clashctl-linux

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The installer explicitly clones and runs code from https://github.com/nelvko/clash-for-linux-install.git and at runtime downloads and unpacks binaries from GitHub release URLs (e.g. https://github.com/nelvko/clash-for-linux-install/releases/download/..., https://github.com/MetaCubeX/mihomo/releases/download/..., https://github.com/mikefarah/yq/releases/download/..., https://github.com/tindy2013/subconverter/releases/download/...), which are fetched during execution and installed/run as code, so remote content directly controls execution and is a required dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs running install/uninstall scripts, changing Tun mode which "requires elevated privileges", touching system locations (e.g. /var/log), and managing service/cron/shell hooks — all actions that modify system state and may require sudo or alter system services.