iOS Setup
v1.0.2Sets up the OpenClaw iOS app by deploying the stats server, configuring access via domain/nginx, Tailscale, LAN, or manual setup, and provides connection det...
⭐ 0· 70·0 current·0 all-time
byParham Majdabadi@parham-dev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to deploy/configure the OpenClaw stats server and expose connection details; the included scripts detect the install type, locate the workspace, read the OpenClaw gateway token, start the stats_server.py, and produce connectivity guidance (nginx, Tailscale, LAN). All requested operations and commands are coherent with that purpose.
Instruction Scope
Instructions and scripts read local OpenClaw configuration (CLI and ~/.openclaw/openclaw.json), inspect the workspace to find stats_server.py, call system tools (pgrep, nginx, tailscale), and make an outbound request to api.ipify.org to determine public IP. These actions are relevant to determining connectivity and supplying the app token, but they do access a credential (gateway token) and run local scripts — the user should review any workspace scripts (e.g. ensure_stats_server.sh) before allowing execution.
Install Mechanism
This is an instruction-only skill with no install spec; it does not download or write new packages itself. The deploy script's docstring mentions installing Python deps, but the provided code doesn't perform arbitrary remote downloads. Overall, no high-risk installer behavior detected.
Credentials
The skill does not declare required env vars but does read the OpenClaw gateway token (via CLI or ~/.openclaw/openclaw.json). Accessing that token is proportionate to the task (the iOS app needs it), but it is a sensitive credential — users should be aware the skill reads it from local config files.
Persistence & Privilege
The skill does not request always:true and will not force itself into agent runs. It may instruct the user to add a @reboot crontab line or set Docker restart: unless-stopped; those are user-driven steps. It will execute an existing ensure_stats_server.sh if present in the workspace — this is expected but users should inspect that script since it will be run.
Assessment
This skill appears to do what it says: find your OpenClaw workspace, read the gateway token from your local config, start the stats server, and produce connection details for the iOS app. Before running it: (1) inspect workspace scripts it might run (notably scripts/dashboard/ensure_stats_server.sh and scripts/dashboard/stats_server.py) to ensure they are what you expect, (2) be aware it will read ~/.openclaw/openclaw.json or call openclaw config to obtain the gateway token (necessary for the app), (3) expect it to call system tools (tailscale, nginx) and to make a small outbound request to api.ipify.org to detect your public IP, and (4) follow prompts before applying crontab or docker-compose changes — the skill suggests edits but should not change system config without your explicit action.Like a lobster shell, security has layers — review code before you run it.
dashboardvk97b9s6x0xz6gd0etb2npbnvth83xj9piosvk97b9s6x0xz6gd0etb2npbnvth83xj9platestvk97b9s6x0xz6gd0etb2npbnvth83xj9psetupvk97b9s6x0xz6gd0etb2npbnvth83xj9pstats-servervk97b9s6x0xz6gd0etb2npbnvth83xj9p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.