Skillv1.0.0

ClawScan security

Agent Peer via Tailscale · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 11, 2026, 4:42 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and instructions are coherent with its stated purpose (connecting two OpenClaw agents over Tailscale), but there are a few metadata and sensitive-data handling details you should be aware of before using it.
Guidance: This skill appears to do what it says: it helps two OpenClaw gateways talk over a Tailscale VPN. Before installing/using it, make sure you (1) trust the peer you will share auth keys and gateway tokens with — those tokens grant direct access to your gateway, (2) never paste auth keys or gateway tokens into public places; prefer short-lived/revocable Tailscale auth keys and rotate gateway tokens after testing, (3) be cautious about storing tokens in plaintext files (peer-agent/peer-config.md or shared logs) — keep these files out of version control and cloud backups, (4) prefer using Tailscale ACLs or per-device ACLs to limit access, (5) avoid binding the gateway to 0.0.0.0 unless necessary; consider binding to the Tailscale IP specifically, and enable gateway.auth, and (6) review the included script (scripts/peer_config.py) before running — it will attempt to run 'tailscale ip -4' and read common OpenClaw config paths to auto-detect info. If you want higher assurance, ask the author to: declare required binaries (tailscale, openclaw) in metadata, avoid writing tokens to disk by prompting to copy/paste only into ephemeral prompts, and document the exact security implications of exchanging tokens.

Review Dimensions

Purpose & Capability: noteThe skill's behavior (use of Tailscale and OpenClaw gateway settings) matches the description. One minor inconsistency: registry metadata lists no required binaries/env but the instructions and included script clearly expect the 'tailscale' binary and the 'openclaw' gateway CLI/config to be present.
Instruction Scope: noteSKILL.md stays within peer-networking purpose but explicitly instructs binding the gateway to 0.0.0.0 and exchanging gateway tokens/auth keys. The included docs/scripts guide storing gateway tokens and peer tokens in plaintext files (peer-agent/peer-config.md and shared-log.md), and the Python helper attempts to auto-read local OpenClaw config paths and run 'tailscale ip -4'. These are in-scope for setup but involve reading and persisting sensitive config data.
Install Mechanism: okNo install spec included (instruction-only). Install steps recommend standard platform installers or tailscale's official install script (tailscale.com). No downloads from untrusted personal servers in the skill itself.
Credentials: concernThe skill does not declare environment variables, but it instructs exchanging and storing sensitive secrets: Tailscale auth keys, OpenClaw gateway tokens, and agent IDs. The helper script may read user config files (~/.openclaw/config.json) to auto-detect gateway info. Requesting and persisting those secrets is functionally necessary for peer operation but increases risk if files are shared, backed up, or published.
Persistence & Privilege: okalways is false and the skill does not request elevated or always-on privileges. It writes a single peer-agent/peer-config.md in the working directory (expected). Autonomous agent invocation (sessions_send) is enabled by default — standard for skills — so consider what agents are allowed to send to peers.