VibeTunnel
Manage VibeTunnel terminal sessions. Create, list, monitor, and control terminal sessions visible in the VibeTunnel web dashboard.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 1.7k · 4 current installs · 4 all-time installs
MIT-0
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name, description, and SKILL.md consistently describe managing VibeTunnel terminal sessions via the REST API. The SKILL.md uses curl and jq for all examples (both declared as required binaries). The metadata and install spec also advertise an npm 'vibetunnel' package and require a 'vibetunnel' binary — the README never invokes that binary. This is a small inconsistency (CLI advertised but not used in the instructions) but plausible (the package may provide a convenience CLI).
Instruction Scope
SKILL.md instructs only API calls to VT_URL (default localhost) using curl/jq; it does not reference unrelated files, other env vars, or unexpected endpoints. However, the documented operations intentionally allow creating sessions that run arbitrary commands and set working directories on the target host — this is expected for a terminal-session manager but is powerful: the skill (when pointed at a server) can cause arbitrary command execution there.
Install Mechanism
Install is an npm package named 'vibetunnel' that creates a 'vibetunnel' binary. npm installs are a common, moderate-risk mechanism (they write code to disk). The SKILL.md examples do not require the CLI to function, so installing the package appears optional for the documented REST usage. Verify the npm package provenance and contents before installing.
Credentials
Only VT_URL is declared as primaryEnv and used in SKILL.md. That is appropriate for a service client. One important operational note: VT_URL can point to a remote server, so granting the skill access to a VT_URL you don't control effectively gives it the ability to run commands on that server — verify and restrict where VT_URL points and ensure server-side authentication/authorization is in place.
Persistence & Privilege
The skill does not request permanent/global presence (always:false), does not declare config paths, and does not attempt to modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but is not combined with unusual privileges.
Assessment
This skill is coherent with its stated purpose, but you should: (1) confirm VT_URL points only to servers you trust (pointing to a remote/production host gives the skill the ability to execute arbitrary commands there); (2) inspect the npm package and the GitHub repository before installing the 'vibetunnel' CLI and prefer installing in an isolated environment if you must; (3) ensure the VibeTunnel server has authentication, is on a trusted network, and that you understand what commands the agent may ask to run; (4) note the minor mismatch that the SKILL.md uses curl/jq while metadata advertises a vibetunnel binary — check whether you actually need to install that CLI.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🖥️ Clawdis
Binsvibetunnel, curl, jq
Primary envVT_URL
Install
Install VibeTunnel (npm)
Bins: vibetunnel
npm i -g vibetunnelSKILL.md
VibeTunnel
Manage VibeTunnel terminal sessions via REST API. Create, list, monitor, and control sessions visible in the web dashboard.
Setup
VibeTunnel must be running. Default: http://localhost:8080. Override with VT_URL env var.
Health Check
curl -s ${VT_URL:-http://localhost:8080}/api/health | jq .
List Sessions
curl -s ${VT_URL:-http://localhost:8080}/api/sessions | jq .
Compact view:
curl -s ${VT_URL:-http://localhost:8080}/api/sessions | jq -r '.[] | "\(.status | if . == "running" then "●" else "○" end) \(.name) [\(.id | .[0:8])]"'
Create Session
curl -s -X POST ${VT_URL:-http://localhost:8080}/api/sessions \
-H "Content-Type: application/json" \
-d '{"command": ["zsh", "-l", "-i"], "name": "my-session", "workingDir": "/path/to/dir"}' | jq .
Parameters:
command: array — command + args (default:["zsh", "-l", "-i"])name: string — display nameworkingDir: string — working directorycols: number — terminal width (default: 120)rows: number — terminal height (default: 30)
Get Session
curl -s ${VT_URL:-http://localhost:8080}/api/sessions/<id> | jq .
Delete Session
curl -s -X DELETE ${VT_URL:-http://localhost:8080}/api/sessions/<id> | jq .
Send Input
curl -s -X POST ${VT_URL:-http://localhost:8080}/api/sessions/<id>/input \
-H "Content-Type: application/json" \
-d '{"text": "ls -la\n"}' | jq .
Note: include \n to execute the command.
Resize Session
curl -s -X POST ${VT_URL:-http://localhost:8080}/api/sessions/<id>/resize \
-H "Content-Type: application/json" \
-d '{"cols": 150, "rows": 40}' | jq .
Examples
Launch Claude Code session:
curl -s -X POST ${VT_URL:-http://localhost:8080}/api/sessions \
-H "Content-Type: application/json" \
-d '{"command": ["claude"], "name": "claude-code", "workingDir": "~/repos/my-project"}' | jq .
Launch tmux session:
curl -s -X POST ${VT_URL:-http://localhost:8080}/api/sessions \
-H "Content-Type: application/json" \
-d '{"command": ["tmux", "new", "-A", "-s", "work"], "name": "tmux-work"}' | jq .
Clean up exited sessions:
curl -s ${VT_URL:-http://localhost:8080}/api/sessions | jq -r '.[] | select(.status == "exited") | .id' | \
xargs -I {} curl -s -X DELETE ${VT_URL:-http://localhost:8080}/api/sessions/{}
Environment Variables
| Variable | Default | Description |
|---|---|---|
VT_URL | http://localhost:8080 | VibeTunnel server URL |
Files
1 totalSelect a file
Select a file to preview.
Comments
Loading comments…