ClawHub
Back to skill
v1.0.0

Clash Node Manager

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:42 AM.

Analysis

This appears to be a straightforward Clash proxy node manager, but users should notice that it can read local proxy details and change the active proxy node.

GuidanceThis skill is purpose-aligned for managing a local Clash instance. Before installing, be comfortable with an agent reading proxy node details and changing the active proxy selection; keep your Clash API local and protected.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
check_clash.py
response = requests.put(url, headers=headers, json=data, timeout=5)

The script can issue a PUT request to the Clash controller to switch the selected proxy node, which is central to the skill's purpose but changes local network routing behavior.

User impactUsing the switch command can change which proxy/VPN node your traffic uses, affecting location, privacy, and connectivity.
RecommendationOnly invoke node switching when you intend to change your proxy route, and verify the group and node name before switching.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceMediumStatusNote
check_clash.py
import requests

The script depends on the Python requests package, while the supplied requirements/install metadata does not declare required binaries or package installation steps. This is a setup/provenance note rather than evidence of malicious behavior.

User impactThe skill may rely on whatever Python and requests package are already installed locally.
RecommendationRun it from a trusted Python environment and verify dependencies before use.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
check_clash.py
DEFAULT_API_URL = "http://127.0.0.1:9090" ... headers["Authorization"] = f"Bearer {secret}"

The script talks to the local Clash control API and supports a bearer secret when configured. This is expected for Clash management, but it is still privileged local control access.

User impactIf the local Clash API is accessible, the skill can read proxy configuration details and switch nodes; if a secret is used, it should be treated like a credential.
RecommendationKeep the Clash controller bound to localhost, use a Clash API secret if appropriate, and do not pass that secret to untrusted endpoints.