Reverse proxy from internet to open claw
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its stated purpose, but it opens a persistent public OpenClaw API, encourages sharing a bearer-token credential, and runs unpinned setup code from the internet.
Install only if you intentionally want your OpenClaw API reachable from the public internet. Review the script first, preinstall dependencies if possible, keep the token private, share it only with trusted people, and run the disconnect script when you no longer need external access.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who receives or obtains the token can use the user's public OpenClaw API; the artifacts do not define per-user scopes, expiration, rate limits, or limited permissions.
The credential file contains the public URL and bearer token, and the README explicitly encourages sharing it to grant API access.
"Your credentials are saved to `~/.openclaw/ecto-credentials.json`" ... "Share this file with anyone you want to give API access to your OpenClaw instance."
Only share credentials with highly trusted recipients. Prefer per-recipient tokens, expiration, rate limits, clear revocation steps, and explicit warnings about what remote API users can do.
Running the setup can execute changing third-party installation code on the user's machine before the proxy is configured.
If Homebrew is missing, the setup script downloads and runs the current HEAD version of a remote installer at runtime, without pinning or verification.
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
Preinstall dependencies through trusted channels, pin or verify installer versions, and prompt the user before running remote installation scripts.
Installing or running the skill can interrupt an existing gateway and change how OpenClaw is exposed and authenticated.
The setup directly changes OpenClaw gateway configuration, enables API endpoints, writes the auth password, and forcibly restarts existing gateway processes.
openclaw config set gateway.auth.password "$AUTH_TOKEN" ... jq --arg password "$AUTH_TOKEN" '.gateway.bind = "loopback" | ... .gateway.http.endpoints.responses.enabled = true ...' ... pkill -9 -f "openclaw.*gateway"
Review the config changes before running, keep the generated backup, and run the script only when ready to restart the gateway.
OpenClaw may remain reachable from the internet after setup until the user runs the disconnect command or otherwise disables the funnel.
The script starts both the Tailscale Funnel and OpenClaw gateway as background services, which is expected for this skill but creates persistent access.
sudo tailscale funnel --bg $GATEWAY_PORT ... nohup openclaw gateway run --port $GATEWAY_PORT --force > "$GATEWAY_LOG" 2>&1 &
Use the status and disconnect scripts to verify exposure, revoke/regenerate tokens when sharing changes, and disable the funnel when external access is no longer needed.