← 返回 Skills 市场
472
总下载
0
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install clash-vpn
功能描述
Manage Clash VPN proxy service for accessing blocked websites like Google Play. Use when the user needs to (1) setup/configure VPN proxy, (2) update Clash pr...
使用说明 (SKILL.md)
Clash VPN 管理
此 Skill 用于管理 Clash VPN 代理服务,实现访问 Google Play 等被屏蔽的网站。
前置条件
- Clash 已安装:
/usr/local/bin/clash - 配置文件路径:
/root/.config/clash/config.yaml - 脚本路径:
scripts/clash-vpn.sh
快速开始
1. 更新配置文件
用户提供新的 Clash 配置时:
# 使用脚本更新配置
cat \x3C\x3C 'EOF' | scripts/clash-vpn.sh update
port: 7890
socks-port: 7891
# ... 完整配置内容 ...
EOF
或直接写入文件:
cat > /root/.config/clash/config.yaml \x3C\x3C 'EOF'
# 配置内容
EOF
2. 启动 VPN
scripts/clash-vpn.sh start
3. 测试连接
scripts/clash-vpn.sh test
4. 查看状态
scripts/clash-vpn.sh status
代理地址
启动后使用以下代理地址:
| 类型 | 地址 |
|---|---|
| HTTP | http://127.0.0.1:7890 |
| SOCKS5 | socks5://127.0.0.1:7891 |
| Mixed | http://127.0.0.1:7893 |
使用代理访问网站
# HTTP 代理
curl --proxy http://127.0.0.1:7890 https://play.google.com
# SOCKS5 代理
curl --proxy socks5://127.0.0.1:7891 https://play.google.com
配置管理
配置模板
参考 references/config-guide.md 获取配置模板和字段说明。
配置更新流程
- 接收用户的新配置内容
- 使用脚本更新配置(自动备份旧配置)
- 验证配置格式
- 重启服务(如果正在运行)
配置备份
每次更新会自动创建备份:
/root/.config/clash/config.yaml.bak.YYYYMMDDHHMMSS
故障排查
查看日志
tail -f /var/log/clash.log
验证配置
clash -t -f /root/.config/clash/config.yaml
常见问题
- DNS 端口被占用: 不影响使用,可忽略
- MMDB 下载失败: 禁用 GEOIP 规则或手动下载
- 连接失败: 检查节点配置和网络连接
脚本命令参考
scripts/clash-vpn.sh start # 启动
scripts/clash-vpn.sh stop # 停止
scripts/clash-vpn.sh restart # 重启
scripts/clash-vpn.sh status # 状态
scripts/clash-vpn.sh test # 测试连接
scripts/clash-vpn.sh update # 更新配置(从 stdin)
scripts/clash-vpn.sh help # 帮助
安全使用建议
This skill appears to do what it says (manage a local Clash VPN), but review these before installing: (1) The SKILL.md and script expect a Clash binary at /usr/local/bin/clash and operate on /root/.config/clash/config.yaml and /var/log/clash.log — the skill metadata did not declare those requirements. If you don't want a skill that can overwrite root-owned configs or control processes, do not install it. (2) Inspect scripts/clash-vpn.sh yourself to confirm there are no surprises (it is readable and straightforward here). (3) Be aware the script will store proxy credentials in the config file you provide; ensure those credentials are intended to be stored locally. (4) The test command uses curl to access external sites (google.com) — testing will generate outbound network traffic. (5) If possible, run and test this in a controlled environment (non-production or non-root account) first, or ensure the machine already has a trusted clash binary. If you want, provide the exact environment where you plan to run it and I can point out any additional risks or suggest safer alternatives.
功能分析
Type: OpenClaw Skill
Name: clash-vpn
Version: 1.0.0
The skill is designed to manage Clash VPN, operating with implied root privileges (config in `/root`, binary in `/usr/local/bin`). The `scripts/clash-vpn.sh` script directly writes user-provided configuration content (read from stdin) to `/root/.config/clash/config.yaml`. This creates a significant Remote Code Execution (RCE) vulnerability risk, as Clash configurations can include features like `script` rules or `external-controller` settings that could be exploited by a malicious user providing a crafted configuration through the agent. While the skill's intent is functional, the direct writing of unsanitized user input to a sensitive, executable configuration file with root privileges makes it highly suspicious.
能力评估
Purpose & Capability
The skill's name/description (manage Clash VPN) aligns with the provided script and docs. However, the SKILL.md and scripts assume a Clash binary at /usr/local/bin/clash and a config at /root/.config/clash/config.yaml while the registry metadata lists no required binaries or config paths — the metadata underreports real requirements.
Instruction Scope
Runtime instructions and the script operate within the expected domain (update config, start/stop clash, test connectivity). They read/write /root/.config/clash/config.yaml, create backups there, write logs to /var/log/clash.log, and call out to the network (curl to test Google). The instructions do not attempt to read unrelated system files or exfiltrate data, but they do perform privileged filesystem writes and process control which should be explicit to the user.
Install Mechanism
There is no install spec; this is instruction-only plus a bundled script. No remote downloads or package installs are performed by the skill itself.
Credentials
The skill requests no environment variables or external credentials. The sample config contains proxy credentials (password fields) as expected for VPN/proxy configs; these are normal for this purpose and are stored locally in the config file the script manages.
Persistence & Privilege
The skill is not force-enabled (always:false) and doesn't modify other skills. However, it writes persistent files under /root/.config/clash and /var/log/clash.log and starts/stops system processes. That implies the agent or user must permit these privileged actions (likely root) — this privilege level is reasonable for a system VPN manager but should be made explicit.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install clash-vpn - 安装完成后,直接呼叫该 Skill 的名称或使用
/clash-vpn触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Clash VPN management skill
元数据
常见问题
Clash VPN 是什么?
Manage Clash VPN proxy service for accessing blocked websites like Google Play. Use when the user needs to (1) setup/configure VPN proxy, (2) update Clash pr... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 472 次。
如何安装 Clash VPN?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install clash-vpn」即可一键安装,无需额外配置。
Clash VPN 是免费的吗?
是的,Clash VPN 完全免费(开源免费),可自由下载、安装和使用。
Clash VPN 支持哪些平台?
Clash VPN 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Clash VPN?
由 lxnan(@lxnan)开发并维护,当前版本 v1.0.0。
推荐 Skills