ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

node-connect

v1.0.0

Diagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps. Use when QR/setup code/manual connect fails, local Wi-Fi w...

0· 34·0 current·0 all-time
by辉哥@1yihui

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for 1yihui/yihui-node-connect.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "node-connect" (1yihui/yihui-node-connect) from ClawHub.
Skill page: https://clawhub.ai/1yihui/yihui-node-connect
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install yihui-node-connect

ClawHub CLI

Package manager switcher

npx clawhub@latest install yihui-node-connect
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md is coherent with a node/pairing troubleshooting skill and only uses OpenClaw and Tailscale CLIs. However, the registry metadata declared no required binaries while the instructions repeatedly invoke `openclaw` and `tailscale`; the skill should declare these as required so users know what will be executed.
!
Instruction Scope
Instructions are narrowly focused on diagnosing routes and pairing, which fits the purpose. However the doc recommends running `openclaw devices approve --latest` (a privileged, state-changing operation) without instructing the agent/operator to verify the device identity or to ask for explicit human confirmation. That elevates scope from read-only diagnostics to potentially dangerous write/approval actions.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or written to disk by the skill itself.
Credentials
No environment variables, secrets, or config paths are requested. The skill relies on locally available CLIs and their outputs only, which is proportional to its stated function.
Persistence & Privilege
always:false (normal). Still, the skill includes commands that change gateway state and approve devices. If this skill is invoked autonomously by an agent, those commands could be executed without manual review; users should ensure they trust the invoking agent before allowing autonomous runs.
What to consider before installing
This skill appears to do what it says (diagnose pairing/route problems) but take care before using it: (1) confirm the system has the openclaw and tailscale CLIs available — the skill should declare these binaries but does not, so expect those commands to run; (2) the instructions include a command that approves pending devices — do not run that blindly. Require the agent to show the device details and ask for explicit human confirmation before running any approve/change commands; (3) if you allow autonomous agent invocation, be aware it could run state-changing commands; consider running the troubleshooting steps yourself or in a safe/test environment first. If the author provides updated metadata declaring required binaries and adds an explicit verification/confirmation step before approval, the skill would be more trustworthy.

Like a lobster shell, security has layers — review code before you run it.

latestvk971e7562yf3n83vy29j65fsqh85qsn1
34downloads
0stars
1versions
Updated 10h ago
v1.0.0
MIT-0
辉哥@1yihui
latest
Download

tags:

  • networking
  • pairing
  • troubleshooting compatibility: openclaw license: MIT

Node Connect

Goal: find the one real route from node -> gateway, verify OpenClaw is advertising that route, then fix pairing/auth.

Topology first

Decide which case you are in before proposing fixes:

  • same machine / emulator / USB tunnel
  • same LAN / local Wi-Fi
  • same Tailscale tailnet
  • public URL / reverse proxy

Do not mix them.

  • Local Wi-Fi problem: do not switch to Tailscale unless remote access is actually needed.
  • VPS / remote gateway problem: do not keep debugging localhost or LAN IPs.

If ambiguous, ask first

If the setup is unclear or the failure report is vague, ask short clarifying questions before diagnosing.

Ask for:

  • which route they intend: same machine, same LAN, Tailscale tailnet, or public URL
  • whether they used QR/setup code or manual host/port
  • the exact app text/status/error, quoted exactly if possible
  • whether openclaw devices list shows a pending pairing request

Do not guess from can't connect.

Canonical checks

Prefer openclaw qr --json. It uses the same setup-code payload Android scans.

openclaw config get gateway.mode
openclaw config get gateway.bind
openclaw config get gateway.tailscale.mode
openclaw config get gateway.remote.url
openclaw config get gateway.auth.mode
openclaw config get gateway.auth.allowTailscale
openclaw config get plugins.entries.device-pair.config.publicUrl
openclaw qr --json
openclaw devices list
openclaw nodes status

If this OpenClaw instance is pointed at a remote gateway, also run:

openclaw qr --remote --json

If Tailscale is part of the story:

tailscale status --json

Read the result, not guesses

openclaw qr --json success means:

  • gatewayUrl: this is the actual endpoint the app should use.
  • urlSource: this tells you which config path won.

Common good sources:

  • gateway.bind=lan: same Wi-Fi / LAN only
  • gateway.bind=tailnet: direct tailnet access
  • gateway.tailscale.mode=serve or gateway.tailscale.mode=funnel: Tailscale route
  • plugins.entries.device-pair.config.publicUrl: explicit public/reverse-proxy route
  • gateway.remote.url: remote gateway route

Root-cause map

If openclaw qr --json says Gateway is only bound to loopback:

  • remote node cannot connect yet
  • fix the route, then generate a fresh setup code
  • gateway.bind=auto is not enough if the effective QR route is still loopback
  • same LAN: use gateway.bind=lan
  • same tailnet: prefer gateway.tailscale.mode=serve or use gateway.bind=tailnet
  • public internet: set a real plugins.entries.device-pair.config.publicUrl or gateway.remote.url

If gateway.bind=tailnet set, but no tailnet IP was found:

  • gateway host is not actually on Tailscale

If qr --remote requires gateway.remote.url:

  • remote-mode config is incomplete

If the app says pairing required:

  • network route and auth worked
  • approve the pending device
openclaw devices list
openclaw devices approve --latest

If the app says bootstrap token invalid or expired:

  • old setup code
  • generate a fresh one and rescan
  • do this after any URL/auth fix too

If the app says unauthorized:

  • wrong token/password, or wrong Tailscale expectation
  • for Tailscale Serve, gateway.auth.allowTailscale must match the intended flow
  • otherwise use explicit token/password

Fast heuristics

  • Same Wi-Fi setup + gateway advertises 127.0.0.1, localhost, or loopback-only config: wrong.
  • Remote setup + setup/manual uses private LAN IP: wrong.
  • Tailnet setup + gateway advertises LAN IP instead of MagicDNS / tailnet route: wrong.
  • Public URL set but QR still advertises something else: inspect urlSource; config is not what you think.
  • openclaw devices list shows pending requests: stop changing network config and approve first.

Fix style

Reply with one concrete diagnosis and one route.

If there is not enough signal yet, ask for setup + exact app text instead of guessing.

Good:

  • The gateway is still loopback-only, so a node on another network can never reach it. Enable Tailscale Serve, restart the gateway, run openclaw qr again, rescan, then approve the pending device pairing.

Bad:

  • Maybe LAN, maybe Tailscale, maybe port forwarding, maybe public URL.

Comments

Loading comments...