← 返回 Skills 市场
turinfohlen

TunnelProxy

作者 TurinFohlen · GitHub ↗ · v1.0.11 · MIT-0
cross-platform ⚠ suspicious
214
总下载
0
收藏
0
当前安装
12
版本数
在 OpenClaw 中安装
/install tunnel-proxy
功能描述
🐴 RAT (Remote Access Trojan) for AI agents. What it does: Agent sends commands → Your machine executes them. What it can do: Whatever you can do in a termin...
安全使用建议
This package is literally a remote-access tool — treat it like handing someone a shell on your computer. Only install/use if you completely trust the agent/service and you control the model code (not a third-party black-box). Before installing: run TunnelProxy under a restricted, non-privileged user; bind it to localhost and test with TUNNEL_HOST=127.0.0.1; do NOT expose it to the public Internet unless you understand frp and firewall configuration; set a strong UPLOAD_MAGIC and rotate/revoke tokens when finished; review and do not execute helper scripts (e.g., scripts/tunnel_login.py) on sensitive machines unless you intend a connection to be made; monitor access logs and network activity; prefer using an isolated throwaway machine or VM rather than a personal workstation. This skill is coherent with its description (not deceptively hiding malicious code), but because it grants full remote control it is high-risk — proceed only with strict operational safeguards.
功能分析
Type: OpenClaw Skill Name: tunnel-proxy Version: 1.0.11 The tunnel-proxy skill is explicitly designed as a Remote Access Trojan (RAT) for AI agents, providing full remote command execution (RCE) and bidirectional file transfer capabilities on the user's host machine. While the documentation in README.md and SKILL.md contains extensive security warnings and the tool's purpose is transparently stated as a way to bypass sandbox restrictions, the inherent risk of granting an AI agent unrestricted shell access and file system control is extremely high. The scripts tunnel_login.py and http_transfer.py facilitate these high-risk operations. There is no evidence of hidden malicious payloads or hardcoded exfiltration, but the capability itself is highly dangerous and intended to facilitate actions typically associated with malware.
能力标签
cryptocan-make-purchases
能力评估
Purpose & Capability
Name, description, declared env vars, examples, and included scripts all align: the skill's purpose is to provide remote command execution, PTY sessions, file upload/download, and reverse proxying via a local TunnelProxy service, and every requested artifact supports that purpose.
Instruction Scope
SKILL.md and accompanying docs explicitly instruct the agent to register, request PTY sessions, execute commands, and transfer files through the user's TunnelProxy service. This is within the stated purpose but grants broad, destructive capabilities (read/delete/execute) to the agent by design. Note: the provided scripts (e.g., scripts/tunnel_login.py) will immediately attempt a session connection when executed, so running those files can cause network activity and remote command execution.
Install Mechanism
No installer is provided (instruction-only skill plus small helper scripts). requirements.txt only lists 'requests'; there is no download-from-arbitrary-URL install step in the skill package. Risk from install mechanism is low, but the skill relies on the user running/hosting an external TunnelProxy service (Elixir/frp) which has its own install surface outside this package.
Credentials
Declared environment variables (TUNNEL_HOST, TUNNEL_HTTP_PORT, TUNNEL_AGENT_TOKEN, TUNNEL_TIMEOUT, UPLOAD_MAGIC) are directly related to the remote-tunnel function. The primary credential (TUNNEL_AGENT_TOKEN) is appropriate for authenticating agent sessions. No unrelated credentials or surprising config paths are requested.
Persistence & Privilege
The skill does not request 'always: true' and uses normal model invocation. That said, the capability it enables is high-privilege: remote command execution and network proxying create a large blast radius if misused. The package does not attempt to modify other skills or system-wide agent configuration, but the operator should treat this as a high-privilege integration.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install tunnel-proxy
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /tunnel-proxy 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.11
- Version updated from 1.0.9 to 1.0.11. - No file or documentation content changes detected. - No new features, fixes, or modifications present in this release.
v1.0.10
- Version updated to 1.0.10 with no file changes detected. - No functional, API, or documentation changes from previous version. -真的讲清楚了,真的已经把那个环境变量运行时变量tmd已经标得很明确了,在那个meta data
v1.0.9
- Version bumped from 1.0.8 to 1.0.9. - No file changes detected; documentation and functionality remain unchanged.
v1.0.8
tunnel-proxy v1.0.8 - Added new script: scripts/tunnel_login.py for HTTP API connectivity and agent login. - Removed obsolete script: scripts/tunnel_check.py. - Updated documentation for enhanced security and new API-based workflow. - Environment variables updated: now uses TUNNEL_AGENT_TOKEN; PTY port variable moved to API session. - Skill now emphasizes agent registration, token authentication, and one-time PTY session flows.
v1.0.7
Version 1.0.7 of tunnel-proxy - No file changes detected in this release. - Version number updated to 1.0.7 in metadata. - Clearify the runtime env dependence.
v1.0.6
Version 1.0.6 makes the skill simpler, more direct, and safer by design. - Replaces previous custom Python API (`TunnelOps`) with simple, transparent usage via scripts: `tunnel_check.py`, `http_transfer.py` - Removes `pty_exec.py` and `tunnel_ops.py`; most operations are now performed with netcat, curl, or the included scripts - Adds clear warnings and makes security risks more prominent in documentation - Provides concise, real-world examples using shell and Python tools for command execution and file transfer - Adds new reference and tips files for troubleshooting and usage patterns - Reduces package dependencies by dropping `pexpect` **Summary:** Now minimal, direct, and clear: use netcat or the provided scripts for tunneling and file transfer, with a strong emphasis on security risks and practical use.
v1.0.5
- Updated default TunnelProxy example address from "frp.freefrp.net" to a generic placeholder "your-frp-server.example.com" in documentation. - No functional or code changes; documentation example clarified to avoid confusion. - Version bump from 1.0.4 to 1.0.5.
v1.0.4
- Added a strong security warning section to SKILL.md, with usage best practices and recommendations. - Documented new/updated environment variables (TUNNEL_HOST, TUNNEL_PORT, TUNNEL_HTTP_PORT, TUNNEL_TIMEOUT, UPLOAD_MAGIC). - Added references/README_for_user.md and requirements.txt with this release.
v1.0.3
- Initial release of the tunnel-proxy skill (v1.0.0). - No code or documentation changes since previous version. - Enables AI agents to use TunnelProxy for remote command execution, file transfer, and bypassing network restrictions.
v1.0.2
- Added metadata file (_meta.json) to support versioning and platform integration. - No code or documentation changes in this release.
v1.0.1
- Added a comprehensive README.md with setup, usage, API reference, error handling, and security notes. - Improved skill documentation to assist users in integrating and operating TunnelProxy.
v1.0.0
Initial release of tunnel-proxy skill. - Enables AI agents to bypass network restrictions via user's local TunnelProxy service. - Supports remote command execution, bidirectional file transfer, and unrestricted network access. - Provides a Python API (TunnelOps) for remote shell, HTTP file transfer, and URL fetching. - Includes methods to install blocked packages and handle network-restricted environments. - Warns of high risk: grants remote shell access to user machine; intended for trusted setups only.
元数据
Slug tunnel-proxy
版本 1.0.11
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 12
常见问题

TunnelProxy 是什么?

🐴 RAT (Remote Access Trojan) for AI agents. What it does: Agent sends commands → Your machine executes them. What it can do: Whatever you can do in a termin... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 214 次。

如何安装 TunnelProxy?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install tunnel-proxy」即可一键安装,无需额外配置。

TunnelProxy 是免费的吗?

是的,TunnelProxy 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

TunnelProxy 支持哪些平台?

TunnelProxy 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 TunnelProxy?

由 TurinFohlen(@turinfohlen)开发并维护,当前版本 v1.0.11。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论