clash-doctor

Warn

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is vulnerable to shell command injection. User-supplied arguments or domain names are stored in the $TARGET variable and directly interpolated into multiple shell commands within the diagnostic mode, such as nslookup $TARGET, curl ... https://$TARGET, and ping -c 3 -W 3 $TARGET. An attacker could provide a string like example.com; id to execute unauthorized commands on the host system.
  • [CREDENTIALS_UNSAFE]: The skill interactively requests and processes sensitive credentials, including proxy usernames and passwords. It writes these secrets to local configuration files in the Clash Verge profiles directory, and reads existing configuration files that likely contain cleartext credentials or subscription tokens.
  • [DATA_EXFILTRATION]: The skill accesses sensitive application data stored in ~/Library/Application Support/io.github.clash-verge-rev.clash-verge-rev. This directory contains profiles.yaml and individual profile files which include proxy node information, subscription URLs, and traffic usage data.
  • [EXTERNAL_DOWNLOADS]: The skill uses curl and ping to perform network connectivity tests to external domains provided by the user. While intended for diagnosis, this mechanism could be abused to perform network probes or interact with internal network resources (SSRF).
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 19, 2026, 03:58 PM
Security Audit — agent-trust-hub — clash-doctor