Jits Builder
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: jits-builder Version: 1.0.0 This skill is classified as suspicious due to its inherent high-risk capabilities, specifically the use of `cloudflared` in `jits.sh` to create public tunnels to `localhost` and the execution of agent-generated HTML/JS code via `node -e`. While these actions are central to the skill's stated purpose of deploying 'Just-In-Time Software,' they create a significant attack surface. A malicious prompt or compromised agent could lead to public exposure of sensitive local resources or execution of arbitrary code, even though the skill itself does not contain explicit instructions for data exfiltration or persistence. The `SKILL.md` also notes that `cloudflared` is 'auto-downloads' by the agent, which introduces a supply chain risk if the download source is not securely managed by the agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A downloaded or replaced cloudflared binary could run with the user's local privileges when the skill creates a tunnel.
The skill says it will auto-download an executable into /tmp, and the included helper later relies on /tmp/cloudflared, but the artifacts do not specify a trusted download source, version pin, signature, or checksum.
Cloudflared binary (auto-downloads to `/tmp/cloudflared` if missing)
Require a user-installed or packaged cloudflared binary, declare it in metadata, pin the version, verify checksums/signatures, and avoid executing binaries from /tmp.
A crafted app name or port could crash the server startup or execute unintended local JavaScript under the user's account.
The script builds a Node.js program using shell-expanded app name and port values. If those values are malformed or attacker-influenced, they can alter the JavaScript passed to node -e.
node -e "... const html = fs.readFileSync('$html_file', 'utf-8'); ... }).listen($port, ..."Use a static server script instead of interpolating values into node -e, pass file paths and ports as argv/env values, validate ports as numeric, and restrict app names to a safe slug format.
A crafted name containing path traversal could potentially reference PID files or delete matching files outside the intended JITS app directory.
The stop path uses a user-provided name in PID-file, kill, and globbed deletion operations without path normalization or a safe-name check.
name="$2" ... kill "$pid" 2>/dev/null ... rm -f "$JITS_DIR/$name".*
Constrain app names to a strict allowlist such as lowercase letters, numbers, and hyphens; reject slashes and dot-dot paths; resolve real paths before deleting; and avoid glob-based cleanup.
Generated apps and their public tunnel URLs may keep running after the initial request until the user stops them.
The helper intentionally starts background server and tunnel processes and records their PIDs so they can be listed or stopped.
node -e "..." & ... echo $! > "$JITS_DIR/$name.pid" ... /tmp/cloudflared tunnel --url "http://localhost:$port" ... &
Use the list and stop commands after each session, and consider adding automatic timeouts or clearer prompts before creating a public tunnel.