ZeroTier Remote Web Access
v1.0.1通过 ZeroTier 自动绑定 OpenClaw Gateway 到虚拟 IP,实现安全便捷的远程 WEB 控制和访问管理功能。
⭐ 0· 353·0 current·0 all-time
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (ZeroTier remote web access) matches the implementation: scripts check ZeroTier, read/modify ~/.openclaw/openclaw.json, back up files, and restart the OpenClaw gateway. No unrelated credentials or cloud APIs are requested.
Instruction Scope
The SKILL.md and scripts perform file reads/writes under the user's home (~/.openclaw/openclaw.json), system commands (systemctl, zerotier-cli, ip, ss, pgrep, pkill, nohup), and modify auth-related fields (allowInsecureAuth, dangerouslyDisableDeviceAuth) and bind to 0.0.0.0. These actions are within the stated scope but have significant security implications (they deliberately relax authentication and expose services). SKILL.md also suggests installing ZeroTier via `curl | sudo bash`, which is a potentially risky installation pattern to follow blindly.
Install Mechanism
This is an instruction-only skill with included scripts; there is no install spec that downloads external archives. The skill does not pull code from third-party URLs at install time. The only external installation guidance in SKILL.md is a recommendation to run ZeroTier's installer via curl, which is common but should be treated cautiously.
Credentials
The skill requests no environment variables or external credentials. It reads and writes the local OpenClaw config and uses local system tools (ZeroTier CLI, systemctl). That access is proportional to the purpose of changing gateway binding and authentication.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It only modifies the OpenClaw configuration in the user's home directory and restarts the gateway process; it does not alter other skills or system-wide agent settings. This is expected for its functionality.
Assessment
This skill appears to do what it says: it will back up and modify ~/.openclaw/openclaw.json, bind the gateway to 0.0.0.0, add your ZeroTier IP to allowedOrigins, and intentionally relax authentication (allowInsecureAuth = true, dangerouslyDisableDeviceAuth = true). Those are powerful, security-reducing changes — only enable them if you fully understand the risks and trust all devices on the ZeroTier network. Before running: 1) Manually inspect the scripts (they're included) and confirm you accept the auth changes. 2) Make an independent manual backup of ~/.openclaw/openclaw.json and test recovery. 3) Do not blindly run the suggested `curl | sudo bash` installer — instead use official distribution channels or review the installer script. 4) After enabling, rotate or securely manage tokens printed by the script and restrict ZeroTier network membership to trusted devices. 5) Note there are some coding issues (use of await/import in places that may cause runtime errors); test in a safe environment before using on production systems. If you want, I can highlight the exact lines that change authentication and show a safer recommended config alternative.Like a lobster shell, security has layers — review code before you run it.
latest
ZeroTier Remote Web Access Skill
利用 ZeroTier 实现 OpenClaw 远程 WEB 访问的技能。
功能
- ✅ 检查 ZeroTier 网络状态
- ✅ 自动配置 OpenClaw Gateway 绑定到 ZeroTier IP
- ✅ 一键启用/禁用远程访问
- ✅ 提供恢复备份功能
使用场景
当用户需要:
- 在公司或外面远程访问家里的 OpenClaw
- 通过网页 Control UI 远程管理 OpenClaw
- 不暴露公网 IP 的情况下实现安全远程访问
前提条件
-
ZeroTier 已安装并运行
# 检查服务状态 systemctl status zerotier-one # 如果未安装 curl https://install.zerotier.com | sudo bash -
已加入 ZeroTier 网络
# 加入网络 (需要 Network ID) sudo zerotier-cli join <Network-ID> # 在 zerotier.com 网页授权设备 -
获取 ZeroTier IP
# 查看分配的 IP ip addr show | grep -A 2 "zt" # 或 zerotier-cli listnetworks
使用方法
1. 检查当前状态
# 运行检查脚本
node ~/.openclaw/workspace/skills/zerotier-remote-web/scripts/check-status.mjs
输出示例:
✅ ZeroTier 服务:运行中
✅ 网络接口:ztjlhry67z
✅ ZeroTier IP: 10.243.127.213
❌ Gateway 绑定:loopback (仅本地访问)
2. 启用远程访问
# 自动配置并重启 Gateway
node ~/.openclaw/workspace/skills/zerotier-remote-web/scripts/enable-remote.mjs
脚本会:
- 备份当前配置 (
openclaw.json.backup-YYYYMMDD-HHMMSS) - 修改 Gateway 配置绑定到
0.0.0.0(所有网络接口) - 重启 Gateway 服务
- 验证配置是否生效
3. 禁用远程访问(恢复本地)
# 恢复到本地绑定
node ~/.openclaw/workspace/skills/zerotier-remote-web/scripts/disable-remote.mjs
4. 从备份恢复
# 列出所有备份
ls -la ~/.openclaw/openclaw.json.backup-*
# 恢复到指定备份
cp ~/.openclaw/openclaw.json.backup-20260304-152800 ~/.openclaw/openclaw.json
pkill -f openclaw-gateway
nohup openclaw gateway > /tmp/openclaw-gateway.log 2>&1 &
远程访问方法
从远程设备访问
-
远程设备安装 ZeroTier
- 手机/电脑都要安装 ZeroTier 客户端
- 加入同一个 Network ID
- 在 zerotier.com 授权设备
-
访问 Control UI
# 本地访问 http://localhost:1880 # SSH 登录后访问 http://<服务器内网 IP>:1880 # 远程 ZeroTier 访问 http://<ZeroTier-IP>:1880 例如:http://10.243.127.213:1880 -
输入 Token 连接
- Token 在
~/.openclaw/openclaw.json的gateway.auth.token字段
- Token 在
配置文件说明
修改后的 ~/.openclaw/openclaw.json Gateway 配置:
"gateway": {
"port": 1880,
"mode": "local",
"bind": "custom",
"customBindHost": "0.0.0.0",
"controlUi": {
"allowedOrigins": [
"http://localhost:1880",
"http://127.0.0.1:1880",
"http://10.243.127.213:1880"
],
"allowInsecureAuth": true,
"dangerouslyDisableDeviceAuth": true
},
"auth": {
"mode": "token",
"token": "your-token-here"
}
}
关键字段说明
| 字段 | 说明 |
|---|---|
bind: "custom" | 使用自定义绑定地址 |
customBindHost | 0.0.0.0 绑定所有网络接口(推荐) |
port | Gateway 端口 (默认 1880) |
allowedOrigins | 允许的访问来源 |
故障排查
问题 1: ZeroTier 服务未运行
systemctl start zerotier-one
systemctl enable zerotier-one
问题 2: 设备未授权
- 登录 zerotier.com
- 找到你的网络
- 勾选 "Auth?" 授权新设备
问题 3: Gateway 无法启动
# 查看日志
tail -50 /tmp/openclaw-gateway.log
# 检查端口占用
ss -tlnp | grep 1880
# 手动启动测试
openclaw gateway --port 1880
问题 4: 远程无法连接
# 检查 ZeroTier 连接
zerotier-cli listnetworks
# 检查防火墙
sudo ufw allow 9993/udp # ZeroTier 端口
sudo ufw allow 1880/tcp # Gateway 端口
# 测试连通性
ping <ZeroTier-IP>
安全注意事项
⚠️ 重要:
- ZeroTier 网络 ID 和 Token 不要公开分享
- 只在可信设备上安装 ZeroTier 客户端
- 定期备份配置文件
- 如果不再需要远程访问,及时禁用
文件结构
~/.openclaw/workspace/skills/zerotier-remote-web/
├── SKILL.md # 本文档
└── scripts/
├── check-status.mjs # 检查状态脚本
├── enable-remote.mjs # 启用远程访问
└── disable-remote.mjs # 禁用远程访问
相关资源
- ZeroTier 官网:https://zerotier.com
- ZeroTier 文档:https://zerotier.atlassian.net/wiki/
- OpenClaw 文档:https://docs.openclaw.ai
版本: 1.0.0
创建日期: 2026-03-04
作者: 妞子 🌸
Comments
Loading comments...