cf-tunnel

The skill is largely coherent with its stated goal of unifying Cloudflare Tunnel management under a single Bun CLI entrypoint and includes sensible features like port auto-avoidance and status aggregation. However, it installs an unverifiable external binary (cloudflared) directly from a URL without documented verification, which constitutes a high-risk supply-chain pattern and elevates the overall security risk. Other data flows (local logs, panel API, and local endpoints) are reasonable but should be safeguarded with proper access controls. Overall, the skill is SUSPICIOUS due to the unverifiable binary install pattern, and would be BENIGN only if the binary download is replaced with a verifiable, signed package from an official registry or a clearly verifiable checksum/signature workflow.