ClawAudit verdict
sshtunnel
Accesses system credential store AND makes external network calls
The skill offers a one-line pipe-to-shell install pattern from aitun.cc and then exposes the machine SSH server to the public internet via an external tunneling service, creating meaningful attack surface beyond what most users would expect.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
What it does
These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence — it does not verify that one flows into another. Read the code to confirm a live chain.
Accesses system credential store AND makes external network calls
LLM02 · ASI03
Permission integrity
network_out
package_install
Findings (6)
Pipe-to-shell pattern (curl | sh) — supply chain attack vector
SKILL.md · code · curl -fsSL https://aitun.cc/install.sh | bash
Pipe to bash — executes piped content as shell commands
SKILL.md · code · | bash
References sudo — requests elevated privileges
SKILL.md · code · sudo
yum install — installs system packages
SKILL.md · code · yum install
Accesses .ssh directory
SKILL.md · code · .ssh/
References SSH/GPG private keys
SKILL.md · code · ssh_key
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class A/B/E). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
Requires 1 system binary.
package_installnetwork_outnetwork_incredential_storedata_encoding Thanks — recorded.