frp-tunnel

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate self-hosted tunnel guide, but it recommends broad root and DNS credential handling that users should review carefully before installing.

Install only if you understand this will publish selected local services to the public internet. Replace the hardcoded IP, domain, tunnel names, and repo path; avoid passphrase-less root SSH where possible; use a least-privilege Cloudflare token stored with strict permissions; restrict or disable the frp dashboard; verify downloaded binaries; and do not expose sensitive, unauthenticated, or debug-only local apps.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The guide explicitly tells users to generate an SSH private key with no passphrase so an AI agent can log into a root account automatically. An unencrypted private key stored on the local machine materially increases the chance of credential theft and full VPS compromise if the file, workstation, logs, or agent environment are exposed.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The guide places a live Cloudflare API token directly into a systemd override file without discussing ownership, permissions, rotation, or safer secret storage. That can expose DNS-edit credentials to local users, backups, shell history, or configuration management artifacts, enabling subdomain takeover or certificate issuance abuse for the zone.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal