← 返回 Skills 市场

Clash Node Manager

Name: Clash Node Manager
Author: yonghaozhao722

作者 Yonghao Zhao · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

815

总下载

当前安装

版本数

在 OpenClaw 中安装

/install clash-node-manager

功能描述

Manages Clash proxy nodes by listing current node status, available nodes in groups, and switching to specified nodes by name or index.

使用说明 (SKILL.md)

Clash Node Manager

Overview

This skill enables you to manage your Clash proxy nodes using check_clash.py. You can list available nodes, check the connection status of the current node, and switch to a different node.

Usage

Checking Node Status (Default)

To check the status of Clash nodes, ask:

"Check Clash node status"

This will execute python check_clash.py.

Listing Available Nodes

To list available nodes in the GLOBAL group, ask:

"List available Clash nodes"

This will execute python check_clash.py --list

To list available nodes in a specific group, ask:

"List available nodes in group \x3Cgroup_name>"

Replace \x3Cgroup_name> with the name of the group. This will execute python check_clash.py --group \x3Cgroup_name> --list

Switching to a Node

To switch to a specific node, ask:

"Switch to node \x3Cnode_name>"

Replace \x3Cnode_name> with the name of the node you want to switch to. This will execute python check_clash.py --switch \x3Cnode_name>.

Switching to a Node by Index

To switch to a node by its index in the list, ask:

"Switch to node at index \x3Cindex>"

Replace \x3Cindex> with the index of the node in the list. This will execute python check_clash.py --switch-by-index \x3Cindex>.

Resources

check_clash.py: Python script for checking and switching Clash proxy nodes.

安全使用建议

This skill appears to do what it says: it calls the local Clash HTTP API to list and switch proxy nodes. Before installing, confirm you run Clash with its API enabled at the default address (127.0.0.1:9090) or know how to pass a custom API URL/secret to the script. Note that the script uses the requests Python package (the manifest only lists python3), so the runtime environment needs that dependency. Because the skill can change your proxy selection, only install it if you trust the included code and the listed author/repository. If you need stronger assurances, review the full check_clash.py source (already included) or run it locally in a controlled environment first.

功能分析

Type: OpenClaw Skill Name: clash-node-manager Version: 1.0.0 The skill is classified as suspicious due to two primary vulnerabilities. Firstly, the `SKILL.md` instructions directly embed user-provided input (e.g., `<node_name>`, `<group_name>`) into shell commands, creating a prompt injection risk that could lead to arbitrary command execution if the AI agent does not properly sanitize or quote the input. Secondly, the `check_clash.py` script allows specifying an arbitrary `--api-url`, which introduces a Server-Side Request Forgery (SSRF) vulnerability. An attacker could exploit this to make the agent send requests to internal network resources or other local services, potentially leading to information disclosure. There is no clear evidence of intentional malicious behavior like data exfiltration to external servers or persistence mechanisms.

能力评估

✓ Purpose & Capability

Name/description match the included code and SKILL.md: the Python script queries and manipulates Clash via the local API (default http://127.0.0.1:9090). The manifest lists python3 as a tool and a plausible upstream repo. No unrelated credentials, cloud services, or binaries are requested.

✓ Instruction Scope

SKILL.md instructs the agent to run check_clash.py with a small set of flags (list, switch, switch-by-index). The script only performs HTTP requests to the local Clash API endpoints (/version, /proxies, /connections, and PUT to /proxies/<group>) and prints results. It does not read arbitrary files or transmit data to external endpoints.

✓ Install Mechanism

There is no remote download/install step; the skill is instruction-only and includes the script in the package. The manifest's install destination is a local path and does not pull code from external, untrusted URLs. This is low-risk from an install perspective.

ℹ Credentials

The skill declares no required environment variables or credentials, which is appropriate. The script supports an optional 'secret' (Clash API bearer token) and a custom API URL, but SKILL.md does not document how to supply them; this is a minor documentation mismatch (functional, not obviously malicious).

✓ Persistence & Privilege

always is false and the skill is user-invocable. It does not request persistent elevated privileges or claim to modify other skills or system-wide configuration beyond interacting with the local Clash API (which is its stated purpose).

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install clash-node-manager
安装完成后，直接呼叫该 Skill 的名称或使用 /clash-node-manager 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of clash-node-manager. - Manage Clash proxy nodes: list nodes, view status, and switch between nodes. - Supports listing available nodes globally or within specific groups. - Enables switching to a node by name or by index. - Provides command examples for each function. - Uses check_clash.py as the underlying script.

元数据

Slug clash-node-manager

版本 1.0.0

许可证 —

累计安装 1

当前安装数 1

历史版本数 1

常见问题