VPN
v1.0.0Configure and troubleshoot VPN connections for privacy and remote access.
⭐ 2· 1.3k·11 current·11 all-time
byIván@ivangdavila
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The SKILL.md content (privacy, DNS leaks, kill switch, protocols, troubleshooting, self-hosting caveats) matches the declared purpose (configure and troubleshoot VPNs). There are no unrelated requirements requested.
Instruction Scope
The runtime instructions are purely explanatory guidance and do not instruct the agent to read files, access environment variables, call external endpoints, or perform actions outside VPN configuration/troubleshooting context.
Install Mechanism
No install spec or code files are present; this is instruction-only and writes nothing to disk. Lowest-risk install profile.
Credentials
The skill requests no environment variables, credentials, or config paths — proportional to an informational/troubleshooting guide.
Persistence & Privilege
No special persistence requested (always is false) and the skill does not attempt to modify other skills or system-level settings.
Assessment
This skill is a read-only guide — it explains VPN concepts and common troubleshooting steps but contains no automation, installers, or credential requests. It cannot configure your system itself. If you need the agent to actually change VPN settings, prefer a skill that explicitly and narrowly lists the exact binaries and credentials required (and review those before granting). Otherwise you can use this as reference material but apply commands manually and carefully verify any instructions before running them on your machine.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
🔒 Clawdis
OSLinux · macOS · Windows
latest
Privacy Misconceptions
- VPN shifts trust from ISP to VPN provider — provider sees all traffic, not eliminated
- "No logs" claims are marketing — unverifiable without independent audits
- VPN doesn't provide anonymity — browser fingerprinting, account logins, payment methods still identify
- Free VPNs monetize traffic data — if not paying, you're the product
- Self-hosted VPN exits from your IP — no privacy benefit, services see your home address
DNS Leaks
- DNS queries can bypass tunnel — reveals visited sites despite encrypted traffic
- Test after every setup — leak test sites show if DNS goes through ISP instead of tunnel
- System DNS settings may override VPN — force DNS through tunnel in client settings
Kill Switch
- Brief VPN disconnects expose real IP — happens without user noticing
- Kill switch blocks all traffic when tunnel drops — essential for privacy use cases
- Test by forcing disconnect — traffic should stop completely, not fall back to direct
Split Tunneling Risks
- Misconfiguration sends sensitive traffic direct — defeats VPN purpose
- Full tunnel safer default — split only when deliberately excluding specific apps
- Local network access often requires split — printing, casting break with full tunnel
Protocol Traps
- PPTP encryption is broken — trivially cracked, never use regardless of convenience
- UDP blocked on some networks — TCP fallback needed for restrictive firewalls
- WireGuard uses fixed ports — easier to block than OpenVPN on 443
Mobile Issues
- WiFi calling fails through most VPNs — carrier limitation, not fixable
- Banking apps detect and block VPN — may need exclusion in split tunnel
- Battery drain varies significantly — WireGuard most efficient by large margin
Connection Failures
- "Connected" but no internet — usually DNS misconfigured, not routing issue
- Works on phone not laptop — local firewall or antivirus interfering
- Constant reconnects — try TCP instead of UDP, increase keepalive interval
Self-Hosted Traps
- Exit IP is your home IP — services see where you live, no geo-bypass benefit
- Requires static IP or dynamic DNS — clients can't find changing endpoints
- Unmaintained server becomes liability — security updates are your responsibility
Comments
Loading comments...