tunneling
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the standard OpenSSH client to establish remote port forwarding (
ssh -R). This is a common developer workflow for testing webhooks or sharing local environments. - [EXTERNAL_DOWNLOADS]: The skill connects to
tinyfi.sh. As per vendor context, this domain is the official service for the author 'tinyfish-io'. The connection is used for tunneling and does not involve downloading or executing untrusted code. - [DATA_EXFILTRATION]: While the skill's primary purpose is to expose local data/services to the internet, it includes explicit warnings to the user: 'Do not tunnel admin panels, debug endpoints, or services that expose secrets or credentials.' This transparency and the use of the vendor's own infrastructure categorize this as intended functionality.
Audit Metadata