opentunnel-connect
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill's primary workflow (in
SKILL.md) instructs users to execute a remote shell script directly into a root shell using the highly insecure patterncurl -fsSL ... | sudo bash. This allows the script's author to execute arbitrary code on the remote server with full administrative privileges. - [CREDENTIALS_UNSAFE] (HIGH): The
scripts/remote.shscript automatically creates a system user, generates a temporary password, and stores it in cleartext. This password is then transmitted in a JSON payload via an unencrypted HTTP POST request. - [DATA_EXFILTRATION] (HIGH): Sensitive connection details, including the generated username and cleartext password, are sent to a webhook exposed via
bore.pub. Becausebore.pubis a public tunneling service, this sensitive data is transmitted through third-party infrastructure where it can be intercepted, logged, or exfiltrated by malicious actors. - [EXTERNAL_DOWNLOADS] (HIGH): The skill downloads the
borebinary from an untrusted GitHub repository (ekzhang/bore) and executes it. Inscripts/remote.sh, the binary is moved to/usr/local/binand given executable permissions, which requires and utilizes elevated privileges without verifying the binary's integrity via checksums. - [COMMAND_EXECUTION] (MEDIUM): The
scripts/server.jsandscripts/remote.shfiles make extensive use of dangerous system commands includinguseradd,chpasswd,execSync, andspawnto manipulate system users and process states, which could be exploited if inputs are not properly sanitized.
Recommendations
- AI detected serious security threats
Audit Metadata