{"skill":{"slug":"agent-peer-tailscale","displayName":"Agent Peer via Tailscale","summary":"Connect two OpenClaw agents running on different machines as peer collaborators via Tailscale VPN. Enables direct sessions_send communication between agents...","description":"---\nname: agent-peer-tailscale\ndescription: \"Connect two OpenClaw agents running on different machines as peer collaborators via Tailscale VPN. Enables direct sessions_send communication between agents on separate hosts with no public IP, no port forwarding, and no middle server. Use when: (1) two OpenClaw agents on different machines need to collaborate on projects, (2) mentor/peer agent wants to send tips and insights to another agent in real-time, (3) setting up a peer network of OpenClaw agents, (4) two agents need to share session context or delegate work to each other. Triggers on: connect two agents, peer agents, Tailscale VPN, cross-machine agents, agent collaboration VPN, OpenClaw peer network.\"\n---\n\n# Agent Peer via Tailscale\n\nTwo OpenClaw agents on different machines — connected as peers over Tailscale VPN. No public IP, no port forwarding, no relay server. Direct `sessions_send` between them as if on the same LAN.\n\n## What You Get\n\n```\nMachine A (You) Machine B (Friend)\n────────────── ───────────────\nOpenClaw: :8080 OpenClaw: :8080\nTailscale: 100.x.x.x Tailscale: 100.x.x.x\n ↓ ↓\n └────────── Tailscale VPN (encrypted) ──────┘\n ↓\n sessions_send(sessionKey=...,\n gatewayUrl=\"http://100.x.x.x:8080\")\n```\n\nBoth agents can send messages, session context, tips, and task delegations directly to each other.\n\n## Prerequisites\n\n1. **OpenClaw gateway running** on both machines (local gateway, not node mode)\n2. **Tailscale installed** on both machines (free account at tailscale.com)\n3. **Both machines on the same Tailscale network** (one creates the network, shares auth key)\n4. **Gateway bound to Tailscale interface** (not localhost only)\n\n## Step 1 — Install and Configure Tailscale\n\n### On Machine A (the host)\n```bash\n# Download and install Tailscale\nwinget install Tailscale.Tailscale # Windows\n# or: brew install tailscale # macOS\n# or: curl -fsSL https://tailscale.com/install.sh | sh # Linux\n\n# Start Tailscale and authenticate\ntailscale up --accept-routes\n\n# Note the Tailscale IP (write this down for Machine B)\ntailscale ip -4\n```\n\n### On Machine B (join the network)\n```bash\n# Install Tailscale the same way\n# Then join using the auth key from Machine A's Tailscale admin console\ntailscale up --accept-routes --authkey=\n\n# Note your Tailscale IP\ntailscale ip -4\n```\n\nBoth machines now have IPs like `100.x.x.x` on a private encrypted network.\n\n## Step 2 — Configure OpenClaw Gateway for Tailscale\n\nBy default, OpenClaw binds to `localhost`. You need it to bind to all interfaces so the peer can reach it over Tailscale.\n\nCheck your gateway config:\n```bash\nopenclaw gateway status\n```\n\nSet `gateway.bind` to `0.0.0.0` (all interfaces) or specifically the Tailscale IP:\n```json\n{\n \"gateway\": {\n \"bind\": \"0.0.0.0\",\n \"port\": 8080\n }\n}\n```\n\nApply and restart:\n```\nopenclaw gateway restart\n```\n\n**Security note:** Binding to `0.0.0.0` exposes your gateway on all network interfaces. Tailscale traffic is encrypted peer-to-peer, but make sure you have a strong gateway token/password set. Consider `gateway.auth` to require token authentication.\n\n## Step 3 — Exchange Gateway URLs\n\nOnce both gateways are reachable over Tailscale, exchange the peer gateway URLs:\n\n**Machine A** tells Machine B:\n```\nGateway URL: http://:8080\nGateway token: \n```\n\n**Machine B** tells Machine A:\n```\nGateway URL: http://:8080\nGateway token: \n```\n\n## Step 4 — Create Peer Config File\n\nOn each machine, create a peer configuration at `peer-agent/peer-config.md`:\n\n**Your config (Machine A):**\n```markdown\n# My Peer Configuration\n\nMy Tailscale IP: \nMy Gateway URL: http://:8080\nMy Gateway Token: \n\n# Peer (Machine B)\nPeer Name: \nPeer Tailscale IP: \nPeer Gateway URL: http://:8080\nPeer Gateway Token: \n\n# How to reach my agent\n# Use sessions_send with the gatewayUrl pointing to my gateway above.\n# My agentId for direct targeting: \n```\n\n## Step 5 — Test the Connection\n\nFrom Machine A, test reaching Machine B's gateway:\n```bash\n# Ping the peer's gateway over Tailscale\ncurl http://:8080/health --connect-timeout 5\n```\n\nYou should get a health response. If not, check that the peer's gateway is bound to `0.0.0.0` and their firewall allows incoming on port 8080 from the Tailscale network.\n\n## Step 6 — Send Messages Between Agents\n\nOnce connectivity is confirmed, use `sessions_send` with `gatewayUrl` pointing to the peer:\n\n```json\nsessions_send(\n sessionKey=\"\",\n agentId=\"\",\n message=\"Hey, need your take on something — I'm stuck on...\",\n gatewayUrl=\"http://:8080\",\n gatewayToken=\"\"\n)\n```\n\n## Daily Collaboration Patterns\n\n### Pattern 1: Morning Handoff\nEach morning, each agent sends the other a brief status update:\n```\nsessions_send(\n message=\"Morning! Here's where I'm at: [project status]. Blockers: [if any]. \n Any insights on [specific problem]?\",\n gatewayUrl=\"http://:8080\",\n gatewayToken=\"\"\n)\n```\n\n### Pattern 2: Quick Insight\nWhen one agent learns something useful:\n```\n\"Something I learned today that might help you: [insight]\"\n```\n\n### Pattern 3: Code/Review Request\n```\n\"Can you review my approach to [task]? Here it is: [description]. \n Is there a better pattern I'm missing?\"\n```\n\n### Pattern 4: Delegation\n```\n\"I've got a task that's more your specialty — want to delegate this to you? [task details].\n Let me know if you have capacity.\"\n```\n\n## Reference Files\n\n- `references/tailscale-setup.md` — detailed Tailscale install, network setup, auth key sharing\n- `references/peer-communication.md` — message format, frequency, session management\n- `references/troubleshooting.md` — NAT, firewall, connection issues\n- `scripts/peer_config.py` — interactive config generator for the peer setup\n\n## Security Notes\n\n- **Tailscale is encrypted end-to-end** — no one on the internet can see the traffic\n- **Gateway token is required** — don't share your gateway token in plain text over an unsecured channel; use a private message or password manager\n- **Only share with people you trust** — the peer can send messages that execute as your agent\n- **Revoke auth keys** from the Tailscale admin console if the friendship ends\n- **Consider `gateway.access`** — restrict which sessions can be targeted from peers\n","tags":{"agents":"1.0.0","collaboration":"1.0.0","latest":"1.0.0","peer":"1.0.0","tailscale":"1.0.0","vpn":"1.0.0"},"stats":{"comments":0,"downloads":432,"installsAllTime":16,"installsCurrent":1,"stars":0,"versions":1},"createdAt":1775882521365,"updatedAt":1778492525637},"latestVersion":{"version":"1.0.0","createdAt":1775882521365,"changelog":"- Initial release of agent-peer-tailscale skill.\n- Enables direct peer-to-peer collaboration between two OpenClaw agents across different machines using Tailscale VPN.\n- No need for public IPs, port forwarding, or relay servers—communication is direct and encrypted.\n- Supports live sharing of session context, tips, task delegation, and real-time insights between agents.\n- Includes step-by-step instructions for setup, configuration, and testing.","license":"MIT-0"},"metadata":null,"owner":{"handle":"fuzzyb33s","userId":"s171y86qx1dr1xnbf5etrq3ke984dt9a","displayName":"Fuzzyb33s","image":"https://avatars.githubusercontent.com/u/221636957?v=4"},"moderation":{"isSuspicious":false,"isMalwareBlocked":false,"verdict":"clean","reasonCodes":["review.llm_review"],"summary":"Review: review.llm_review","engineVersion":"v2.4.24","updatedAt":1780090373098}}