Skillv1.0.1

ClawScan security

OpenClaw Tailscale Remote Access · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 8, 2026, 4:56 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and runtime instructions match its stated purpose (configuring OpenClaw gateway + Tailscale Serve); it will change local OpenClaw config, restart the gateway service, and modify Tailscale Serve state, which is consistent with its description.
Guidance: This skill appears to do what it advertises: it will read and overwrite your OpenClaw config (~/.openclaw/openclaw.json, with a timestamped backup), restart the openclaw-gateway user service, and run tailscale commands (serve, up, reset). Before using it: 1) verify you are on a safe management session (not a Tailscale SSH session) as the skill warns; 2) confirm the exact path to your openclaw.json and any gateway token you intend to insert; 3) inspect the bundled scripts (they are small and human-readable) and test them in a non-production environment if possible; 4) note the metadata omission (the registry did not declare the config path) and ensure the skill will operate on the correct config file. If you are uncomfortable with automatic config changes, run the inspect script first and run apply_gateway_config.py manually after reviewing the backup it will create.

Review Dimensions

Purpose & Capability: noteThe skill name/description, SKILL.md, and included scripts all consistently implement configuring OpenClaw for Tailscale Serve + HTTPS. One small metadata mismatch: the registry metadata lists no required config paths, but SKILL.md and the scripts clearly operate on ~/.openclaw/openclaw.json (and read ~/.openclaw/devices/pending.json). Otherwise the declared required binaries (bash, python3, tailscale, systemctl, curl) are appropriate for the stated task.
Instruction Scope: okRuntime instructions are narrowly scoped to inspecting Tailscale/OpenClaw state, updating the OpenClaw gateway config, restarting the user service, and configuring Tailscale Serve. The inspector reads the OpenClaw config and pending pairing file (both relevant). The skill warns about safety (do not run tailscale up from a Tailscale SSH session). There are no instructions to read unrelated system files or send data to unknown remote endpoints.
Install Mechanism: okNo remote install or download steps are present — the skill is instruction-first and ships small helper scripts. Nothing is fetched from external or untrusted URLs during install, so install risk is low.
Credentials: noteThe skill does not request secrets or external credentials in metadata. It does require a gateway token as an input to write into the OpenClaw config (the token is necessary for the declared behavior). The scripts will read and overwrite ~/.openclaw/openclaw.json (with a timestamped backup) and may read ~/.openclaw/devices/pending.json; these file accesses are proportionate but the registry metadata did not list the config path, which is an omission the user should be aware of.
Persistence & Privilege: okThe skill does not request permanent platform presence (always:false) and does not modify other skills. It will perform privileged local actions appropriate to its purpose: editing the gateway config, restarting a user systemd service, and running tailscale serve / up which change network state. Those side-effects are expected for this functionality; the SKILL.md includes safety warnings about running from a Tailscale session.