ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

TryCloudflare Proxy Verify

v1.0.0

Expose a local file, local folder, screenshot, or local HTTP service through a temporary trycloudflare.com tunnel and verify the public URL before sharing it...

0· 20·0 current·0 all-time
by@ojbkxiongdei
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name, description, SKILL.md, and script all consistently implement exposing and verifying a trycloudflare tunnel. However, the skill fails to declare required runtime binaries that the instructions and script assume (notably: cloudflared, python3, and curl). Declaring those binaries would make the manifest proportionate to the stated purpose.
Instruction Scope
Runtime instructions and the shell script stay within scope: they start a local HTTP server, start cloudflared, poll logs for the trycloudflare URL, and verify the final public URL with curl. The instructions do not attempt to read unrelated files, export extra credentials, or send data to unexpected endpoints beyond the trycloudflare public URL and Cloudflare's service.
Install Mechanism
There is no install spec and no code is downloaded from external/untrusted URLs. The included script is local and small; the skill relies on preinstalled binaries instead of installing software itself (acceptable but should be documented).
Credentials
The skill requests no environment variables or credentials and the script does not access secrets or config paths. It only uses temporary /tmp log files and runtime PIDs; this is proportional to the task.
Persistence & Privilege
The skill does not request permanent presence or elevated privileges, and always:false. It does not modify other skills or global agent settings.
Assessment
This skill appears to do what it says: it will run a local HTTP server and start cloudflared to create a temporary public URL, then verify that URL before returning it. Before installing or using it, ensure you have cloudflared, python3, and curl installed (the manifest currently doesn't declare these). Be careful which directory you serve — any files in the served directory become externally reachable while the tunnel is up. Verify the public URL yourself as the skill instructs and do not share links to sensitive content. Finally, prefer an official cloudflared binary from Cloudflare and review its network behavior/policy before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c7c1v29zss56z0etnpahd6s84jvsbproxyvk97c7c1v29zss56z0etnpahd6s84jvsbsharingvk97c7c1v29zss56z0etnpahd6s84jvsbtrycloudflarevk97c7c1v29zss56z0etnpahd6s84jvsbtunnelvk97c7c1v29zss56z0etnpahd6s84jvsb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments