frp-tunnel 安全扫描报告 — 低风险 | ClawSafe

10 /100

frp-tunnel

Share local development servers via self-hosted frp tunnel with custom domains and auto HTTPS

This is a legitimate self-hosted tunnel (frp + Caddy) skill with documented VPS infrastructure configuration. The hardcoded IP is the user's own VPS, not a C2 server. No malicious behavior, credential theft, or hidden functionality detected.

技能名称frp-tunnel

分析耗时38.1s

引擎pi

✓

可以安装

No action required. This is a valid infrastructure tool for sharing local dev servers via self-hosted tunnel.

安全发现 1 项

严重性	安全发现	位置
低危	SSH key access to VPS 敏感访问 The skill creates and uses SSH keys (~/.ssh/frp-vps) for VPS access. The key is generated without passphrase for automation convenience. `ssh-keygen -t ed25519 -f ~/.ssh/frp-vps -N ""` → Document that passphrase-less keys are for automation only and should be protected at rest.	`setup-guide.md:1`

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	Creates /etc/frp/, /etc/caddy/, ~/.frp/ configs
网络访问	`READ`	`READ`	✓ 一致	Downloads from caddyserver.com/api/download, curl to tunnel.fud.city
命令执行	`WRITE`	`WRITE`	✓ 一致	ssh, systemctl, tmux, wget, curl all for tunnel management
环境变量	`READ`	`READ`	✓ 一致	Accesses CF_API_TOKEN for Cloudflare DNS challenge
技能调用	`NONE`	`NONE`	—	No inter-skill invocation

1 高危 14 项发现

📡

高危 IP 地址硬编码 IP 地址

5.223.75.160

SKILL.md:18

🔗

中危外部 URL 外部 URL

http://5.223.75.160:7500

SKILL.md:34

🔗

中危外部 URL 外部 URL

https://news.tunnel.fud.city

SKILL.md:44

🔗

中危外部 URL 外部 URL

https://oldweb.tunnel.fud.city

SKILL.md:45

🔗

中危外部 URL 外部 URL

https://api.tunnel.fud.city

SKILL.md:46

🔗

中危外部 URL 外部 URL

https://terminal.tunnel.fud.city

SKILL.md:47

🔗

中危外部 URL 外部 URL

https://terminal-api.tunnel.fud.city

SKILL.md:48

🔗

中危外部 URL 外部 URL

https://caddyserver.com/api/download?os=linux&arch=amd64&p=github.com%2Fcaddy-dns%2Fcloudflare

SKILL.md:78

🔗

中危外部 URL 外部 URL

http://xxx/.well-known/acme-challenge/

SKILL.md:108

🔗

中危外部 URL 外部 URL

https://new.tunnel.fud.city

SKILL.md:186

🔗

中危外部 URL 外部 URL

https://xxx.tunnel.fud.city

SKILL.md:238

🔗

中危外部 URL 外部 URL

https://www.hetzner.com/cloud/

setup-guide.md:20

🔗

中危外部 URL 外部 URL

https://caddyserver.com/api/download?os=linux&arch=$

setup-guide.md:205

🔗

中危外部 URL 外部 URL

https://app.tunnel.your-domain.com

setup-guide.md:337

目录结构

2 文件 · 16.0 KB · 653 行

Markdown 2f · 653L

├─ 📝 setup-guide.md Markdown 361L · 7.8 KB

└─ 📝 SKILL.md Markdown 292L · 8.2 KB

安全亮点

✓ Documentation is thorough and clearly describes all operations

✓ All network requests go to legitimate sources (caddyserver.com, github.com, Cloudflare)

✓ SSH access is to user's own VPS (5.223.75.160), not external C2

✓ Credentials stored in standard locations (~/.ssh/, environment variables)

✓ No base64 obfuscation or suspicious encoded commands

✓ No data exfiltration or credential harvesting beyond documented config

✓ Binary downloads are from official vendor endpoints