clash-routes
Warn
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill accesses sensitive local configuration files to extract authentication secrets.
- Evidence: Reads
secretfrom$HOME/Library/Application Support/io.github.clash-verge-rev.clash-verge-rev/clash-verge.yamland$HOME/.config/clash/config.yaml. - [COMMAND_EXECUTION]: The script uses unsafe interpolation of user-supplied arguments into a Python execution string, which can lead to arbitrary code execution.
- Evidence: The shell variable
$FILTER(derived from$ARGUMENTS) is directly embedded into the Python script executed viapython3 -c. A malicious user or indirect prompt could provide a payload like'; import os; os.system(...) #to execute arbitrary commands. - [DATA_EXPOSURE]: The skill retrieves and processes proxy connection data which includes internal network routing information, target hostnames, and destination IPs.
Audit Metadata