ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Remoting

v1.1.0

Mirror your Claude Code terminal in a browser for remote viewing and real-time interaction. Creates a public web terminal via localhost.run tunnel.

0· 90·0 current·0 all-time
by@topcheer

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for topcheer/remoting.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Remoting" (topcheer/remoting) from ClawHub.
Skill page: https://clawhub.ai/topcheer/remoting
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: node
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install remoting

ClawHub CLI

Package manager switcher

npx clawhub@latest install remoting
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the instructions: the SKILL.md tells the user to run an npm package (remotego) to export the current terminal to a public tunnel. Declaring node as a required binary is appropriate.
!
Instruction Scope
The instructions create a public, interactive shell session (any URL holder can interact). SKILL.md does not warn about data leakage (exposing env vars, files, credentials) nor explicitly mention the need to confirm user consent before exposing an interactive shell. It also suggests --cwd which may expose local project files to remote users.
!
Install Mechanism
The runtime flow relies on npm/npx to fetch and execute @remotego/remotego from the registry (npx executes remote code). The SKILL.md lists a GitHub homepage (topcheer/claude-remoting) that does not obviously match the npm package name (@remotego/remotego) — this mismatch is unexplained and increases supply-chain risk.
!
Credentials
No env vars are declared, but tunneling via localhost.run typically uses SSH (SKILL.md even references SSH port 22). That implies use of the user's SSH agent/keys which is sensitive and not declared. The skill exposes the full terminal, which can leak secrets, credentials, or files — a high-impact capability that should be called out and constrained.
Persistence & Privilege
always is false and there is no install spec in the skill bundle itself. However SKILL.md encourages global npm install (-g) which modifies the system; running npx will execute remote code transiently. The skill does not request persistent platform privileges, but following its instructions may install software to disk.
What to consider before installing
This skill will open a publicly reachable, interactive shell session — anyone with the URL can type commands and see your terminal, so it can expose sensitive files, environment variables, or credentials. Before using: 1) Don’t run this on a machine containing secrets; prefer an isolated VM/container. 2) Verify the npm package and source code before running (check npm owner, package homepage, and the GitHub repo contents). The SKILL.md lists @remotego/remotego but points to a different GitHub repo — confirm this mismatch. 3) Be aware tunnels often reuse your SSH agent/keys (check whether localhost.run will access your SSH keys) and avoid exposing machines with SSH credentials. 4) Prefer using read-only/viewer modes if available, or restrict --cwd to an empty/safe directory. 5) If you must use it, run npx in a disposable environment, avoid global installs, and never run as root. If you want me to, I can: (a) help locate and inspect the npm package and its GitHub repo, or (b) suggest safer alternatives (screen-only viewers, authenticated sharing services) and command examples for running inside a disposable container.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🖥️ Clawdis
OSmacOS · Linux
Binsnode
latestvk979mqg7hsn495m6c2xpcephp983w2rd
90downloads
0stars
1versions
Updated 4w ago
v1.1.0
MIT-0
macOS, Linux
@topcheer
latest
Download

/remoting - Mirror Claude Code in a Browser

Expose the current Claude Code session as a public web terminal. Anyone with the URL can view and interact with the terminal from their browser.

When to Use

The user says something like:

  • "Share my terminal"
  • "Mirror my Claude session"
  • "Let someone watch my screen"
  • "Remote access to this terminal"
  • "Open in browser"

Quick Start

Install and launch:

# If not already installed
npm install -g @remotego/remotego

# Start mirroring Claude Code
remotego claude

Or run without installing:

npx @remotego/remotego claude

With Options

# Custom port
remotego claude --port 9000

# Custom tunnel domain (localhost.run)
remotego claude --domain myterm.localhost.run

# Custom working directory
remotego claude --cwd ~/my-project

What the User Sees

  1. Terminal output shows:
    • Local URL: http://localhost:7681?session=<uuid>
    • Public URL: https://xxxxx.lhr.life?session=<uuid>
  2. Browser opens automatically with the public URL
  3. Terminal output from Claude Code appears in the browser in real-time
  4. Browser users can type and interact with the session

Security

  • Random session UUID per start — only URL holders can connect
  • 5-second auth timeout for new connections
  • All output is cached so new viewers see full history

Stopping

Press Ctrl+C in the terminal, or the user can type /exit.

Troubleshooting

IssueSolution
node not foundInstall from https://nodejs.org/
Tunnel failsFalls back to localhost URL; check SSH port 22
Port in useUse --port to pick another

Comments

Loading comments...