Clash Node Manager
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward Clash proxy node manager, but users should notice that it can read local proxy details and change the active proxy node.
This skill is purpose-aligned for managing a local Clash instance. Before installing, be comfortable with an agent reading proxy node details and changing the active proxy selection; keep your Clash API local and protected.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the switch command can change which proxy/VPN node your traffic uses, affecting location, privacy, and connectivity.
The script can issue a PUT request to the Clash controller to switch the selected proxy node, which is central to the skill's purpose but changes local network routing behavior.
response = requests.put(url, headers=headers, json=data, timeout=5)
Only invoke node switching when you intend to change your proxy route, and verify the group and node name before switching.
If the local Clash API is accessible, the skill can read proxy configuration details and switch nodes; if a secret is used, it should be treated like a credential.
The script talks to the local Clash control API and supports a bearer secret when configured. This is expected for Clash management, but it is still privileged local control access.
DEFAULT_API_URL = "http://127.0.0.1:9090" ... headers["Authorization"] = f"Bearer {secret}"Keep the Clash controller bound to localhost, use a Clash API secret if appropriate, and do not pass that secret to untrusted endpoints.
The skill may rely on whatever Python and requests package are already installed locally.
The script depends on the Python requests package, while the supplied requirements/install metadata does not declare required binaries or package installation steps. This is a setup/provenance note rather than evidence of malicious behavior.
import requests
Run it from a trusted Python environment and verify dependencies before use.