P2claw
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: p2claw Version: 0.1.1 The p2claw skill is a peer-to-peer reverse proxy tool designed to share local applications via public URLs. The skill bundle includes a well-documented SKILL.md that emphasizes security risks, explicitly instructing the AI agent to warn users about public exposure and potential RCE vulnerabilities in development servers before proceeding. The installation script (scripts/install.sh) follows standard practices for binary distribution, including platform detection and SHA-256 checksum verification for assets downloaded from a public GitHub repository (phact/p2claw-skill). While the tool performs high-risk operations like port forwarding and optional system-level service installation (including CA root modification for MagicDNS), these actions are transparently documented and require explicit user consent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with or able to discover the link can reach the local app being exposed, including any debug, file, shell, or admin features that app provides.
The core command intentionally exposes a selected localhost service to internet-reachable users. The artifact discloses this and requires confirmation, so it is purpose-aligned but high-impact.
A p2claw URL is **a public URL**... There is no IP allowlist, no auth in front of it
Confirm the exact app and port before exposing it, avoid debug or unauthenticated services, and stop or remove the route when sharing is finished.
A remote visitor could potentially trigger database, cloud, or API actions through the exposed app if the app has those credentials available.
The skill itself does not show credential harvesting, but publishing a local app can delegate that app's existing credentials or account privileges to remote visitors.
The app talks to a database, API key, cloud account, or any credential pulled from the user's environment. Exposing the app exposes whatever it can do with those creds.
Do not expose credentialed or private apps unless authentication and authorization are verified; use an authenticated tunnel for private sharing.
Installing runs a downloaded executable that was not included in the reviewed artifacts, so compromise or replacement of the release source could affect the user's machine.
The installer fetches the latest release binary from GitHub by default, and checksum verification is best-effort rather than mandatory. This is normal for a binary installer but leaves provenance dependent on the GitHub release source.
curl -fsSL "https://api.github.com/repos/$REPO/releases/latest" ... warn "SHA256SUMS not published or no sha256 tool available; skipping integrity check"
Use the default repository only if trusted, pin a known version with P2CLAW_VERSION or --version, and prefer releases with published checksums or signatures.
If installed as a service, p2claw may keep running in the background and maintain configured sharing behavior until stopped or removed.
The tool can be installed as a persistent user-level daemon. This is disclosed and aligned with maintaining proxy routes, but it can continue running beyond a single sharing session.
$BIN_NAME service install # always-on user-scope service (no sudo)
Use foreground mode for one-off sharing, review active routes with the p2claw CLI, and stop or uninstall the service when it is no longer needed.