Tailscale
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate Tailscale management skill, but it can perform powerful tailnet changes and should be used only with explicit approval for sensitive actions.
This skill is suitable if you want Clawdbot to help manage Tailscale, but treat it like an admin tool. Review commands before they run, especially anything that deletes devices, creates reusable auth keys, changes DNS, enables SSH, sends files, or exposes a local service with Tailscale Funnel.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could remove devices, authorize devices, create reusable access keys, or otherwise change the user's Tailscale network state.
The skill clearly documents tailnet-wide administrative actions, including authorization, deletion, and auth-key creation. These are aligned with the Tailscale management purpose, but they are high-impact operations that should not be run without user confirmation.
These manage your entire tailnet. Requires API key. ... ./scripts/ts-api.sh authorize <device-id> ... ./scripts/ts-api.sh delete <device-id> ... ./scripts/ts-api.sh create-key --reusable --tags tag:server
Confirm the exact device, key, DNS, SSH, or public-exposure action with the user before running mutating commands, especially delete, authorize, create-key, magic-dns, serve/funnel, or SSH-related commands.
Anyone or any agent process with access to the API key could perform Tailscale API operations permitted by that key.
The helper script loads a Tailscale API key from a local credentials file or environment variable and uses it for authenticated API calls. This is expected for tailnet-wide management, but the key is sensitive and may grant broad account authority.
CONFIG_FILE="${TS_CONFIG:-$HOME/.clawdbot/credentials/tailscale/config.json}" ... TS_API_KEY=$(jq -r '.apiKey // empty' "$CONFIG_FILE") ... curl ... -u "${TS_API_KEY}:"Use the least-privileged and shortest-lived Tailscale API key practical, protect the credentials file permissions, and remove or rotate the key when it is no longer needed.
Setup may be less clear, and users may need to manually create the config file and ensure required tools such as tailscale, curl, and jq are installed.
The README references a config.json.example file that is not present in the supplied file manifest, and the registry requirements do not declare the external tools used by the script. This is a minor packaging/provenance gap, not evidence of malicious behavior.
cp config.json.example ~/.clawdbot/credentials/tailscale/config.json
Before installing, verify the included script, create the credential file manually if needed, and install only the expected Tailscale tooling from trusted sources.