ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Reverse proxy from internet to open claw

v1.0.1

Connect OpenClaw to the internet via Tailscale Funnel. Use when user says "connect with ecto", "setup ecto connection", "expose openclaw publicly", or "enable external access".

0· 1.8k·1 current·1 all-time
by@tsheasha
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's stated purpose (expose OpenClaw via Tailscale Funnel) matches what the scripts do. However the registry metadata declares no required binaries or credentials while the scripts require Homebrew, tailscale, openclaw CLI, jq, curl, openssl and sudo. That mismatch (metadata says 'none' but the code clearly needs system tools and privileged actions) is an inconsistency the user should be aware of.
!
Instruction Scope
The SKILL.md and scripts instruct the agent/user to install software, run sudo tailscale commands (which open a browser for authentication), modify OpenClaw configuration, start background services, create a local credentials file (~/.openclaw/ecto-credentials.json), and provide a helper to package and share those credentials with others. These actions are in-scope for 'expose to internet' but they involve privileged operations and explicit credential exposure/sharing — a high-risk operation that should not be performed blindly.
Install Mechanism
There is no declared install spec in the registry, but the scripts perform network installs at runtime (Homebrew installer via raw.githubusercontent.com and 'brew install tailscale'). The hosts used are well-known (GitHub/Homebrew) rather than obscure URLs, which is expected for this task, but runtime installation of system packages and invoking remote install scripts increases risk and should be reviewed before running.
!
Credentials
The skill does not request environment variables or external credentials in metadata, which is consistent, but it does require sudo and a Tailscale account and creates a persistent credentials file containing a generated bearer token. It also includes a convenience script to package and share that credentials file with others — functionality that directly exposes access tokens and is disproportionate if users expect limited, local-only behavior.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or global agent settings. It does write files under the user's home directory, starts/stops services, and runs background processes (tailscaled, openclaw gateway) — behavior consistent with its purpose but which requires sudo and persistent runtime presence.
What to consider before installing
What to consider before installing/running: - This skill will install system software (Homebrew if missing, then Tailscale via brew) and requires sudo to start daemon processes — only run on machines you control. Review the Homebrew installer and any network install commands before executing. - It will generate and save a bearer token at ~/.openclaw/ecto-credentials.json and configure the OpenClaw gateway to accept password auth. That token grants API access to your OpenClaw instance; do not share it unless you explicitly intend to grant access. - The package-for-friend helper explicitly copies that credentials file into a shareable folder — this makes it easy to leak access. Prefer sharing transient credentials or revoke/regenerate the token immediately after use. - The registry metadata omits the real runtime requirements (tailscale, openclaw CLI, jq, curl, openssl). Treat that omission as a red flag: verify the scripts manually before running. - If you decide to use it: test in an isolated environment or VM first, inspect scripts line-by-line, and plan how to revoke access (regen token, disable Funnel) after exposure. Consider using Tailscale ACLs and tailnet admin settings instead of broad public sharing. If you want, I can: (1) point out exact lines in scripts that perform installs and create/share credentials, (2) produce a safer checklist to run these scripts manually, or (3) suggest modifications to the scripts to avoid packaging credentials for sharing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9750ssdfj9n8t159hcyq0es2d80c3y3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔌 Clawdis

Comments