vscode-tunnel
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to do what it says: it starts a VS Code remote tunnel, but users should understand this enables background remote terminal access tied to Microsoft authorization until stopped.
Install or use this skill only if you intentionally want VS Code Remote Tunnel access to the current container or environment. Be aware that it downloads the VS Code CLI, starts a background process, and may keep remote access available until you run the stop command.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone authorized through the configured VS Code/Microsoft account could access the tunnelled environment through VS Code.
The skill intentionally enables remote terminal access. This matches the stated purpose, but remote terminal access is powerful and should only be started when the user intends it.
Start a VS Code Remote Tunnel in Docker container environments, enabling remote terminal access through VS Code.
Start the tunnel only in the intended container or workspace, and stop it when remote access is no longer needed.
The skill will run a freshly downloaded VS Code CLI binary from Microsoft’s download endpoint.
The script downloads, extracts, and executes the VS Code CLI at runtime. This is expected for this tunnel manager, but it means users are trusting the downloaded CLI and network path.
curl -sL "$CLI_URL" -o "$tmp_file"; tar -xzf "$tmp_file" -C "$CLI_DIR"; nohup ./code tunnel
Use this only in environments where downloading and running the VS Code CLI is acceptable; consider pinning or verifying the downloaded binary in higher-security environments.
The tunnel may be associated with the Microsoft account used for authorization, and authorization details may appear in logs during setup.
The tunnel requires Microsoft account authorization, which is expected for VS Code Remote Tunnels but grants account-linked access to the environment.
First-time startup requires Microsoft account authorization
Authorize only with the intended account and keep the tunnel logs private, especially during first-time setup.
Remote access may remain available until the tunnel is stopped or the container exits.
The script intentionally starts the tunnel as a background process. This is disclosed and purpose-aligned, but the tunnel can keep running after the agent response finishes.
nohup ./code tunnel \
--accept-server-license-terms \
--name "$tunnel_name" \
> "$LOG_FILE" 2>&1 &Use the provided status and stop commands to confirm the tunnel is no longer running when finished.