Scan Report
5 /100
rustunnel
Expose local services via secure tunnels using rustunnel MCP server
Pure documentation skill with no scripts or code. All declared behavior (config file reading for tunnel auth) is legitimate and necessary for the tunnel service functionality.
Safe to install
No action needed. This is a well-documented tunnel management skill.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | SKILL.md - Reads ~/.rustunnel/config.yml for auth_token |
3 findings
Medium External URL 外部 URL
https://abc123.edge.rustunnel.com SKILL.md:143 Medium External URL 外部 URL
https://myapp-preview.edge.rustunnel.com SKILL.md:243 Medium External URL 外部 URL
https://edge.rustunnel.com:8443 SKILL.md:296 File Tree
1 files · 8.7 KB · 335 lines Markdown 1f · 335L
└─
SKILL.md
Markdown
Security Positives
✓ Pure documentation skill with no executable code
✓ All declared capabilities are necessary for tunnel functionality
✓ Uses MCP tools for secure lifecycle management
✓ Proper file permissions guidance (chmod 600) documented
✓ HTTPS usage explicitly mentioned
✓ No hidden functionality or obfuscation
✓ No sensitive path access beyond declared tunnel config