Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
openclaw-twoway deployment
v1.0.0Deploy OpenClaw with a cloud gateway using Tailscale and SSH tunnel for secure local control, including auto environment check and firewall setup.
⭐ 0· 70·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (deploy OpenClaw with a cloud gateway via Tailscale/SSH and auto environment/firewall setup) aligns with what the scripts do: install/enable Tailscale, install Node/OpenClaw, configure firewall rules, create systemd service(s) and generate tokens. Nothing requested is extraneous to deployment.
Instruction Scope
The SKILL.md and included scripts instruct the agent (and the user) to run as root, modify firewall/security groups, install packages from network sources, create systemd services, generate and write tokens to plaintext files, and set an explicit insecure configuration flag (plan2: "dangerouslyAllowInsecurePrivateWs" / OPENCLAW_ALLOW_INSECURE_PRIVATE_WS=1). Those actions are within deployment scope but have security implications and weaken default protections—this is not just diagnostic or read-only.
Install Mechanism
There is no formal install spec in the registry, but the scripts perform network installs at runtime: curl | sh from tailscale.com and NodeSource, and npm install -g openclaw (sometimes via a third-party npm mirror registry.npmmirror.com). These are common for deployment but carry moderate risk (remote scripts executed as root; npm global installs pull third‑party code).
Credentials
The skill declares no required environment variables or external credentials, which is consistent; however, it generates secrets (random tokens) and writes them to ~/.openclaw/token.txt or plaintext JSON config files, and it enables 'dangerouslyAllowInsecurePrivateWs'. Saving tokens unencrypted and enabling insecure options are disproportionate security risks relative to a straightforward deployment and should be justified or changed.
Persistence & Privilege
The scripts create and enable a systemd service so the gateway runs persistently and require root to install/configure—this is expected for a server deployment. The skill does not demand 'always: true' or other unusual platform privileges, nor does it modify other skills' config. Still, it introduces a persistent service that will run with system privileges.
What to consider before installing
This package appears to implement the claimed deployment, but take precautions before running the scripts as root: 1) Inspect the scripts line-by-line (they run curl | sh and npm install -g). 2) Remove or change the insecure options (plan2 sets dangerouslyAllowInsecurePrivateWs and an environment flag OPENCLAW_ALLOW_INSECURE_PRIVATE_WS=1). 3) Don't leave generated tokens in plaintext; store them with restrictive permissions (chmod 600) or use a secret store. 4) Prefer the official npm registry if you mistrust mirrors, and audit the openclaw package code before global install. 5) Limit exposure of SSH (port 22) and gateway ports in cloud security groups—use key-based SSH and restrict source IPs where possible. 6) If unsure, run the deployment first in an isolated VM or test instance rather than a production host. If you want, I can highlight the exact lines in the scripts that set insecure flags, write tokens to files, or run remote installers so you can review them.Like a lobster shell, security has layers — review code before you run it.
latestvk974gzq7cx7h9kc8vpzvkdbbdh8386ez
License
MIT-0
Free to use, modify, and redistribute. No attribution required.