Teleport tsh SSH (Identity-First SSH Access, no passwords/static keys)
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for Teleport SSH access, but it can use a local Machine ID credential to run remote commands and copy files, so users should verify the identity, proxy, and requested actions.
Install only if you intend the agent to use Teleport tsh for SSH access. Verify the tsh binary is trusted, the selected Machine ID identity is least-privileged, the saved proxy is correct, and any remote command or SCP operation is one you explicitly want performed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with a powerful Teleport identity, the agent can run commands or copy files on permitted remote hosts.
The skill documents remote command execution through tsh. This is central to the stated SSH purpose, but commands run with the privileges granted by the Teleport identity.
`tsh -i <identity> --proxy=<proxy> ssh <host> -- <command> [args...]`
Use least-privilege Teleport roles, specify the target host and command clearly, and review destructive or production-impacting commands before execution.
Anyone or anything using that identity may gain the Teleport access allowed by its roles.
The skill uses a local Teleport Machine ID identity file that may contain private key material and certificates. This is expected for Teleport access, but it is sensitive credential use.
Default identity path: `~/.openclaw/workspace/tbot/identity` ... `-----BEGIN PRIVATE KEY-----`
Protect the identity file, keep the Machine ID role narrowly scoped, avoid exposing file contents, and confirm the selected identity path before use.
Users may not realize from metadata alone that they need a trusted local Teleport client and a sensitive identity file.
Registry metadata does not declare the tsh dependency or identity/config paths, while the SKILL.md clearly requires them. This appears under-declared rather than hidden.
Required binaries (all must exist): none ... Primary credential: none ... Required config paths: none
Install tsh from official Teleport sources and treat the local identity/config paths as part of the skill's security boundary.
Future invocations may reuse the saved proxy value without asking again.
The skill persists a proxy address for reuse. This is disclosed and limited to configuration, not hidden autonomous execution.
prompt user for Teleport proxy address, then save it to `~/.openclaw/workspace/tbot/proxy` for future runs
Check or remove the saved proxy file if you change clusters or do not want the proxy remembered.