Clash Node Manager

Security checks across malware telemetry and agentic risk

Overview

This skill transparently manages a local Clash proxy controller, including switching proxy nodes, with no evidence of hidden persistence, exfiltration, or unrelated behavior.

Install this only if you want an agent to read your local Clash proxy details and switch the active proxy node on request. Keep the Clash control API bound to localhost, protect any API secret, verify node/group names before switching, and quote unusual names when invoking the script from a shell.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Low

Confidence: 93% confidence
Finding: The skill allows switching proxy nodes but does not warn users that this changes active network routing and may affect privacy, connectivity, or policy compliance. In this context, the omission matters because users may trigger a node switch without understanding that subsequent traffic could be redirected through a different proxy endpoint.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script can change system or user network routing immediately when invoked with switch parameters, without an explicit confirmation prompt or warning at execution time. In an agent skill context, this increases the risk of unintended or socially engineered proxy changes that could redirect traffic, disrupt connectivity, or route traffic through less trusted nodes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal