Install
openclaw skills install tailscaleTailscale
Manage Tailscale tailnet via CLI and API. Use when the user asks to "check tailscale status", "list tailscale devices", "ping a device", "send file via tailscale", "tailscale funnel", "create auth key", "check who's online", or mentions Tailscale network management.
Audits
PassTailscale Skill
Hybrid skill using CLI for local operations and API for tailnet-wide management.
Setup
API config (optional, for tailnet-wide operations): ~/.clawdbot/credentials/tailscale/config.json
{
"apiKey": "tskey-api-k...",
"tailnet": "-"
}
Get your API key from: Tailscale Admin Console → Settings → Keys → Generate API Key
The tailnet can be - (auto-detect), your org name, or email domain.
Local Operations (CLI)
These work on the current machine only.
Status & Diagnostics
# Current status (peers, connection state)
tailscale status
tailscale status --json | jq '.Peer | to_entries[] | {name: .value.HostName, ip: .value.TailscaleIPs[0], online: .value.Online}'
# Network diagnostics (NAT type, DERP, UDP)
tailscale netcheck
tailscale netcheck --format=json
# Get this machine's Tailscale IP
tailscale ip -4
# Identify a Tailscale IP
tailscale whois 100.x.x.x
Connectivity
# Ping a peer (shows direct vs relay)
tailscale ping <hostname-or-ip>
# Connect/disconnect
tailscale up
tailscale down
# Use an exit node
tailscale up --exit-node=<node-name>
tailscale exit-node list
tailscale exit-node suggest
File Transfer (Taildrop)
# Send files to a device
tailscale file cp myfile.txt <device-name>:
# Receive files (moves from inbox to directory)
tailscale file get ~/Downloads
tailscale file get --wait ~/Downloads # blocks until file arrives
Expose Services
# Share locally within tailnet (private)
tailscale serve 3000
tailscale serve https://localhost:8080
# Share publicly to internet
tailscale funnel 8080
# Check what's being served
tailscale serve status
tailscale funnel status
SSH
# SSH via Tailscale (uses MagicDNS)
tailscale ssh user@hostname
# Enable SSH server on this machine
tailscale up --ssh
Tailnet-Wide Operations (API)
These manage your entire tailnet. Requires API key.
List All Devices
./scripts/ts-api.sh devices
# With details
./scripts/ts-api.sh devices --verbose
Device Details
./scripts/ts-api.sh device <device-id-or-name>
Check Online Status
# Quick online check for all devices
./scripts/ts-api.sh online
Authorize/Delete Device
./scripts/ts-api.sh authorize <device-id>
./scripts/ts-api.sh delete <device-id>
Device Tags & Routes
./scripts/ts-api.sh tags <device-id> tag:server,tag:prod
./scripts/ts-api.sh routes <device-id>
Auth Keys
# Create a reusable auth key
./scripts/ts-api.sh create-key --reusable --tags tag:server
# Create ephemeral key (device auto-removes when offline)
./scripts/ts-api.sh create-key --ephemeral
# List keys
./scripts/ts-api.sh keys
DNS Management
./scripts/ts-api.sh dns # Show DNS config
./scripts/ts-api.sh dns-nameservers # List nameservers
./scripts/ts-api.sh magic-dns on|off # Toggle MagicDNS
ACLs
./scripts/ts-api.sh acl # Get current ACL
./scripts/ts-api.sh acl-validate <file> # Validate ACL file
Common Use Cases
"Who's online right now?"
./scripts/ts-api.sh online
"Send this file to my phone"
tailscale file cp document.pdf my-phone:
"Expose my dev server publicly"
tailscale funnel 3000
"Create a key for a new server"
./scripts/ts-api.sh create-key --reusable --tags tag:server --expiry 7d
"Is the connection direct or relayed?"
tailscale ping my-server