by 安全扫描
OpenClaw
可疑
medium confidence该技能的用途(将本地主机暴露到互联网)是合理的,但运行时说明指示代理运行来自未知域的未验证远程安装脚本(curl | sh),并通过公共中继路由本地文件,这带来了显著的隐私和供应链风险。
评估建议
在安装或运行此技能之前,请考虑以下事项:(1) 不要从未知域运行 `curl | sh`——请请求源代码、发布页面和加密校验和(或从可信的软件包仓库安装);(2) 了解暴露目录或服务会发布所服务的内容——仔细检查路径,避免泄露密钥、私钥、配置文件或其他敏感数据;(3) 如需测试且不想使用第三方中继,请优先使用 `--local` 选项或自托管中继(`--relay`);(4) 如必须尝试,请在一次性 VM 或容器内运行安装程序和 tunelo 二进制文件,或先审计安装脚本;(5) 对允许代理自主执行这些安装/运行命令要谨慎——每次都需要用户明确确认。如果发布者能提供可验证的 GitHub 发布版本、二进制校验和或可审计的安装包,这将提高信任度并可能改变此评估。...详细分析 ▾
✓ 用途与能力
名称、描述和命令一致:该技能的目的是通过公共 HTTPS URL 暴露本地服务/文件,SKILL.md 解释了相关命令。所需能力(网络中继、文件服务能力)与所述目的相符。
⚠ 指令范围
SKILL.md 明确指示代理通过 `curl -fsSL https://tunelo.net/install.sh | sh` 运行安装程序,然后暴露任意本地路径(例如 `tunelo serve /path/to/files`)。运行不透明的远程安装脚本和暴露任意本地目录都是高风险操作:安装脚本可以在主机上执行任意代码,隧道命令如果使用不当可能会发布敏感文件。说明未提供校验和、源代码仓库或验证安装程序的详细信息。
⚠ 安装机制
除了从 tunelo.net 的 curl|sh 外没有其他安装规范——这是从未验证域的单文件下载并执行。根据扫描规则,这是一种高风险安装模式(任意代码和二进制文件将被写入磁盘)。该域不是已知可验证的发布主机(例如 GitHub 发布版本、官方发行版仓库),且未提供完整性验证。
✓ 凭证需求
该技能不请求环境变量、凭据或配置路径。这是合理的:暴露本地服务本身不需要额外的外部凭据。然而,默认行为是通过第三方中继(tunelo.net)路由流量,这隐含地让该运营者能够看到你暴露的端点——这是一个隐私/运营问题,即使未以凭据形式表达。
ℹ 持久化与权限
安装会写入持久化二进制文件(声称位于 /usr/local/bin/tunelo)。安装二进制文件是持久化更改,可能需要提升权限;这本身并非恶意,但却是意义的系统修改。该技能未设置为 always:true,也未请求平台级权限。
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.2.02026/3/20
为 AI 代理重写——触发短语、典型工作流程、使用时机与不使用时机
● 可疑
安装命令
点击复制官方npx clawhub@latest install tunelo
镜像加速npx clawhub@latest install tunelo --registry https://cn.longxiaskill.com 镜像可用
技能文档
When to use tunelo
Use tunelo when the user needs to:
- Preview files remotely — "show me that PDF", "let me browse those files on my phone"
- Share a local dev server — "give me a link to your React app"
- Demo something to a colleague — "send me the URL so I can test it"
- Access localhost from another device — mobile testing, remote debugging
- Share a directory — project files, documents, media, datasets
Do NOT use tunelo when:
- The user only needs local access (use
python3 -m http.serverortunelo serve . --local) - The files are already hosted somewhere public
Install
curl -fsSL https://tunelo.net/install.sh | sh
If tunelo is not found after install, the binary is at /usr/local/bin/tunelo.
Commands
Expose a local HTTP service
tunelo http 3000 # Expose port 3000 → get public HTTPS URL
tunelo http 5173 # React/Vite dev server
tunelo http 8080 # Any local service
tunelo http 3000 --private # Require access code to visit
Serve files with web explorer
tunelo serve . # Current directory → public URL with file browser
tunelo serve ./dist # Specific directory
tunelo serve ~/Documents # Any path
tunelo serve . --local # Local-only preview (no tunnel, no public URL)
tunelo serve . -l -p 8000 # Local preview on port 8000
The file explorer runs in the browser — directory browsing, code syntax highlighting, markdown rendering, PDF viewer, image/video/audio playback, CSV/Excel tables. Everything is embedded in the binary, no dependencies.
Options
tunelo http --relay my.server:4433 # Use a custom relay server
tunelo http -H 192.168.1.100 # Forward to non-localhost
tunelo http --private # Auto-generate access code
tunelo http --code mysecret # Set specific access code
Default relay is tunelo.net:4433 (free public relay). Use --relay for self-hosted.
Typical agent workflows
User says "share these files with me"
tunelo serve /path/to/files # Give the user the public URL from the output
User says "I want to see this on my phone"
# If there's a dev server running:
tunelo http 3000
# If it's just files:
tunelo serve .
User says "let my colleague test the API"
tunelo http 8080 --private # Give them the Share URL (includes access code)
User says "preview this locally first"
tunelo serve ./dist --local # Opens on http://localhost:3000, no public URL
How it works
Browser → HTTPS → Relay → QUIC tunnel → Client → localhost / file server
- Public HTTPS URL assigned automatically (random subdomain like
abc123.tunelo.net) - QUIC transport — encrypted, multiplexed, low latency
- Auto-reconnects if connection drops
- Session limit: tunnels expire after ~2 hours on the public relay