Back to skill

Security audit

Agent Peer via Tailscale

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent for connecting peer agents over Tailscale, but it handles gateway tokens and network exposure in ways users should review carefully before installing.

Install only if you understand that this grants a trusted peer direct messaging access to your OpenClaw gateway. Prefer binding the gateway to the Tailscale IP instead of 0.0.0.0, use Tailscale ACLs, keep gateway tokens out of repositories and synced folders, restrict file permissions on any generated config, rotate tokens after setup, and avoid the generic file-sharing, proxying, and full-firewall-disable troubleshooting steps unless you have isolated the exposure.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill instructs users to run shell commands and create configuration files, yet it declares no permissions. That mismatch hides the skill's actual capabilities from reviewers and users, increasing the chance that file writes and command execution occur without appropriate scrutiny or sandboxing.

Intent-Code Divergence

Low
Confidence
94% confidence
Finding
The documentation normalizes binding the gateway to 0.0.0.0, which exposes it on all network interfaces rather than only the Tailscale interface. If the host is connected to other networks or firewall rules are weak, the gateway may become reachable beyond the intended private VPN, enabling unauthorized access attempts against an agent interface that can receive delegated actions and session traffic.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The guide expands from agent-to-agent VPN setup into general-purpose file serving and proxying, which materially broadens the attack surface. In this skill’s context, encouraging ad hoc HTTP file sharing over the Tailscale mesh can expose files or services to other tailnet members without clearly scoping access or warning about network visibility.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script collects both agents' gateway tokens and writes them into `peer-agent/peer-config.md` in plaintext along with network endpoints and agent identifiers. In the context of an agent-to-agent connectivity skill, these credentials are highly sensitive because anyone who reads the file may be able to access gateways or impersonate a peer, making compromise of the host, repo, backups, or shared files much more damaging.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document promotes cross-machine agent messaging over Tailscale and maintaining a persistent shared log, but it does not present a prominent user-facing warning about privacy, retention, consent, or data-handling consequences. In this skill context, that omission matters because the stated use cases include sharing session context and delegation between agents, which creates a realistic risk of sensitive project information being transmitted or stored without clear guardrails.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file-sharing example starts a Python HTTP server on the Tailscale-accessible interface but does not warn that any permitted device on the tailnet may be able to access the served files. In a collaboration skill designed to connect separate agents and machines, this omission makes accidental data exposure more likely because users may assume the share is only visible to the intended peer.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The troubleshooting guide recommends disabling Windows Firewall entirely as a test step, which can expose the host to unrelated inbound network traffic and reduce protections beyond the specific OpenClaw gateway port. In this skill's context, the gateway is intentionally bound to 0.0.0.0 and exposed over a mesh VPN, so encouraging full firewall disablement materially increases attack surface during setup and troubleshooting.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The generated Markdown file contains plaintext gateway tokens plus peer connection details, but the script provides no warning that it is storing secrets unencrypted on disk. In this skill's context, users are explicitly encouraged to share parts of the generated file with peers, which raises the chance of accidental credential disclosure through copy/paste, screenshots, sync services, backups, or source control.

External Script Fetching

High
Category
Supply Chain
Content
# Download and install Tailscale
winget install Tailscale.Tailscale   # Windows
# or: brew install tailscale         # macOS
# or: curl -fsSL https://tailscale.com/install.sh | sh  # Linux

# Start Tailscale and authenticate
tailscale up --accept-routes
Confidence
98% confidence
Finding
curl -fsSL https://tailscale.com/install.sh | sh

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.