$ install --global
skillsauthnpx skillsauth add jalduriee/linux-tun linux-tunInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 8:39 PM1.7s1 file scanned
SKILL.md
- name:
- linux-tun
- description:
- 在 Linux 服务器上配置 Mihomo TUN 模式科学上网
- emoji:
- 🐳
- { "ssh":
- 需要能 SSH 到目标 Linux 服务器" },
Linux TUN 模式科学上网
基于 Mihomo (Clash Meta) 在 Linux 服务器上配置 TUN 模式透明代理。
快速开始
1. 安装 Mihomo 内核
SSH 到服务器后执行:
sudo mkdir -p /etc/mihomo
cd /etc/mihomo
sudo wget https://github.com/MetaCubeX/mihomo/releases/download/v1.18.3/mihomo-linux-amd64-v1.18.3.gz
sudo gzip -d mihomo-linux-amd64-v1.18.3.gz
sudo mv mihomo-linux-amd64-v1.18.3 /usr/local/bin/mihomo
sudo chmod +x /usr/local/bin/mihomo
2. 下载订阅配置
curl -o config.yaml "https://api.wcc.best/sub?target=clash&url={你的机场订阅地址URL编码}&insert=false&emoji=true"
3. 配置 TUN 模式
开启 IP 转发:
sudo vim /etc/sysctl.conf
# 添加: net.ipv4.ip_forward=1
sudo sysctl -p
修改 config.yaml,添加:
external-controller: :9090
secret: '你的密码'
tun:
enable: true
stack: system
dns-hijack:
- any:53
- tcp://any:53
auto-route: true
auto-redirect: true
auto-detect-interface: true
dns:
enable: true
listen: 0.0.0.0:1053
ipv6: false
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
nameserver:
- 114.114.114.114
- 223.5.5.5
fallback:
- 8.8.8.8
- 1.1.1.1
4. 配置 systemd 守护进程
sudo vim /etc/systemd/system/mihomo.service
写入:
[Unit]
Description=mihomo Daemon, Another Clash Kernel.
After=network.target NetworkManager.service systemd-networkd.service iwd.service
[Service]
Type=simple
LimitNPROC=500
LimitNOFILE=1000000
Restart=always
ExecStartPre=/usr/bin/sleep 1s
ExecStart=/usr/local/bin/mihomo -d /etc/mihomo
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
启动服务:
sudo systemctl daemon-reload
sudo systemctl start mihomo
sudo systemctl enable mihomo
sudo systemctl status mihomo
5. 验证
ip a # 查看虚拟网卡
ping www.google.com # 测试连通性
6. 安装 Web 面板 (可选)
cd /etc/mihomo
sudo wget -O metacubexd.zip https://github.com/MetaCubeX/metacubexd/archive/refs/heads/gh-pages.zip
sudo unzip metacubexd.zip
sudo mv metacubexd-gh-pages ui
sudo rm metacubexd.zip
修改 config.yaml 添加:
external-ui: ui
重启服务:
sudo systemctl restart mihomo
访问面板:http://服务器IP:9090/ui/
更新机场订阅
当机场订阅地址变更或需要更新节点时,必须严格按照以下流程操作。
[!IMPORTANT] 警告:直接执行
curl下载新配置会彻底覆盖现有的config.yaml。 你必须先备份旧配置,并在下载后手动恢复 TUN、DNS 和 Web UI 相关配置,否则服务将无法正常工作。
第一步:准备工作 (备份与停服)
- 进入目录并备份当前可用的配置:
cd /etc/mihomo sudo cp config.yaml config.yaml.bak - 如果当前订阅已过期导致无法联网,请必须先停止服务以恢复直接联网:
sudo systemctl stop mihomo
第二步:下载新配置
使用新的订阅地址下载(替换 {新的订阅地址URL编码}):
sudo curl -o config.yaml "https://api.wcc.best/sub?target=clash&url={新的订阅地址URL编码}&insert=false&emoji=true"
第三步:恢复关键配置 (强制执行)
下载的文件仅包含节点信息,你必须将以下内容重新添加回 config.yaml 的顶部:
# 1. 基础与 Web UI 配置
external-controller: :9090
external-ui: ui
secret: '你的密码'
# 2. TUN 模式配置
tun:
enable: true
stack: system
dns-hijack:
- any:53
auto-route: true
auto-detect-interface: true
# 3. DNS 配置
dns:
enable: true
enhanced-mode: fake-ip
listen: 0.0.0.0:1053
nameserver:
- 114.114.114.114
- 223.5.5.5
fallback:
- 8.8.8.8
- 1.1.1.1
第四步:重启并验证
sudo systemctl restart mihomo
sudo systemctl status mihomo
3. 重启服务使配置生效
sudo systemctl restart mihomo
sudo systemctl status mihomo
常用命令
- 启动:
sudo systemctl start mihomo - 停止:
sudo systemctl stop mihomo - 重启:
sudo systemctl restart mihomo - 状态:
sudo systemctl status mihomo - 查看日志:
sudo journalctl -u mihomo -f - 更新订阅: 参考上方的 更新机场订阅 部分
Related Skills
openclaw/taskflow
tools
VerifiedTrustedCommunity
Use when work should span one or more detached tasks but still behave like one job with a single owner context. TaskFlow is the durable flow substrate under authoring layers like Lobster, ACPX, plugins, or plain code. Keep conditional logic in the caller; use TaskFlow for flow identity, child-task linkage, waiting state, revision-checked mutations, and user-facing emergence.
357,764SKILL.mdUpdated Apr 10, 2026
openclaw/extensions/lobster
tools
VerifiedTrustedCommunity
# Lobster Lobster executes multi-step workflows with approval checkpoints. Use it when: - User wants a repeatable automation (triage, monitor, sync) - Actions need human approval before executing (send, post, delete) - Multiple tool calls should run as one deterministic operation ## When to use Lobster | User intent | Use Lobster? | | ------------------------------------------------------ | --------------------------
357,764SKILL.mdUpdated Apr 10, 2026
steipete/extensions/lobster
tools
VerifiedTrustedCommunity
# Lobster Lobster executes multi-step workflows with approval checkpoints. Use it when: - User wants a repeatable automation (triage, monitor, sync) - Actions need human approval before executing (send, post, delete) - Multiple tool calls should run as one deterministic operation ## When to use Lobster | User intent | Use Lobster? | | ------------------------------------------------------ | --------------------------
357,588SKILL.mdUpdated Apr 13, 2026
steipete/xurl
tools
VerifiedTrustedCommunity
A CLI tool for making authenticated requests to the X (Twitter) API. Use this skill when you need to post tweets, reply, quote, search, read posts, manage followers, send DMs, upload media, or interact with any X API v2 endpoint.
356,423SKILL.mdUpdated Apr 13, 2026