Ztm Tunnel
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill matches its tunneling purpose, but its setup can install and run an unpinned downloaded network binary with sudo, and the tunnel examples can expose local services broadly.
Review the installer before running it. Install ZTM from a trusted, verified release if possible; avoid broad 0.0.0.0 listeners unless you truly want all interfaces exposed; confirm mesh endpoint IDs and targets before opening tunnels; protect permit files and ~/.ztm.conf; and stop or remove the ZTM agent/tunnels when no longer needed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the release source, account, or network download were compromised, the user could install and run a privileged network tool system-wide.
The installer dynamically downloads the latest release archive, extracts it, and may install the resulting binary into a system path with sudo, without a pinned version, checksum, or signature verification.
LATEST_VERSION=$(curl -s https://api.github.com/repos/flomesh-io/ztm/releases/latest | grep -o '"tag_name":.*' | cut -d'"' -f4) ... curl -L -o "$FILENAME" "$DOWNLOAD_URL" tar -xzf "$FILENAME" sudo mv bin/ztm /usr/local/bin/ztm
Prefer a manually verified ZTM install, pin a known version, and check release signatures or checksums before running the installer.
A tunnel created with broad listen addresses or sensitive targets can unintentionally expose services to other reachable clients or mesh endpoints.
The documented tunnel commands can bind to all network interfaces and forward sensitive services such as SSH across the mesh.
ztm tunnel open inbound home-server --listen 0.0.0.0:22 --exits <office-endpoint-id> ... ztm tunnel open outbound home-server --targets 192.168.1.10:22
Use the narrowest listen address and port possible, verify the endpoint IDs and targets, and close tunnels when they are no longer needed.
A local network agent may keep running after setup and continue to provide tunnel-management capability on the machine.
The installer starts the ZTM agent as part of setup, which creates a local service the skill later uses.
echo -e "${YELLOW}🚀 Step 3: Starting ZTM Agent...${NC}"
...
ztm start agentOnly start the agent when needed, understand how to stop it, and ensure localhost access to the ZTM API is appropriately protected on your system.
Anyone with access to a valid permit may be able to join or affect the intended mesh depending on ZTM policy.
Joining a mesh uses a permit file, which is authorization material for ZTM mesh membership.
ztm join <mesh-name> --as <your-endpoint-name> --permit <permit-file.json>
Protect permit files, use only trusted mesh permits, and remove or rotate permits according to ZTM guidance.