cftunnel
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a legitimate Cloudflare Tunnel skill, but it can publish local services and change Cloudflare DNS using your credentials.
Install only if you intend to let an agent manage Cloudflare Tunnels and DNS. Use a scoped Cloudflare API token, verify the npm package/source, confirm every hostname and local port before exposing it, avoid exposing SSH/databases without strong access controls, and only install the persistent service if you want the tunnel to survive reboots.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken command could make a private local app, database, or SSH service reachable through Cloudflare, or alter DNS records.
The skill intentionally creates public routes to local services and configures DNS, which is central to its purpose but can expose the wrong local port or hostname if misused.
Start a local service ... `cftunnel` creates a tunnel + DNS route → the service is live at `https://hostname.domain.com`.
Confirm the exact hostname, zone, tunnel, and local port before use; avoid exposing sensitive services unless they have their own authentication and access controls.
The skill can act on the user's Cloudflare account within the permissions granted by the supplied key or token.
The skill requires Cloudflare account credentials to manage tunnels and DNS records. This is expected for the integration, but those credentials can be powerful.
export CLOUDFLARE_API_KEY=<api-key> ... export CLOUDFLARE_EMAIL=<account-email> ... export CLOUDFLARE_ACCOUNT_ID=<account-id>
Use a narrowly scoped Cloudflare API token when possible, limited to the needed account, zone, DNS, and tunnel permissions; avoid broad global API keys.
Users are trusting the external npm package to handle Cloudflare credentials and DNS/tunnel operations safely.
The install mechanism pulls a global npm executable. This is normal for a CLI skill, but the runtime package code was not included in the provided artifacts for static review.
node | package: cftunnel -g | creates binaries: cftunnel
Install from a trusted registry/source, verify the package and homepage, and consider pinning a known version before using it with production credentials.
A tunnel connector could continue running after the agent session or a reboot, keeping a local service exposed longer than intended.
The skill documents an optional persistent service. It is disclosed and purpose-aligned, but persistence changes the host beyond the current session.
`npx cftunnel run <tunnel-id> --install-service` | Install cloudflared as a persistent system service (survives reboots).
Use `--install-service` only with explicit intent, document how to stop/remove the service, and periodically review active tunnels and Cloudflare DNS records.