clash-routes

Warn

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill accesses sensitive local configuration files to extract authentication secrets.
  • Evidence: Reads secret from $HOME/Library/Application Support/io.github.clash-verge-rev.clash-verge-rev/clash-verge.yaml and $HOME/.config/clash/config.yaml.
  • [COMMAND_EXECUTION]: The script uses unsafe interpolation of user-supplied arguments into a Python execution string, which can lead to arbitrary code execution.
  • Evidence: The shell variable $FILTER (derived from $ARGUMENTS) is directly embedded into the Python script executed via python3 -c. A malicious user or indirect prompt could provide a payload like '; import os; os.system(...) # to execute arbitrary commands.
  • [DATA_EXPOSURE]: The skill retrieves and processes proxy connection data which includes internal network routing information, target hostnames, and destination IPs.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 19, 2026, 03:58 PM
Security Audit — agent-trust-hub — clash-routes