ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Homebrew Bridge

v0.6.1

Expose Mac Homebrew tools like brew, gh, and other /opt/homebrew/bin CLIs on a Linux OpenClaw gateway by installing explicit same-LAN SSH wrappers with optio...

0· 371·1 current·1 all-time
byMatthew Murphy@matthewxmurphy
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (expose /opt/homebrew/bin tools from a Mac to a Linux gateway) matches the delivered scripts and instructions. The scripts create SSH wrappers, optionally use Wake-on-LAN, and perform OpenClaw config auto-discovery — all coherent with the stated purpose.
Instruction Scope
SKILL.md instructs running the included scripts which read the OpenClaw config (~/.openclaw/openclaw.json) for optional auto-discovery and create wrapper binaries in a specified target directory. The wrappers execute the remote Homebrew binary over SSH and optionally send UDP Wake-on-LAN packets via python3. There are no instructions to read unrelated system files or to send data to unknown external endpoints.
Install Mechanism
This is an instruction-only skill (no network downloads or package installs). The scripts are provided in the bundle and write wrapper files into the user-specified target directory. No remote install URLs or archive extraction steps are present.
Credentials
The skill declares no required environment variables or credentials. The runtime behavior relies on standard local items (SSH access, optional SSH key and known_hosts file if supplied, python3 for WOL, and an OpenClaw config file for discovery). These are proportional to the skill's purpose.
Persistence & Privilege
The skill does not request always:true or elevated platform privileges, and it does not modify other skills or global agent settings. It will create wrapper binaries in the supplied target directory, which is expected behavior for this functionality.
Assessment
This skill appears to do what it claims, but review and consider the following before installing: - The wrappers will execute commands on the remote Mac as the supplied user@host via SSH. Ensure you only point wrappers at trusted Mac nodes and that the SSH account has the expected privileges. - If you provide an SSH private key or a custom known_hosts file, keep those files secure; the scripts will reference the paths you pass in but do not attempt to hide or encrypt them. - The installer may read your OpenClaw config (~/.openclaw/openclaw.json) for auto-discovery — ensure that file contains only expected remoteHost entries. - Wake-on-LAN sends UDP broadcast packets and requires python3; verify your network policies allow this and that MAC addresses are correct. - The wrappers create executable scripts in the chosen target directory; inspect the generated wrapper script (it is human-readable) before putting it on a production gateway. - Do not use this for WAN/remote hosts or for exposing Mac-only privileged tools; the README already warns against that. If any of the above is unacceptable, do not install or run the scripts; otherwise the package is coherent for the documented use case.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🍺 Clawdis
latestvk97a2dcmxbpxkjs82yvxk0v1n582k8mj
371downloads
0stars
3versions
Updated 7h ago
v0.6.1
MIT-0
Matthew Murphy@matthewxmurphy
latest
Download

Homebrew Bridge

Use this skill when the real value is giving a Linux OpenClaw gateway access to a Mac node's Homebrew toolchain.

This skill is for /opt/homebrew/bin/<tool> wrappers such as:

  • brew
  • gh
  • other Homebrew-installed CLIs you want to expose from a Mac node

Use This Skill For

  • Linux gateways that should run Homebrew-backed tools through a Mac node
  • wrapper-backed skills that depend on brew, gh, or another Homebrew CLI
  • same-LAN Mac nodes that already hold the real Homebrew installs
  • optional host auto-discovery from OpenClaw config when only one Mac owner is known

Do Not Use This Skill For

  • tools that are inherently Mac-owned apps or permissioned CLIs like imsg or remindctl
  • Linux-native tools that should be installed on Linux directly
  • WAN-routed Macs or generic remote shell access

Requirements

  • Linux gateway and owning Mac share the same trusted local network or VLAN
  • Linux gateway can SSH to the owning Mac
  • the requested tool exists at /opt/homebrew/bin/<tool> on that Mac
  • the Mac stays awake during work windows or supports Wake-on-LAN

Workflow

1. Render A Tool Ownership Map

Run:

scripts/render-tool-map.sh /home/node/.openclaw/openclaw.json

This prints the inferred or fallback Mac owner for Homebrew-backed tools.

2. Install The Homebrew Pack

Example:

scripts/install-homebrew-pack.sh \
  --target-dir /home/node/.openclaw/bin \
  --tool brew \
  --tool gh \
  --tool claude \
  --default-host mac-ops@mac-node.local \
  --wake-map mac-node.local=AA:BB:CC:DD:EE:FF \
  --wake-wait 20 \
  --wake-retries 2

Host resolution order:

  • explicit --map tool=user@host
  • --default-host user@host
  • the single discovered remoteHost in the OpenClaw config, if there is exactly one
  • no repeated host questions when the OpenClaw config already resolves the owner

3. Verify The Pack

Run:

scripts/verify-homebrew-pack.sh --target-dir /home/node/.openclaw/bin

Design Contract

  • Linux owns the stable wrapper paths
  • the Mac owns the real /opt/homebrew/bin binaries
  • public skills depend on wrapper paths, not Mac paths
  • wrapper names stay explicit per tool

Files

  • scripts/install-wrapper.sh: create one SSH wrapper for a remote binary
  • scripts/install-homebrew-pack.sh: install a batch of Homebrew-backed wrappers
  • scripts/verify-homebrew-pack.sh: verify the installed wrappers
  • scripts/render-tool-map.sh: print inferred or fallback tool-to-host maps
  • references/skill-readiness.md: publishability rules for Homebrew-backed wrappers

Comments

Loading comments...