Ztm Tunnel
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: ztm-tunnel Version: 1.0.0 The skill bundle is designed to install and manage ZTM (Zero Trust Mesh) tunnels. The `install.sh` script downloads the `ztm` binary from its official GitHub releases page (`github.com/flomesh-io/ztm`), installs it to `/usr/local/bin` (using `sudo` if necessary), starts the ZTM agent, and installs the ZTM tunnel app. The `SKILL.md` and `README.md` provide instructions for using the `ztm` CLI and its local API, all consistent with the stated purpose of creating and managing network tunnels. There is no evidence of data exfiltration, unauthorized persistence, or prompt injection attempts designed to trick an AI agent into malicious actions beyond the scope of ZTM tunnel management. All network calls and file system operations are directly related to the installation and operation of the ZTM tool.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the release source, account, or network download were compromised, the user could install and run a privileged network tool system-wide.
The installer dynamically downloads the latest release archive, extracts it, and may install the resulting binary into a system path with sudo, without a pinned version, checksum, or signature verification.
LATEST_VERSION=$(curl -s https://api.github.com/repos/flomesh-io/ztm/releases/latest | grep -o '"tag_name":.*' | cut -d'"' -f4) ... curl -L -o "$FILENAME" "$DOWNLOAD_URL" tar -xzf "$FILENAME" sudo mv bin/ztm /usr/local/bin/ztm
Prefer a manually verified ZTM install, pin a known version, and check release signatures or checksums before running the installer.
A tunnel created with broad listen addresses or sensitive targets can unintentionally expose services to other reachable clients or mesh endpoints.
The documented tunnel commands can bind to all network interfaces and forward sensitive services such as SSH across the mesh.
ztm tunnel open inbound home-server --listen 0.0.0.0:22 --exits <office-endpoint-id> ... ztm tunnel open outbound home-server --targets 192.168.1.10:22
Use the narrowest listen address and port possible, verify the endpoint IDs and targets, and close tunnels when they are no longer needed.
A local network agent may keep running after setup and continue to provide tunnel-management capability on the machine.
The installer starts the ZTM agent as part of setup, which creates a local service the skill later uses.
echo -e "${YELLOW}🚀 Step 3: Starting ZTM Agent...${NC}"
...
ztm start agentOnly start the agent when needed, understand how to stop it, and ensure localhost access to the ZTM API is appropriately protected on your system.
Anyone with access to a valid permit may be able to join or affect the intended mesh depending on ZTM policy.
Joining a mesh uses a permit file, which is authorization material for ZTM mesh membership.
ztm join <mesh-name> --as <your-endpoint-name> --permit <permit-file.json>
Protect permit files, use only trusted mesh permits, and remove or rotate permits according to ZTM guidance.