P2claw
PassAudited by ClawScan on May 8, 2026.
Overview
P2claw does what it claims—installs a local reverse-proxy tool and publishes selected localhost apps to public links—but users should be careful because that can expose local apps and their privileges to the internet.
Install only if you trust the p2claw release source and understand that exposing a port creates a public URL. Confirm every exposed app and port, avoid sharing debug or credentialed services, and stop routes or the background service when done.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with or able to discover the link can reach the local app being exposed, including any debug, file, shell, or admin features that app provides.
The core command intentionally exposes a selected localhost service to internet-reachable users. The artifact discloses this and requires confirmation, so it is purpose-aligned but high-impact.
A p2claw URL is **a public URL**... There is no IP allowlist, no auth in front of it
Confirm the exact app and port before exposing it, avoid debug or unauthenticated services, and stop or remove the route when sharing is finished.
A remote visitor could potentially trigger database, cloud, or API actions through the exposed app if the app has those credentials available.
The skill itself does not show credential harvesting, but publishing a local app can delegate that app's existing credentials or account privileges to remote visitors.
The app talks to a database, API key, cloud account, or any credential pulled from the user's environment. Exposing the app exposes whatever it can do with those creds.
Do not expose credentialed or private apps unless authentication and authorization are verified; use an authenticated tunnel for private sharing.
Installing runs a downloaded executable that was not included in the reviewed artifacts, so compromise or replacement of the release source could affect the user's machine.
The installer fetches the latest release binary from GitHub by default, and checksum verification is best-effort rather than mandatory. This is normal for a binary installer but leaves provenance dependent on the GitHub release source.
curl -fsSL "https://api.github.com/repos/$REPO/releases/latest" ... warn "SHA256SUMS not published or no sha256 tool available; skipping integrity check"
Use the default repository only if trusted, pin a known version with P2CLAW_VERSION or --version, and prefer releases with published checksums or signatures.
If installed as a service, p2claw may keep running in the background and maintain configured sharing behavior until stopped or removed.
The tool can be installed as a persistent user-level daemon. This is disclosed and aligned with maintaining proxy routes, but it can continue running beyond a single sharing session.
$BIN_NAME service install # always-on user-scope service (no sudo)
Use foreground mode for one-off sharing, review active routes with the p2claw CLI, and stop or uninstall the service when it is no longer needed.