tunnel-doctor
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill uses the command
curl -fsSL https://tailscale.com/install.sh | sh. This pattern is highly dangerous as it executes unverified code from an external source without any integrity verification. While Tailscale is a known service, it is not on the defined list of Trusted External Sources, and piping remote scripts to a shell remains a critical security risk. - External Downloads (HIGH): The skill initiates a network request to an external domain (
tailscale.com) to retrieve executable content. This lacks the safety of version pinning or cryptographic checksum validation. - Command Execution (HIGH): Executing shell scripts dynamically via
shallows for broad system modifications, potentially including privilege escalation or persistence mechanisms which are typical for network management tools like Tailscale.
Recommendations
- HIGH: Downloads and executes remote code from: https://tailscale.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata