ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Private Bridge

v1.0.2

Secure outbound-only relay for remote OpenClaw control — no exposed ports, no SSH, no Telegram.

0· 410·0 current·0 all-time
byJason Czarnecki@jason-czar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (PrivateBridge / remote-relay) match the included code: the RelayClient opens an outbound WebSocket to a configured relay, authenticates with a token and node_id, sends heartbeats, and dispatches capability-scoped commands (prompt, status, restart, workflow). Required env vars (RELAY_URL, NODE_ID, AUTH_TOKEN) align with functionality.
Instruction Scope
SKILL.md instructs only to configure relay_url/node_id/auth_token and start OpenClaw; the runtime code only uses those values and the provided OpenClaw runtime interface. The instructions do not ask the agent to read other files, environment variables, or system configuration. Note: SKILL.md asserts the relay does not persist prompt content — that is a promise by the remote operator and cannot be verified from the client code.
Install Mechanism
There is no install script or external download. The package is instruction- and code-based with local TypeScript files; nothing in the manifest pulls third-party binaries or remote archives during install.
Credentials
The skill requires exactly three env/config values: relay URL, node id, and auth token. Those are appropriate and proportional to establishing an authenticated outbound relay connection. No unrelated secrets or system credentials are requested.
Persistence & Privilege
The skill is not forced-always-installed (always: false) and does not modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but is consistent with the skill's purpose (it needs to receive remote commands while running).
Assessment
This skill appears internally consistent, but it gives a remote operator the ability to send prompts, trigger workflows, and restart your OpenClaw instance over an authenticated outbound channel. Before installing: only configure a relay URL you trust, treat AUTH_TOKEN like a secret and rotate it if compromised, review the relay operator's privacy/persistence guarantees (the client cannot enforce server-side retention), run the skill on a host with appropriate isolation/permissions, and monitor logs/network usage. If you need stronger assurance, review the relay server code or host your own relay.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cqqq64pwng62ry0zra5xjgd81s2bw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔒 Clawdis
EnvRELAY_URL, NODE_ID, AUTH_TOKEN
Primary envAUTH_TOKEN

Comments