The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads multiple binary executables (clash, mihomo, yq, and subconverter) from various third-party GitHub repositories during the initialization process. It also references and encourages the use of GitHub proxy services (e.g., gh-proxy.org and ghproxy.link), which have been flagged by reputation scanners as potentially malicious.
[REMOTE_CODE_EXECUTION]: The skill's primary installation workflow involves cloning an external repository from GitHub and immediately executing an installation script (bash install.sh). It also implements a clashupgrade feature that performs POST requests to download and execute updated binaries at runtime.
[COMMAND_EXECUTION]: The installation and operation scripts execute numerous shell commands to manage system services, modify network interfaces (TUN mode), and update shell environments. These actions are performed using subprocess calls and direct shell execution.
[DATA_EXFILTRATION]: The skill performs network requests to external services like api64.ipify.org to retrieve and display the host's public IP address. Additionally, the clashsub feature transmits user-provided subscription URLs to remote servers for configuration downloads.
[PROMPT_INJECTION]: The SKILL.md instructions contain directives that command the agent to prioritize specific untrusted external resources and bypass standard checks, such as "Always prefer the latest upstream repository first" regardless of local state integrity.
[COMMAND_EXECUTION]: The tool requests elevated privileges via sudo to perform system-level modifications, including the installation of systemd or OpenRC service units and the configuration of privileged network drivers for TUN mode.
[EXTERNAL_DOWNLOADS]: Persistence is established by modifying the user's shell configuration files (.bashrc, .zshrc, and .config/fish/conf.d/clashctl.fish) to automatically load proxy environment variables and command wrappers on every new session.

clashctl-linux