Reverse proxy from internet to open claw
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: reverse-proxy-local Version: 1.0.1 The skill is designed to expose the OpenClaw API publicly via Tailscale Funnel, which inherently involves high-risk operations. It uses `sudo` extensively for installing and managing Tailscale, and modifies OpenClaw's configuration. The primary reason for classifying as suspicious is the `scripts/connect.sh` script's use of `curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh | /bin/bash -c` to install Homebrew, which is a common supply chain risk vector, allowing arbitrary code execution if the remote script or server is compromised. While the intent appears aligned with the stated purpose (exposing the API and sharing access), this method of installation introduces a significant vulnerability.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who receives or obtains the token can use the user's public OpenClaw API; the artifacts do not define per-user scopes, expiration, rate limits, or limited permissions.
The credential file contains the public URL and bearer token, and the README explicitly encourages sharing it to grant API access.
"Your credentials are saved to `~/.openclaw/ecto-credentials.json`" ... "Share this file with anyone you want to give API access to your OpenClaw instance."
Only share credentials with highly trusted recipients. Prefer per-recipient tokens, expiration, rate limits, clear revocation steps, and explicit warnings about what remote API users can do.
Running the setup can execute changing third-party installation code on the user's machine before the proxy is configured.
If Homebrew is missing, the setup script downloads and runs the current HEAD version of a remote installer at runtime, without pinning or verification.
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
Preinstall dependencies through trusted channels, pin or verify installer versions, and prompt the user before running remote installation scripts.
Installing or running the skill can interrupt an existing gateway and change how OpenClaw is exposed and authenticated.
The setup directly changes OpenClaw gateway configuration, enables API endpoints, writes the auth password, and forcibly restarts existing gateway processes.
openclaw config set gateway.auth.password "$AUTH_TOKEN" ... jq --arg password "$AUTH_TOKEN" '.gateway.bind = "loopback" | ... .gateway.http.endpoints.responses.enabled = true ...' ... pkill -9 -f "openclaw.*gateway"
Review the config changes before running, keep the generated backup, and run the script only when ready to restart the gateway.
OpenClaw may remain reachable from the internet after setup until the user runs the disconnect command or otherwise disables the funnel.
The script starts both the Tailscale Funnel and OpenClaw gateway as background services, which is expected for this skill but creates persistent access.
sudo tailscale funnel --bg $GATEWAY_PORT ... nohup openclaw gateway run --port $GATEWAY_PORT --force > "$GATEWAY_LOG" 2>&1 &
Use the status and disconnect scripts to verify exposure, revoke/regenerate tokens when sharing changes, and disable the funnel when external access is no longer needed.