HLE Tunnel
Security checks across malware telemetry and agentic risk
Overview
This is a coherent remote-tunnel skill, but it intentionally exposes selected local or agent services through HLE, so users should be careful about what they share and with whom.
Install this only if you trust HLE as a tunnel provider and need remote access to a local service. Use specific SSO allowlists, avoid unauthenticated tunnels for private services, protect HLE_API_KEY, review active tunnels/share links, and stop any background or systemd tunnel when it is no longer needed.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the wrong local service or recipient is chosen, someone could gain remote access to private dashboards, notebooks, admin panels, or the agent UI.
The skill can expose the agent's local Control UI to a public HLE URL and grant other users access. This is purpose-aligned and disclosed, but it is a high-impact network action.
hle expose --service http://localhost:18789 --label my-agent ... --allow friend@gmail.com
Only expose services you intend to share, use SSO with specific allowed emails, avoid '--auth none' for private services, and review active tunnels regularly.
Anyone with the HLE API key may be able to manage tunnel access for the account.
The skill requires an HLE account credential to create and manage tunnels. This is expected for the service, but the credential is sensitive.
Run `hle auth login` to save the key ... or set the `HLE_API_KEY` environment variable
Protect the HLE API key, avoid pasting it into logs or shared commands, rotate it if exposed, and use the least-privileged key options HLE provides.
The actual tunnel behavior depends on the upstream HLE CLI or Docker image you install.
The skill depends on installing an external HLE client. That is normal for this integration, but the external package code is not included in the provided artifacts.
brew | formula: hle-world/tap/hle-client ... uv | package: hle-client
Install from the documented HLE sources, keep the client updated, and verify package/image provenance if using this in a sensitive environment.
Data shown by the exposed local service may become accessible through HLE to the configured users or share-link holders.
Local service traffic and UI access are routed through the HLE gateway to allowed remote users. This is the intended function, but it creates a sensitive data boundary.
The command runs in the foreground and prints the public URL ... Anyone you `--allow` can log in via Google or GitHub SSO
Expose only the minimum needed service, prefer named SSO users over broad links, revoke temporary links after use, and consider whether the service contains private data.
A tunnel could remain available longer than intended if started as a background service.
The examples show optional background and systemd operation, which can keep a tunnel active after the initial task. This is disclosed and user-directed.
nohup hle expose --service http://localhost:18789 --label my-agent > /dev/null 2>&1 & ... Restart=always
Use background or systemd mode only when persistent access is desired, document it, and stop or disable the service when finished.