Telnyx Network
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly aligned with Telnyx/WireGuard networking, but it grants persistent elevated network control and makes a firewall safety claim that the included scripts do not clearly enforce.
Review this skill before installing. It is not clearly malicious, but it changes local networking, may expose services to the internet, can incur Telnyx charges, and can add persistent passwordless sudo for WireGuard. Verify firewall behavior yourself and remove the sudoers rule when finished.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may expose a machine believing only selected ports are reachable, when the included implementation does not clearly enforce that guarantee.
This strong safety claim is not clearly backed by the provided scripts: expose.sh appends ACCEPT rules for selected ports, but the artifacts do not show a corresponding default-deny firewall rule for the WireGuard interface.
Only explicitly exposed ports accept traffic on the WireGuard interface. All other ports are blocked by default.
Before using public exposure, verify the actual firewall policy on the WireGuard interface and add explicit default-deny rules if needed.
After setup, the agent can make privileged network-interface changes without an interactive sudo prompt.
The script creates a persistent sudoers rule allowing the user, and therefore the agent acting as that user, to run WireGuard commands without a password, with no argument or config-path restriction shown.
SUDOERS_LINE="$TARGET_USER ALL=(ALL) NOPASSWD: $WG_PATHS"
Only run setup-sudoers.sh if you need autonomous WireGuard control, review the generated sudoers file, restrict it where possible, and remove it when no longer needed.
Using the skill can create or delete Telnyx resources and may incur monthly charges.
The skill uses the Telnyx API key to create cloud network resources, including a WireGuard gateway that the documentation says costs money.
curl -s -X POST "$API_BASE/networks" ... curl -s -X POST "$API_BASE/wireguard_interfaces"
Use a Telnyx key with the least privileges available, monitor billing, and require explicit user approval before creating or deleting resources.
Other nodes in the mesh registry may be treated as reachable peers, so incorrect or untrusted registrations could affect agent-to-agent workflows.
The skill intentionally supports inter-agent discovery through a Telnyx Storage registry, which is useful for the stated purpose but introduces identity and trust-boundary considerations.
This enables OpenClaw instances to automatically discover and communicate with each other.
Use a private, access-controlled bucket, register only trusted nodes, and do not treat discovered peers as trusted without additional authentication.
Users may need to install an extra global npm package to use all features.
Some registry commands rely on a globally installed Telnyx CLI even though the top-level requirements only declare the wg binary.
Telnyx CLI not found. Install with: npm install -g @telnyx/api-cli
Install the Telnyx CLI only from the official package source and confirm the version before using registry features.