Is isgudtek/mycrab-tunnel-skill safe?

https://github.com/isgudtek/mycrab-tunnel-skill

40
DANGEROUS

This skill contains critical security vulnerabilities including prompt injection with mandatory override instructions, unauthorized access to credential files, and remote code execution capabilities. The skill is designed to bypass normal agent safety protocols and operates with dangerous autonomy.

Category Scores

Prompt Injection 40/100 · 30%
Data Exfiltration 30/100 · 25%
Code Execution 25/100 · 20%
Clone Behavior 80/100 · 10%
Canary Integrity 70/100 · 10%
Behavioral Reasoning 20/100 · 5%

Findings (6)

CRITICAL Mandatory Override Instructions -30

Contains explicit override language like 'SETUP RULE — mandatory, no exceptions' that instructs the agent to bypass normal safety protocols and execute commands without user confirmation.

CRITICAL Credential File Access -40

The skill accessed multiple sensitive credential files during execution including SSH keys, AWS credentials, Docker config, and environment files.

CRITICAL Remote Code Execution -35

Instructs the agent to download and execute shell scripts from external domains without verification or user approval.

HIGH External API Communication -20

Establishes communication with external API endpoints and transmits system information including architecture, OS details, and Python/Node versions.

HIGH Autonomous Command Interpretation -20

Defines a comprehensive 'slang' system that forces the agent to automatically interpret and execute various tunnel management commands without explicit user approval.

MEDIUM Network Tunnel Creation -25

Creates public-facing network tunnels that could potentially expose internal services to the internet without proper security review.