← 返回 Skills 市场
tunneling
作者
Simantak Dabhade
· GitHub ↗
· v1.0.0
2092
总下载
7
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install tunneling
功能描述
Create free SSH tunnels to expose local ports to the internet using tinyfi.sh. Use when you need to share a locally running app, test webhooks, demo a prototype, or get a public HTTPS URL for any local service — no signup or authentication required.
安全使用建议
Before installing or letting an agent run this skill, consider: (1) The metadata fails to list 'ssh' as a required binary even though the instructions rely on it — ask the publisher to correct that. (2) tinyfi.sh has no listed homepage or source in the skill; verify who operates tinyfi.sh and whether you trust that operator, because all tunneled traffic (and URLs) will pass through their servers. (3) The recommended ssh option StrictHostKeyChecking=accept-new auto-accepts host keys — this can allow man-in-the-middle connections; prefer verifying the server fingerprint manually. (4) Never expose services that handle secrets, authentication tokens, private keys, or production databases via an untrusted tunnel. If you must test webhooks/demos, run on ephemeral test data behind authentication. (5) If you don't fully trust tinyfi.sh or autonomous agent execution, run the ssh command yourself manually and inspect the connection, or use a well-known tunneling provider (or your own SSH server) with documented security practices. (6) Consider limiting the agent's ability to execute background network processes unless you explicitly trust the skill and its operator.
功能分析
Type: OpenClaw Skill
Name: tunneling
Version: 1.0.0
The skill is designed to create SSH tunnels to expose local ports using the tinyfi.sh service. It instructs the agent via SKILL.md to execute an `ssh` command in the background to `tinyfi.sh`, which is directly aligned with its stated purpose. While `ssh` is a powerful tool, its use here is for its intended tunneling functionality, and there is no evidence of data exfiltration, malicious execution beyond the stated purpose, or prompt injection with harmful objectives. The `StrictHostKeyChecking=accept-new` flag is a minor security convenience but does not indicate malicious intent.
能力评估
Purpose & Capability
The SKILL.md explicitly requires SSH to create remote port forwards (ssh -R ... tinyfi.sh), but the skill metadata declares no required binaries. That mismatch is incoherent: the skill needs ssh to work but doesn't declare it. Additionally the skill points traffic to tinyfi.sh (no homepage or source listed), so the external dependency is not documented or vetted in the metadata.
Instruction Scope
Runtime instructions tell the agent to run ssh -R and to use -o StrictHostKeyChecking=accept-new (auto-accept new host keys) and to run the SSH command in the background. Auto-accepting host keys increases risk of connecting to an impostor server; running the tunnel exposes arbitrary local services to the remote operator, including any sensitive endpoints or credentials sent over those connections. The instructions do not require verifying server fingerprints or limiting what is exposed.
Install Mechanism
This is an instruction-only skill with no install steps or code to write to disk, which is lower risk. There is no download or install mechanism to review.
Credentials
The skill declares no environment variables or credentials and the instructions do not request any secrets. That is proportionate. However, creating a tunnel inherently exposes local network services and any data those services accept to the remote server (tinyfi.sh), which is a privacy/security consideration not reflected in metadata.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does instruct the agent to run background SSH processes (which is normal for a tunneling tool), but autonomous execution would let the agent open network tunnels — a capability worth restricting to trusted skills or explicit user approval.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install tunneling - 安装完成后,直接呼叫该 Skill 的名称或使用
/tunneling触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the tunneling skill.
- Easily expose any local port to the public internet via the TinyFish (tinyfi.sh) SSH tunnel service.
- No signup or authentication required; just use SSH.
- Supports choosing random or custom subdomains for your public URL.
- Includes keep-alive instructions for stable long-running tunnels.
- Documents usage guidelines, common ports, and service rate limits.
元数据
常见问题
tunneling 是什么?
Create free SSH tunnels to expose local ports to the internet using tinyfi.sh. Use when you need to share a locally running app, test webhooks, demo a prototype, or get a public HTTPS URL for any local service — no signup or authentication required. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2092 次。
如何安装 tunneling?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install tunneling」即可一键安装,无需额外配置。
tunneling 是免费的吗?
是的,tunneling 完全免费(开源免费),可自由下载、安装和使用。
tunneling 支持哪些平台?
tunneling 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 tunneling?
由 Simantak Dabhade(@simantak-dabhade)开发并维护,当前版本 v1.0.0。
推荐 Skills