VibeTunnel
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent VibeTunnel terminal-control skill, but it is powerful because it can start and drive terminal sessions on the configured server.
Install this only if you want the agent to manage VibeTunnel terminal sessions. Keep VT_URL pointed at a trusted local or controlled server, review terminal commands before they run, and clean up long-running sessions when finished.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can create and drive terminal sessions on the configured VibeTunnel host; mistaken or overly broad commands could affect files, processes, or local state.
The skill gives direct REST commands to start an interactive shell and send input that can execute inside that terminal. This is purpose-aligned, but it grants broad terminal-control capability.
curl -s -X POST ${VT_URL:-http://localhost:8080}/api/sessions ... -d '{"command": ["zsh", "-l", "-i"], ...}' ... /api/sessions/<id>/input ... '{"text": "ls -la\n"}'Use only with a trusted VibeTunnel server, review commands before execution, and require explicit confirmation for destructive, credential-revealing, or system-changing actions.
Installing the skill relies on the npm package supply chain for the VibeTunnel binary.
Installation depends on fetching the external npm package 'vibetunnel'; the reviewed artifact set does not include the package code or a pinned package version.
node | package: vibetunnel | creates binaries: vibetunnel
Install from a trusted registry/source, verify the package and homepage, and pin or review the package version where possible.
Long-running sessions may consume resources or continue work until the user stops or deletes them.
The examples show starting long-lived terminal or agent sessions. They are visible and purpose-aligned, not hidden, but they can continue running beyond a single interaction.
**Launch Claude Code session:** ... -d '{"command": ["claude"], "name": "claude-code", ...}' ... **Launch tmux session:** ... '{"command": ["tmux", "new", "-A", "-s", "work"], ...}'List sessions regularly, stop or delete unneeded sessions, and avoid launching long-running agents unless that is the user's explicit intent.