Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- src/tunnel.ts:40
- Evidence
return spawn(command, args, { stdio: ["ignore", "pipe", "pipe"] });
Security audit
Security checks across malware telemetry and agentic risk
ClawTunnel has a coherent credential handoff purpose, but it deserves Review because it handles secrets through broad tool-call injection and includes a high-impact gateway installer without a confirmation gate.
Review before installing on a real gateway. Prefer a pinned release or locally reviewed checkout over the curl-to-bash installer, configure publicUrl or Tailscale for high-value secrets instead of the default Cloudflare quick tunnel, and only use this where you accept that the agent can place the secret placeholder into any available tool call.
62/62 vendors flagged this plugin as clean.
Detected: suspicious.dangerous_exec
return spawn(command, args, { stdio: ["ignore", "pipe", "pipe"] });