_ruleset/user_proxy_rules.txt
sed -n '1,80p' /home/grey/mihomo-fullstack-deploy/worker/src/inline-rules.js
cd /home/grey/mihomo-fullstack-deploy/worker && node --check src/index.js
HOME=/etc/mihomo XDG_CONFIG_HOME=/etc/mihomo/.config /usr/local/bin/mihomo -t -f /home/grey/mihomo-fullstack-deploy/etc/mihomo/config.yaml
curl -fsSL "https://rules.xiannai.me/sync?ts=$(date +%s)"
curl -fsSL "https://rules.xiannai.me/configs/linux.yaml?ts=$(date +%s)"

Response Format | 输出格式

Always return: 始终返回：

normalized routing request
files changed
publish status
live verification result
next action if anything is still pending

Constraints | 约束

do not reveal Cloudflare or GitHub token values
do not treat rules.xiannai.me as canonical; the repo stays canonical
do not silently leave live and repo state diverged
do not promise cross-client parity for 定向出口 unless the relevant configs were updated in the same change

Comments

Loading comments...