github-dns-helper
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
After this setup, other programs running as the same user could silently change where important domains resolve, which could break networking or enable phishing-style redirects.
The skill instructs users to change ownership of the protected hosts file so future edits can happen without administrator approval. That permanently expands write access to a system-wide DNS configuration file.
sudo chown $(whoami):staff /etc/hosts sudo chmod 644 /etc/hosts ... sudo chown $(whoami):$(whoami) /etc/hosts sudo chmod 644 /etc/hosts ... 执行后,脚本将不再需要 sudo 权限,可以免密码运行
Do not change ownership of /etc/hosts. Prefer a one-time sudo run, an administrator prompt for each write, or restore root/admin ownership immediately after the repair.
If a malicious or malformed custom hosts URL is used, it could execute commands on the user's machine under the user's account.
A custom URL argument is interpolated into a shell command and executed with shell=True. A URL containing shell metacharacters could cause unintended local commands to run.
parser.add_argument('-u', '--urls', nargs='+', help='自定义 hosts URL 地址列表')
...
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
...
run_command(f"curl -s --max-time 10 {url}")Avoid using custom URLs unless fully trusted. The script should call subprocess with an argument list, avoid shell=True, and validate URLs before use.
If a remote hosts source or proxy is compromised, the system hosts file could be updated with incorrect mappings that affect browsing and developer tools system-wide.
The script downloads hosts entries from several third-party URLs and accepts non-comment lines without visible domain allowlisting or integrity checks before using them for hosts-file repair.
DEFAULT_HOSTS_URLS = [
"https://raw.hellogithub.com/hosts",
"https://fastly.jsdelivr.net/gh/AutismSuperman/github-dns/hosts",
"https://ghp.ci/https://raw.hellogithub.com/hosts",
"https://mirror.ghproxy.com/https://raw.hellogithub.com/hosts",
"https://ghproxy.com/https://raw.hellogithub.com/hosts"
]
...
if len(parts) >= 2:
lines.append(line)Use a trusted, pinned source where possible, validate that entries only target expected GitHub-related domains, show the proposed changes to the user, and keep an easy rollback path.