ClawHub

OGP Expose

v0.2.3

Expose OGP daemon via public tunnel (cloudflared/ngrok). Automates tunnel setup so federated peers can reach your gateway from anywhere on the internet, with...

0· 97·0 current·0 all-time
bylatentgenius@dp-pcs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (expose OGP daemon via tunnel) matches the instructions and required binary (ogp). Optional use of cloudflared/ngrok, editing ~/.ogp/config.json, and creating tunnel config files are all expected for this functionality.
Instruction Scope
SKILL.md stays within scope (start tunnels, update ~/.ogp/config.json, run cloudflared/ngrok). It also instructs creating files under ~/.cloudflared and running commands that may require sudo (moving cloudflared to /usr/local/bin). These are reasonable for installing/running tunnels, but ~/.cloudflared was not listed in the skill header's state_paths (minor inconsistency).
Install Mechanism
The skill is instruction-only (no automated install). It recommends standard installs: npm -g @dp-pcs/ogp, Homebrew or GitHub releases for cloudflared, and official ngrok downloads. These are typical but have the usual risks of running global npm installs and moving binaries into /usr/local/bin (requires sudo).
Credentials
The skill declares no required environment variables or credentials. It does instruct users to configure provider-specific auth (ngrok authtoken, cloudflared login) as part of normal setup — that is proportional and expected.
Persistence & Privilege
The skill does not force persistent installation (always:false). It documents optional persistent setups (systemd/LaunchAgent, named cloudflared tunnel). Those are user-triggered steps; nothing in the skill attempts to persist or modify other skills automatically.
Assessment
This skill appears internally consistent for exposing an OGP daemon via cloudflared or ngrok. Before installing or following the commands, consider: (1) Tunnels route traffic through third-party providers — only expose services you intend to be reachable and trust Cloudflare/ngrok for privacy and availability. (2) The instructions may ask you to store provider credentials (ngrok authtoken, cloudflared credentials) in your home directory; keep those secrets private. (3) Global npm installs and moving binaries into /usr/local/bin require sudo and run third-party code — review the npm package (@dp-pcs/ogp) and downloads before running. (4) For production use prefer a named cloudflared tunnel or custom domain and carefully review firewall and daemon settings. (5) Minor note: the skill docs reference ~/.cloudflared but that path wasn't listed in the header's state_paths — expect the skill to read/write both ~/.ogp and ~/.cloudflared during setup. If you are uncomfortable installing third-party binaries or exposing the gateway publicly, test with temporary tunnels first and avoid enabling persistent system services.

Like a lobster shell, security has layers — review code before you run it.

latestvk978k3v4s8skme8y7d220h8sdh83ks15

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsogp

Comments