Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
tunelo
v0.2.0Expose local services and files to the internet through a public HTTPS URL. Designed for AI agents — when you need to let a user preview files remotely, shar...
⭐ 0· 76·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name, description, and commands all line up: this skill's goal is to expose local services/files via a public HTTPS URL and the SKILL.md explains commands to do so. Required capabilities (network relay, ability to serve files) are consistent with the stated purpose.
Instruction Scope
The SKILL.md explicitly instructs the agent to run an installer via `curl -fsSL https://tunelo.net/install.sh | sh` and then to expose arbitrary local paths (e.g., `tunelo serve /path/to/files`). Running an opaque remote install script and exposing arbitrary local directories are both high-risk actions: the install script can execute arbitrary code on the host, and the tunneling commands can publish sensitive files if used incorrectly. The instructions do not provide a checksum, source repository, or details to verify the installer.
Install Mechanism
There is no install spec other than a curl|sh from tunelo.net — a single-file download-and-execute from an unverified domain. Per the scanning rules, this is a high-risk install pattern (arbitrary code and binaries will be written to disk). The domain is not a known, verifiable release host (e.g., GitHub releases, official distro repos) and no integrity verification is provided.
Credentials
The skill does not request environment variables, credentials, or config paths. That is proportional: exposing local services does not inherently require additional external credentials. However, the default behavior routes traffic through a third-party relay (tunelo.net), which implicitly gives that operator visibility into the endpoints you expose — a privacy/operational concern even though not expressed as credentials.
Persistence & Privilege
The install writes a persistent binary (claimed at /usr/local/bin/tunelo). Installing a binary is a persistent change and may require elevated permissions; this is not inherently malicious but is a meaningful system modification. The skill is not set to always:true and does not request platform-wide privileges otherwise.
What to consider before installing
Before installing or running this skill, consider the following: (1) do not run `curl | sh` from an unknown domain — request source code, a release page, and a cryptographic checksum (or install from a trusted package repository); (2) understand that exposing a directory or service publishes whatever is served — double-check paths to avoid leaking secrets, private keys, config files, or other sensitive data; (3) prefer using the `--local` option or a self-hosted relay (`--relay`) if you need testing without using a third-party relay; (4) if you must try it, run the installer and tunelo binary inside a disposable VM or container, or audit the install script first; (5) be cautious about allowing the agent to autonomously execute these install/run commands — require explicit user confirmation each time. If the publisher can supply a verifiable GitHub release, binary checksums, or an auditable install package, that would raise confidence and could change this assessment.Like a lobster shell, security has layers — review code before you run it.
latestvk977knt0drxnbscg9h8hm8xvwh839t7w
License
MIT-0
Free to use, modify, and redistribute. No attribution required.