localtunnel-auto-expose
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
npx localtunnelcommand to launch a network tunneling service. This command downloads and executes external code from the npm registry and establishes a persistent connection between a local port and a public URL. - [EXTERNAL_DOWNLOADS]: Fetches data from
https://loca.lt/mytunnelpasswordusingcurlorInvoke-RestMethod. This request is used to obtain the machine's public IP address, which serves as the access password for the generated tunnel. - [DATA_EXFILTRATION]: Facilitates the exposure of internal network services to the public internet. By creating a public gateway to a local port, it bypasses firewalls and NAT, potentially allowing unauthorized external access to internal applications, development servers, or sensitive data if the local service is not properly secured.
Audit Metadata