TryCloudflare Proxy Verify
Security checks across malware telemetry and agentic risk
Overview
This skill transparently creates temporary public Cloudflare links to user-selected local content, but users should carefully limit what directory or service is exposed and stop the tunnel afterward.
Before installing or using this skill, make sure you only expose a dedicated folder or service that contains exactly what you intend to share. Do not point it at your home directory, a broad project folder, or a sensitive local app. Use trusted installations of cloudflared, python3, and curl, and stop the tunnel/server as soon as the link is no longer needed.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or user points the tunnel at the wrong folder or local service, private local content could become publicly reachable while the tunnel is active.
The skill intentionally makes local resources reachable through a public URL. This matches the stated purpose, but the user must ensure only intended content is served.
Expose a local file, local folder, screenshot, or local HTTP service through a temporary trycloudflare.com tunnel
Use a dedicated export folder containing only the exact files to share, avoid exposing broad directories or authenticated local services, and verify the final URL before sending it.
The skill will only work safely if the local cloudflared, python3, and curl binaries are present and trustworthy.
The helper depends on external local binaries, while the registry metadata lists no required binaries or install specification. This is not malicious, but dependency provenance and availability are left to the user environment.
python3 -m http.server "$PORT" ... cloudflared tunnel --url "http://127.0.0.1:$PORT" ... curl -I "$PUBLIC_URL/$REL_PATH"
Install cloudflared and other required tools from official or trusted sources before using the helper script.
Shared content can remain accessible longer than intended if the tunnel process is left running.
The tunnel is intentionally long-running so the shared URL remains usable. This is purpose-aligned, but it means the public exposure continues until the process is stopped.
Keep the tunnel process alive after sharing the URL.
Stop the tunnel and local server when sharing is finished, and avoid exposing sensitive files or services.