TunnelProxy

Name: TunnelProxy
Author: turinfohlen

Description

🐴 RAT (Remote Access Trojan) for AI agents. What it does: Agent sends commands → Your machine executes them. What it can do: Whatever you can do in a termin...

Usage Guidance

This package is literally a remote-access tool — treat it like handing someone a shell on your computer. Only install/use if you completely trust the agent/service and you control the model code (not a third-party black-box). Before installing: run TunnelProxy under a restricted, non-privileged user; bind it to localhost and test with TUNNEL_HOST=127.0.0.1; do NOT expose it to the public Internet unless you understand frp and firewall configuration; set a strong UPLOAD_MAGIC and rotate/revoke tokens when finished; review and do not execute helper scripts (e.g., scripts/tunnel_login.py) on sensitive machines unless you intend a connection to be made; monitor access logs and network activity; prefer using an isolated throwaway machine or VM rather than a personal workstation. This skill is coherent with its description (not deceptively hiding malicious code), but because it grants full remote control it is high-risk — proceed only with strict operational safeguards.

Capability Analysis

Type: OpenClaw Skill Name: tunnel-proxy Version: 1.0.11 The tunnel-proxy skill is explicitly designed as a Remote Access Trojan (RAT) for AI agents, providing full remote command execution (RCE) and bidirectional file transfer capabilities on the user's host machine. While the documentation in README.md and SKILL.md contains extensive security warnings and the tool's purpose is transparently stated as a way to bypass sandbox restrictions, the inherent risk of granting an AI agent unrestricted shell access and file system control is extremely high. The scripts tunnel_login.py and http_transfer.py facilitate these high-risk operations. There is no evidence of hidden malicious payloads or hardcoded exfiltration, but the capability itself is highly dangerous and intended to facilitate actions typically associated with malware.

Capability Tags

cryptocan-make-purchases

Capability Assessment

✓ Purpose & Capability

Name, description, declared env vars, examples, and included scripts all align: the skill's purpose is to provide remote command execution, PTY sessions, file upload/download, and reverse proxying via a local TunnelProxy service, and every requested artifact supports that purpose.

ℹ Instruction Scope

SKILL.md and accompanying docs explicitly instruct the agent to register, request PTY sessions, execute commands, and transfer files through the user's TunnelProxy service. This is within the stated purpose but grants broad, destructive capabilities (read/delete/execute) to the agent by design. Note: the provided scripts (e.g., scripts/tunnel_login.py) will immediately attempt a session connection when executed, so running those files can cause network activity and remote command execution.

✓ Install Mechanism

No installer is provided (instruction-only skill plus small helper scripts). requirements.txt only lists 'requests'; there is no download-from-arbitrary-URL install step in the skill package. Risk from install mechanism is low, but the skill relies on the user running/hosting an external TunnelProxy service (Elixir/frp) which has its own install surface outside this package.

✓ Credentials

Declared environment variables (TUNNEL_HOST, TUNNEL_HTTP_PORT, TUNNEL_AGENT_TOKEN, TUNNEL_TIMEOUT, UPLOAD_MAGIC) are directly related to the remote-tunnel function. The primary credential (TUNNEL_AGENT_TOKEN) is appropriate for authenticating agent sessions. No unrelated credentials or surprising config paths are requested.

ℹ Persistence & Privilege

The skill does not request 'always: true' and uses normal model invocation. That said, the capability it enables is high-privilege: remote command execution and network proxying create a large blast radius if misused. The package does not attempt to modify other skills or system-wide agent configuration, but the operator should treat this as a high-privilege integration.

Version History

v1.0.11

- Version updated from 1.0.9 to 1.0.11. - No file or documentation content changes detected. - No new features, fixes, or modifications present in this release.

v1.0.10

- Version updated to 1.0.10 with no file changes detected. - No functional, API, or documentation changes from previous version. -真的讲清楚了，真的已经把那个环境变量运行时变量tmd已经标得很明确了，在那个meta data

v1.0.9

- Version bumped from 1.0.8 to 1.0.9. - No file changes detected; documentation and functionality remain unchanged.

v1.0.8

tunnel-proxy v1.0.8 - Added new script: scripts/tunnel_login.py for HTTP API connectivity and agent login. - Removed obsolete script: scripts/tunnel_check.py. - Updated documentation for enhanced security and new API-based workflow. - Environment variables updated: now uses TUNNEL_AGENT_TOKEN; PTY port variable moved to API session. - Skill now emphasizes agent registration, token authentication, and one-time PTY session flows.

v1.0.7

Version 1.0.7 of tunnel-proxy - No file changes detected in this release. - Version number updated to 1.0.7 in metadata. - Clearify the runtime env dependence.

v1.0.6

Version 1.0.6 makes the skill simpler, more direct, and safer by design. - Replaces previous custom Python API (`TunnelOps`) with simple, transparent usage via scripts: `tunnel_check.py`, `http_transfer.py` - Removes `pty_exec.py` and `tunnel_ops.py`; most operations are now performed with netcat, curl, or the included scripts - Adds clear warnings and makes security risks more prominent in documentation - Provides concise, real-world examples using shell and Python tools for command execution and file transfer - Adds new reference and tips files for troubleshooting and usage patterns - Reduces package dependencies by dropping `pexpect` **Summary:** Now minimal, direct, and clear: use netcat or the provided scripts for tunneling and file transfer, with a strong emphasis on security risks and practical use.

v1.0.5

- Updated default TunnelProxy example address from "frp.freefrp.net" to a generic placeholder "your-frp-server.example.com" in documentation. - No functional or code changes; documentation example clarified to avoid confusion. - Version bump from 1.0.4 to 1.0.5.

v1.0.4

- Added a strong security warning section to SKILL.md, with usage best practices and recommendations. - Documented new/updated environment variables (TUNNEL_HOST, TUNNEL_PORT, TUNNEL_HTTP_PORT, TUNNEL_TIMEOUT, UPLOAD_MAGIC). - Added references/README_for_user.md and requirements.txt with this release.

v1.0.3

- Initial release of the tunnel-proxy skill (v1.0.0). - No code or documentation changes since previous version. - Enables AI agents to use TunnelProxy for remote command execution, file transfer, and bypassing network restrictions.

v1.0.2

- Added metadata file (_meta.json) to support versioning and platform integration. - No code or documentation changes in this release.

v1.0.1

- Added a comprehensive README.md with setup, usage, API reference, error handling, and security notes. - Improved skill documentation to assist users in integrating and operating TunnelProxy.

v1.0.0

Initial release of tunnel-proxy skill. - Enables AI agents to bypass network restrictions via user's local TunnelProxy service. - Supports remote command execution, bidirectional file transfer, and unrestricted network access. - Provides a Python API (TunnelOps) for remote shell, HTTP file transfer, and URL fetching. - Includes methods to install blocked packages and handle network-restricted environments. - Warns of high risk: grants remote shell access to user machine; intended for trusted setups only.

Metadata

Slug tunnel-proxy

Version 1.0.11

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 12

Frequently Asked Questions

What is TunnelProxy?

🐴 RAT (Remote Access Trojan) for AI agents. What it does: Agent sends commands → Your machine executes them. What it can do: Whatever you can do in a termin... It is an AI Agent Skill for Claude Code / OpenClaw, with 214 downloads so far.

How do I install TunnelProxy?

Run "/install tunnel-proxy" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is TunnelProxy free?

Yes, TunnelProxy is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does TunnelProxy support?

TunnelProxy is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created TunnelProxy?

It is built and maintained by TurinFohlen (@turinfohlen); the current version is v1.0.11.

More Skills

What is TunnelProxy?

How do I install TunnelProxy?

Is TunnelProxy free?

Which platforms does TunnelProxy support?

Who created TunnelProxy?

💬 Comments