Workspace Explorer
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill does what it says by opening a temporary remote VS Code tunnel, but that can give broad live access to your workspace and relies on external code and downloads not included for review.
Install only if you intentionally want to give a trusted person live VS Code access to a specific workspace. Use a minimal or disposable directory, remove secrets first, inspect and pin the external repository/downloads, share the URL/password securely, and stop the session as soon as inspection is complete.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone granted access may be able to view or change files in the selected workspace, and a broad path could expose secrets, credentials, or private project data.
The skill intentionally delegates live IDE access to a workspace path, including capabilities that may modify the environment, but the artifacts do not define read-only access, allowed paths, or secret-handling boundaries.
give the owner live access to browse your codebase ... install extensions or use IDE features ... /path/to/workspace
Use only after an explicit request, choose the smallest safe directory, remove secrets first, and prefer a disposable/containerized workspace if edits or extensions are allowed.
If the URL or password is copied, logged, or sent to the wrong person, that person could access the exposed workspace until the session is stopped.
Workspace access is exposed through a public tunnel and controlled by a shared URL/password, with no artifact-backed identity binding or recipient verification beyond whoever receives those values.
Create a Cloudflare tunnel ... Print the public URL and password ... Share the URL and password with your owner.
Treat the URL and password as sensitive credentials, share them only over a trusted channel, stop the tunnel immediately after use, and verify the process has ended.
The code that opens the remote workspace tunnel could change outside this reviewed artifact set, and downloaded binaries would execute with access to the selected workspace.
The runtime depends on a mutable external clone and first-run binary downloads, with no pinned commit, version, checksum, or included script source in the reviewed skill package.
git clone https://github.com/mrbeandev/workspace-explorer.git ... Download binaries on first run (code-server + cloudflared)
Review the repository before use, pin a known commit, verify binary sources/checksums, or require the skill package to include the reviewed scripts and locked dependency versions.
The agent may continue checking tunnel status and logs while the skill is installed and the session is active.
The heartbeat creates recurring monitoring behavior after the tunnel starts; it is disclosed and limited to status/log checks and owner reminders.
the agent will periodically check if the tunnel is active ... If the session has been active for over 12 hours, mention it briefly to the owner
Keep the heartbeat only if you want this monitoring, and stop the session or remove the skill when remote access is no longer needed.