Intranet
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a disclosed local HTTP file server, but users should notice that it can run CGI Python scripts, stay running in the background, and has some ambiguity in the documented served directory.
Install only if you want a local HTTP server. Keep it bound to localhost unless you have configured a strong token and host allowlist, enable CGI only for trusted scripts, verify which directory is actually served, and stop the background server when you are done.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could misunderstand which files are reachable over HTTP and accidentally place sensitive data under a served path.
This differs from SKILL.md's layout that describes `{workspace}/intranet/www/` as the webroot and `config.json` as not served. The inconsistency does not prove exposure, but users should verify the effective served directory because this skill handles local files and auth configuration.
The server serves files from a configurable root directory, created automatically if it doesn't exist.
Always `{workspace}/intranet/`Before using the server, confirm the actual webroot in practice and keep secrets, tokens, and private files outside any directory being served.
If CGI is enabled for untrusted or exposed content, Python code may run with the user's local permissions.
The skill intentionally supports executing Python CGI entry points. This is central to the stated purpose and is gated by configuration, but it means HTTP requests can trigger local code execution when enabled.
CGI Execution
**Off by default.** Enable in `config.json`:
```json
{
"cgi": true
}
```
When enabled, only files named `index.py` can execute as CGILeave CGI disabled unless needed, enable it only for trusted `index.py` files, and use token authentication and host allowlists before exposing the server beyond localhost.
Files and CGI endpoints can become reachable from other machines if the user starts the server on `0.0.0.0`.
The skill can bind the HTTP server to all interfaces for LAN access. The artifact documents safeguards, so this is purpose-aligned, but it increases exposure if misconfigured.
python3 {baseDir}/scripts/intranet.py start --host 0.0.0.0 # LAN access (requires token + allowed_hosts)Use the default `127.0.0.1` binding for local-only use. If LAN or tunnel access is needed, configure a strong token and restrictive `allowed_hosts` first.
Anyone who can read the workspace runtime/config files may be able to authenticate to the local server.
The server stores the bearer token in its runtime configuration file under the workspace. This is expected for the local authentication feature, but the token should be treated as sensitive.
if token:
config["token"] = token
_write_config(config)Use a non-guessable token, protect workspace file permissions, and avoid committing `config.json` or runtime config files containing tokens.
The HTTP server may continue running after the initial command completes until explicitly stopped.
The skill intentionally starts a background server process and records its PID. This is disclosed and paired with `status` and `stop` commands, so it is purpose-aligned rather than hidden persistence.
# Fork to background
pid = os.fork()
if pid > 0:
# Parent process
_write_pid(pid)
print(f"[intranet] Server started (PID {pid})")Use `python3 scripts/intranet.py status` to check it and `python3 scripts/intranet.py stop` when finished.