Skill

v0.4.0

Discover, name, and manage OpenClaw instances on your LAN. Scan for AI agents, check status, set aliases, resolve .claw names, and get connection URLs via th...

0· 354·0 current·0 all-time
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill and SKILL.md consistently describe querying a local clawnexus daemon (localhost:17890) to list, inspect, scan, alias, resolve, and build connection URLs. Requiring curl in the SKILL.md examples is reasonable; the packaged code uses fetch and an optional CLAWNEXUS_API env var to target the daemon.
Instruction Scope
Runtime instructions only instruct contacting the local daemon endpoints and running/starting the clawnexus daemon (npm install -g clawnexus; clawnexus start). The only potentially sensitive runtime action is POST /scan (which triggers a network scan) — this is within the declared purpose (discovering instances). Instructions do not ask the agent to read unrelated files or external secrets.
Install Mechanism
No install spec is provided (instruction-only). The repository includes a Node package (normal for a skill); there are no downloads from untrusted URLs or extract actions. The README notes installing the separate clawnexus daemon via npm, which is standard but requires user privilege to install globally.
Credentials
The registry metadata lists no required env vars, but the code and README accept an optional CLAWNEXUS_API environment variable (defaults to http://localhost:17890). This is reasonable, but it's a declared override that could redirect the skill to a different API URL if set — users should ensure CLAWNEXUS_API points to a trusted local daemon.
Persistence & Privilege
always is false (no forced inclusion). The skill will make network calls (fetch/curl) to the configured API; because autonomous invocation is allowed by default, an agent could call the local daemon automatically. This is expected for a discovery/management skill but increases scope if you don't trust the daemon or the skill's invocation context.
Assessment
This skill appears to do what it claims: it talks to a local ClawNexus daemon to discover and manage OpenClaw instances. Before installing or enabling it, ensure you trust the clawnexus daemon you will run (npm install -g clawnexus) and the GitHub project on the skill homepage. Note the skill will call http://localhost:17890 by default — the CLAWNEXUS_API env var can override that, so keep it pointing at a trusted daemon. Be aware that calling the /scan endpoint triggers LAN scanning (intended behavior for discovery); if you do not want automated network scans or want to restrict the skill's actions, avoid granting the agent autonomous invocation or keep the daemon offline when not needed.
dist/index.js:6
Environment variable access combined with network send.
src/index.ts:4
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🦞 Clawdis
Binscurl
latestvk976ftpj10x28t8b8d08wvtm2x82ykw8
354downloads
0stars
3versions
Updated 1mo ago
v0.4.0
MIT-0

ClawNexus

Overview

ClawNexus is a naming and discovery layer for OpenClaw. It runs a local daemon that automatically discovers OpenClaw instances on your network and assigns them readable names, so you can refer to instances by alias (e.g., "home") instead of IP addresses.

Works across networks too — instances can register .claw names (like home.alan.id.claw) and connect via encrypted relay from anywhere.

Prerequisites

# Install and start the daemon
npm install -g clawnexus
clawnexus start

When NOT to Use

  • Daemon not running → tell the user to run clawnexus start first
  • User only has one OpenClaw instance and doesn't need discovery
  • Cross-internet connections without a .claw name (use local LAN only)

Commands

List all known instances

curl -s http://localhost:17890/instances | jq '.instances[] | {name: (.alias // .auto_name), status, address}'

Check a specific instance (by alias, auto_name, or address:port)

curl -s http://localhost:17890/instances/home
curl -s http://localhost:17890/instances/olivia
curl -s http://localhost:17890/instances/192.168.1.10:18789

Scan the local network for OpenClaw instances

curl -s -X POST http://localhost:17890/scan

Set a friendly alias for an instance

curl -s -X PUT http://localhost:17890/instances/olivia/alias \
  -H "Content-Type: application/json" \
  -d '{"alias": "home"}'

Get the WebSocket URL to connect to an instance

# Get address and port, then build URL
curl -s http://localhost:17890/instances/home | jq '"ws://\(.address):\(.gateway_port)"'

Check daemon health

curl -s http://localhost:17890/health

Resolve a .claw name (Registry, requires internet + v0.2+)

curl -s http://localhost:17890/resolve/myagent.id.claw

Workflow: "Is home online?"

  1. Check instances: curl -s http://localhost:17890/instances
  2. Look for alias "home" in the response
  3. If status: "online" → confirm to user
  4. If not found → suggest scanning: curl -X POST http://localhost:17890/scan

Workflow: "Connect me to raspi"

  1. Resolve: curl -s http://localhost:17890/instances/raspi
  2. Build URL: ws://<address>:<gateway_port>
  3. Report URL to user for use with OpenClaw's gateway connect

Troubleshooting

  • "Connection refused" on localhost:17890 → The ClawNexus daemon is not running. Tell the user to run clawnexus start.
  • No instances found → The daemon may have just started. Run curl -s -X POST http://localhost:17890/scan to trigger a network scan, then retry listing.
  • Instance shows status: "offline" → The OpenClaw gateway on that machine may be stopped. The instance was previously discovered but is not currently reachable.

Notes

  • Instance identifiers accept: alias, auto_name, display_name, agent_id, IP address, or address:port
  • auto_name is derived from the hostname (e.g., hostname "Olivia" → auto_name "olivia")
  • is_self: true instances are the local machine (address 127.0.0.1); useful for health checks
  • The daemon persists registry to ~/.clawnexus/registry.json

Comments

Loading comments...