Skillv1.1.0

ClawScan security

Cloudflare Agent Tunnel · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 4, 2026, 6:33 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and instructions consistently implement what they claim (setting up Cloudflare Tunnels for OpenClaw agents); installation requires root/system changes but those are proportional to the purpose.
Guidance: This skill appears to do exactly what it says: set up Cloudflare tunnels and persistent systemd services for OpenClaw agents. Before installing, consider: (1) you must run the script as root (it modifies /etc and systemd); (2) cloudflared will store authentication files in /root/.cloudflared — anyone with those files can run that tunnel, so protect them and delete them when decommissioning; (3) the process requires you to authorize Cloudflare via a browser URL — do not share that URL with untrusted parties; (4) the script installs cloudflared from Cloudflare's apt repo (pkg.cloudflare.com), which is expected; (5) after setup, update OpenClaw allowedOrigins and firewall rules as instructed to avoid exposing the service directly. If you are not comfortable granting root-level changes or storing Cloudflare tunnel credentials on this host, do not install; otherwise this skill is coherent and appropriate for the described purpose.

Review Dimensions

Purpose & Capability: okName/description match the included SKILL.md and script: both create cloudflared named or quick tunnels, DNS routing, and systemd services to expose per-agent HTTPS URLs. All requested actions relate to tunnel setup.
Instruction Scope: noteInstructions and script perform system-level actions (install apt package, write /etc/cloudflared, /etc/systemd/system, edit firewall, read/write /root/.cloudflared). These are necessary for persistent tunnels but require root and access to the machine's service config and Cloudflare credentials. The guidance to hand the cloudflared auth URL to a human for browser auth is expected but should be done only by the machine owner.
Install Mechanism: okNo hidden downloads; the script installs cloudflared from Cloudflare's official apt repo (pkg.cloudflare.com) via curl to fetch the signing key then apt-get. This is a standard, traceable install method.
Credentials: okThe skill declares no environment variables or external credentials. It does rely on cloudflared's credential files stored under /root/.cloudflared (created by cloudflared login/create). That is expected and proportional for named tunnels.
Persistence & Privilege: noteThe skill's script and instructions create and enable systemd services and write persistent credential files under /root/.cloudflared. Persistent system changes are required for the stated purpose, but they are high-privilege operations — run only on hosts you control and trust.