Back to skill

Security audit

Cloudflare Tunnel Manager

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Cloudflare Tunnel how-to skill, but users should treat the examples carefully because tunnels can expose local services and credential files are sensitive.

Install only if you intend to manage Cloudflare Tunnels. Before running commands, confirm the active Cloudflare account and zone, review every hostname and local port, protect admin/SSH/file endpoints with Cloudflare Access, avoid noTLSVerify except temporary debugging, and treat ~/.cloudflared JSON files and service tokens like private keys.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is explicitly about exposing local services to the internet and handling tunnel authentication, but it does not prominently warn users about the security, privacy, and access-control implications of publishing internal services. In this context, omission of warnings increases the chance that users expose sensitive apps, admin panels, or development services without appropriate authentication or data-protection controls.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The example sets `noTLSVerify: true`, which disables certificate validation and weakens transport security between cloudflared and the origin. That can enable man-in-the-middle attacks or silent acceptance of impersonated origins, especially if the tunnel connects across untrusted networks or via misconfigured internal routing.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The backup and migration steps copy `~/.cloudflared/*.json` credential files without warning that these files are sensitive secrets that authorize tunnel use. If these files are copied to insecure locations, exposed in backups, or transferred improperly, an attacker could hijack or recreate tunnel access to internal services.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.