Back to plugin

Security audit

ClawTunnel

Security checks across malware telemetry and agentic risk

Overview

ClawTunnel has a coherent credential handoff purpose, but it deserves Review because it handles secrets through broad tool-call injection and includes a high-impact gateway installer without a confirmation gate.

Review before installing on a real gateway. Prefer a pinned release or locally reviewed checkout over the curl-to-bash installer, configure publicUrl or Tailscale for high-value secrets instead of the default Cloudflare quick tunnel, and only use this where you accept that the agent can place the secret placeholder into any available tool call.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/tunnel.ts:40
Evidence
return spawn(command, args, { stdio: ["ignore", "pipe", "pipe"] });