Jits Builder
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its mini-app builder purpose, but it needs review because it can run an unverified Cloudflare binary from /tmp and its helper script does not safely constrain app names, ports, or file operations.
Review this skill before installing. It is designed to publish generated mini-apps through public Cloudflare tunnel URLs, so do not use it for sensitive content. Prefer a version that verifies the cloudflared binary, stores it outside /tmp, validates app names and ports, and safely cleans up only its own generated files.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A downloaded or replaced cloudflared binary could run with the user's local privileges when the skill creates a tunnel.
The skill says it will auto-download an executable into /tmp, and the included helper later relies on /tmp/cloudflared, but the artifacts do not specify a trusted download source, version pin, signature, or checksum.
Cloudflared binary (auto-downloads to `/tmp/cloudflared` if missing)
Require a user-installed or packaged cloudflared binary, declare it in metadata, pin the version, verify checksums/signatures, and avoid executing binaries from /tmp.
A crafted app name or port could crash the server startup or execute unintended local JavaScript under the user's account.
The script builds a Node.js program using shell-expanded app name and port values. If those values are malformed or attacker-influenced, they can alter the JavaScript passed to node -e.
node -e "... const html = fs.readFileSync('$html_file', 'utf-8'); ... }).listen($port, ..."Use a static server script instead of interpolating values into node -e, pass file paths and ports as argv/env values, validate ports as numeric, and restrict app names to a safe slug format.
A crafted name containing path traversal could potentially reference PID files or delete matching files outside the intended JITS app directory.
The stop path uses a user-provided name in PID-file, kill, and globbed deletion operations without path normalization or a safe-name check.
name="$2" ... kill "$pid" 2>/dev/null ... rm -f "$JITS_DIR/$name".*
Constrain app names to a strict allowlist such as lowercase letters, numbers, and hyphens; reject slashes and dot-dot paths; resolve real paths before deleting; and avoid glob-based cleanup.
Generated apps and their public tunnel URLs may keep running after the initial request until the user stops them.
The helper intentionally starts background server and tunnel processes and records their PIDs so they can be listed or stopped.
node -e "..." & ... echo $! > "$JITS_DIR/$name.pid" ... /tmp/cloudflared tunnel --url "http://localhost:$port" ... &
Use the list and stop commands after each session, and consider adding automatic timeouts or clearer prompts before creating a public tunnel.