ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Remoting

v1.1.0

Mirror your Claude Code terminal in a browser for remote viewing and real-time interaction. Creates a public web terminal via localhost.run tunnel.

0· 62·0 current·0 all-time
by@topcheer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the instructions: the SKILL.md tells the user to run an npm package (remotego) to export the current terminal to a public tunnel. Declaring node as a required binary is appropriate.
!
Instruction Scope
The instructions create a public, interactive shell session (any URL holder can interact). SKILL.md does not warn about data leakage (exposing env vars, files, credentials) nor explicitly mention the need to confirm user consent before exposing an interactive shell. It also suggests --cwd which may expose local project files to remote users.
!
Install Mechanism
The runtime flow relies on npm/npx to fetch and execute @remotego/remotego from the registry (npx executes remote code). The SKILL.md lists a GitHub homepage (topcheer/claude-remoting) that does not obviously match the npm package name (@remotego/remotego) — this mismatch is unexplained and increases supply-chain risk.
!
Credentials
No env vars are declared, but tunneling via localhost.run typically uses SSH (SKILL.md even references SSH port 22). That implies use of the user's SSH agent/keys which is sensitive and not declared. The skill exposes the full terminal, which can leak secrets, credentials, or files — a high-impact capability that should be called out and constrained.
Persistence & Privilege
always is false and there is no install spec in the skill bundle itself. However SKILL.md encourages global npm install (-g) which modifies the system; running npx will execute remote code transiently. The skill does not request persistent platform privileges, but following its instructions may install software to disk.
What to consider before installing
This skill will open a publicly reachable, interactive shell session — anyone with the URL can type commands and see your terminal, so it can expose sensitive files, environment variables, or credentials. Before using: 1) Don’t run this on a machine containing secrets; prefer an isolated VM/container. 2) Verify the npm package and source code before running (check npm owner, package homepage, and the GitHub repo contents). The SKILL.md lists @remotego/remotego but points to a different GitHub repo — confirm this mismatch. 3) Be aware tunnels often reuse your SSH agent/keys (check whether localhost.run will access your SSH keys) and avoid exposing machines with SSH credentials. 4) Prefer using read-only/viewer modes if available, or restrict --cwd to an empty/safe directory. 5) If you must use it, run npx in a disposable environment, avoid global installs, and never run as root. If you want me to, I can: (a) help locate and inspect the npm package and its GitHub repo, or (b) suggest safer alternatives (screen-only viewers, authenticated sharing services) and command examples for running inside a disposable container.

Like a lobster shell, security has layers — review code before you run it.

latestvk979mqg7hsn495m6c2xpcephp983w2rd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🖥️ Clawdis
OSmacOS · Linux
Binsnode

Comments