ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Tailscale Remote Access

v1.0.1

Configure or repair OpenClaw remote access over Tailscale with a directly executable workflow: inspect state, apply the gateway config, enable Tailscale Serv...

1· 275·1 current·1 all-time
byJiang_AgentLabs@jiangagentlabs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill name/description, SKILL.md, and included scripts all consistently implement configuring OpenClaw for Tailscale Serve + HTTPS. One small metadata mismatch: the registry metadata lists no required config paths, but SKILL.md and the scripts clearly operate on ~/.openclaw/openclaw.json (and read ~/.openclaw/devices/pending.json). Otherwise the declared required binaries (bash, python3, tailscale, systemctl, curl) are appropriate for the stated task.
Instruction Scope
Runtime instructions are narrowly scoped to inspecting Tailscale/OpenClaw state, updating the OpenClaw gateway config, restarting the user service, and configuring Tailscale Serve. The inspector reads the OpenClaw config and pending pairing file (both relevant). The skill warns about safety (do not run tailscale up from a Tailscale SSH session). There are no instructions to read unrelated system files or send data to unknown remote endpoints.
Install Mechanism
No remote install or download steps are present — the skill is instruction-first and ships small helper scripts. Nothing is fetched from external or untrusted URLs during install, so install risk is low.
Credentials
The skill does not request secrets or external credentials in metadata. It does require a gateway token as an input to write into the OpenClaw config (the token is necessary for the declared behavior). The scripts will read and overwrite ~/.openclaw/openclaw.json (with a timestamped backup) and may read ~/.openclaw/devices/pending.json; these file accesses are proportionate but the registry metadata did not list the config path, which is an omission the user should be aware of.
Persistence & Privilege
The skill does not request permanent platform presence (always:false) and does not modify other skills. It will perform privileged local actions appropriate to its purpose: editing the gateway config, restarting a user systemd service, and running tailscale serve / up which change network state. Those side-effects are expected for this functionality; the SKILL.md includes safety warnings about running from a Tailscale session.
Assessment
This skill appears to do what it advertises: it will read and overwrite your OpenClaw config (~/.openclaw/openclaw.json, with a timestamped backup), restart the openclaw-gateway user service, and run tailscale commands (serve, up, reset). Before using it: 1) verify you are on a safe management session (not a Tailscale SSH session) as the skill warns; 2) confirm the exact path to your openclaw.json and any gateway token you intend to insert; 3) inspect the bundled scripts (they are small and human-readable) and test them in a non-production environment if possible; 4) note the metadata omission (the registry did not declare the config path) and ensure the skill will operate on the correct config file. If you are uncomfortable with automatic config changes, run the inspect script first and run apply_gateway_config.py manually after reviewing the backup it will create.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f5f2vqdfn7297gd1cjhpqx582g6hp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsbash, python3, tailscale, systemctl, curl

Comments