Skills
skills/majiayu000/claude-arsenal/clash-routes/Gen Agent Trust Hub

clash-routes

Fail

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill is vulnerable to arbitrary code execution because it directly interpolates user input from $ARGUMENTS into a Python script string executed via python3 -c without any sanitization or escaping.
  • Evidence: In SKILL.md, the line filt = '$FILTER'.strip().lower() allows an attacker to 'break out' of the Python string literal and execute arbitrary commands by providing an input such as '; import os; os.system("id"); #.
  • [REMOTE_CODE_EXECUTION]: The injection vulnerability in the Python processing logic provides a direct vector for remote code execution on the host machine if the agent passes malicious strings from untrusted sources into the arguments.
  • [CREDENTIALS_UNSAFE]: The script reads the Clash Verge API secret from local configuration files and prints it directly to the terminal, exposing a sensitive credential to the agent's context and system logs.
  • Evidence: In SKILL.md, the line echo "Secret: ${SECRET:-(未找到)}" explicitly prints the extracted authentication secret.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 19, 2026, 07:18 AM