ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

VLAN Linux Client

v1.0.0

管理 VLAN.CN Linux 客户端的安装、登录、组网连接、服务控制及网络诊断操作。

1· 180·0 current·0 all-time
byshixianfang@sxf-oss

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for sxf-oss/vlan-linux-client.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "VLAN Linux Client" (sxf-oss/vlan-linux-client) from ClawHub.
Skill page: https://clawhub.ai/sxf-oss/vlan-linux-client
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install vlan-linux-client

ClawHub CLI

Package manager switcher

npx clawhub@latest install vlan-linux-client
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description (manage VLAN.CN Linux client) align with the commands and features described (install, login, connect, service control, diagnostics). The SKILL.md contains only client-focused operations and references api.vlan.cn, which is consistent with the stated purpose.
!
Instruction Scope
The instructions tell users/agents to run a remote install script via `curl -kfsSL http://dl.vlan.cn/vlan2.0/linux/install.sh | sh`. This directs execution of arbitrary remote code and uses an HTTP URL (no HTTPS) and curl -k (which suppresses TLS checks for HTTPS). Aside from that, the rest of the instructions stay within the client's scope and do not request unrelated files or env vars.
!
Install Mechanism
There is no formal install spec; instead the skill recommends a download-and-pipe-to-shell pattern from dl.vlan.cn over plain HTTP and without integrity or signature verification. That pattern is high-risk: it allows arbitrary code execution, lacks transport integrity, and offers no provenance or reproducible packaging.
Credentials
The skill declares no required environment variables or credentials, which is proportionate. The usage examples include username/password or login codes entered interactively; the doc advises using short-lived login codes to avoid leaving passwords in shell history, which is appropriate. However, the install/uninstall steps imply writing files under system paths and may require sudo — this elevates privileges for the unsigned installer.
Persistence & Privilege
The skill does not request always:true and is user-invocable; it does not attempt to modify other skills or agent-wide config in the SKILL.md. The installer may create system services and require sudo, which is expected for a system client but increases the impact of a malicious installer.
What to consider before installing
This skill appears to do what it claims (manage the VLAN.CN Linux client) but its install instruction is the main red flag: it asks you to run `curl … http://dl.vlan.cn/.../install.sh | sh` which downloads and executes code from an unverified HTTP endpoint. Before installing: 1) Do not run the pipe-to-sh command directly on production systems. 2) Prefer packages distributed over HTTPS with a checksum or GPG signature; verify the vendor's official website (https://www.vlan.cn) for verified install instructions and signatures. 3) Inspect the install script contents locally (download and read it) and run it in a disposable sandbox/container or VM first. 4) Avoid running installers as root unless you trust them; consider running with least privilege. 5) Use the recommended short-lived login codes instead of passwords to avoid credential leakage in shell history. 6) If you cannot verify the origin and integrity of dl.vlan.cn artifacts, treat installation as high-risk and consult your organization's security policy or the vendor for signed releases.

Like a lobster shell, security has layers — review code before you run it.

latestvk975d2nnmwh4p6hma3b1vp1c95835w8z
180downloads
1stars
1versions
Updated 1h ago
v1.0.0
MIT-0
shixianfang@sxf-oss
latest
Download

VLAN Linux 客户端管理技能

用于管理 VLAN.CN 虚拟组网 Linux 客户端的安装、配置和日常操作。

触发条件

当用户询问以下相关内容时触发:

  • VLAN.CN Linux 客户端安装
  • vlancli 命令使用
  • 组网连接/断开
  • 登录/账号管理
  • 服务控制(启动/停止/重启)
  • 网络诊断和调试

系统要求

支持的发行版

  • Ubuntu: 18.04 及以上
  • Debian: 10 及以上
  • CentOS: 7 及以上
  • Fedora: 30 及以上
  • Arch Linux

核心命令参考

安装命令

curl -kfsSL http://dl.vlan.cn/vlan2.0/linux/install.sh | sh

基础用法

vlancli [options] command

常用选项:

选项说明
-b, --batch非交互模式 (静默执行)
-c, --config=DIR指定配置文件目录
-d, --loglevel=num日志级别 (1:Info, 2:Debug, 3:Trace)
--help显示帮助信息

账号登录

方式一:登录码登录(推荐)

vlancli login login_code_dRGulkXga4ia1zf38kekc6hi

优势:无需每次输入密码,登录码有效期 30 分钟自动刷新

方式二:用户名密码登录

vlancli login <用户名> <密码> [服务器地址]
# 示例
vlancli login myuser mypassword

连接组网流程

# 1. 启动服务
vlancli start

# 2. 获取组列表
vlancli getvlanlist

# 3. 连接至指定组
vlancli connect <VlanID>

服务控制

动作命令说明
启动vlancli start启动后台服务
停止vlancli stop停止后台服务
重启vlancli restart重启后台服务
状态vlancli status查看后台服务运行状态

组网管理

功能命令说明
查看组列表vlancli getvlanlist显示已加入的虚拟网组
连接组vlancli connect <VlanID>连接指定组
断开连接vlancli disconnect <VlanID>断开与指定组的连接
查看节点vlancli getnodelist <VlanID>查看组内在线节点列表
加入组vlancli joinvlan <VlanID>加入新的虚拟网组
退出组vlancli quitvlan <VlanID>退出已加入的虚拟网组

调试与诊断

功能命令说明
本机信息vlancli info查看客户端运行状态及本机信息
调试日志vlancli debug <Level>设置日志级别 (1-3)
KCP 加速vlancli usekcp <NodeID> <1|0>开启 (1) 或关闭 (0) 指定节点的 KCP 加速
导出节点vlancli dump edges查看所有已知的边缘节点信息
导出路径vlancli dump paths查看网络路径及延迟信息

使用示例

示例 1: 首次安装和配置

用户:如何在 Linux 上安装 VLAN 客户端?

回复:

# 使用官方一键安装脚本
curl -kfsSL http://dl.vlan.cn/vlan2.0/linux/install.sh | sh

# 安装完成后,使用登录码登录(推荐)
vlancli login <你的登录码>

# 启动服务
vlancli start

# 查看可用组网
vlancli getvlanlist

# 连接到组网
vlancli connect <组网 ID>

示例 2: 日常连接

用户:帮我连接到 VLAN 组网

回复:

# 检查服务状态
vlancli status

# 如果未启动,先启动服务
vlancli start

# 查看可用组网
vlancli getvlanlist

# 连接到指定组网(替换 <ID> 为实际组网 ID)
vlancli connect <ID>

# 验证连接
vlancli info

示例 3: 故障排查

用户:VLAN 连接不上,怎么排查?

回复:

# 1. 检查服务状态
vlancli status

# 2. 查看本机信息和连接状态
vlancli info

# 3. 提高日志级别进行调试
vlancli debug 3

# 4. 查看网络路径和延迟
vlancli dump paths

# 5. 查看边缘节点信息
vlancli dump edges

# 6. 尝试重启服务
vlancli restart

注意事项

  1. 登录安全:推荐使用登录码方式,避免在命令行历史中留下密码
  2. 登录码有效期:登录码仅 30 分钟有效,超时需重新生成
  3. 权限要求:部分命令可能需要 sudo 权限
  4. 防火墙:确保系统防火墙允许 VLAN 客户端的网络流量
  5. 网络依赖:客户端需要能访问 api.vlan.cn 服务器

常见问题

Q: 登录后提示认证失败?

A: 检查登录码是否过期(30 分钟有效期),或用户名密码是否正确

Q: 连接组网后无法访问资源?

A:

  1. 检查 vlancli status 确认服务运行正常
  2. 使用 vlancli info 查看本机获取的 IP 地址
  3. 检查防火墙规则
  4. 尝试 vlancli dump paths 查看网络路径

Q: 如何完全卸载?

A: 运行安装脚本时添加卸载参数,或手动删除:

# 停止服务
vlancli stop

# 删除客户端文件(具体路径参考安装文档)
sudo rm -rf /usr/local/vlan

技能版本: 1.0
最后更新: 2026-03-18
适用客户端: VLAN.CN Linux Client v2.0

Comments

Loading comments...