← Back to Skills Marketplace
1393
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install shellphone-gateway
Description
Private WebSocket gateway enabling direct, encrypted communication between iOS devices and self-hosted AI bots with no third-party servers involved.
Usage Guidance
This skill is instruction‑only but asks you to fetch and run third‑party code and to connect an iPhone app and an external TTS/ASR service. Before installing or running anything: 1) Inspect the GitHub repo and PyPI package source (prefer a specific release tag/commit) and confirm the code does what you expect. 2) Run the gateway in an isolated environment (VM or container) and restrict network exposure; avoid binding to 0.0.0.0 if not needed. 3) Verify TLS certificates and understand the token authentication flow; rotate and revoke tokens if possible. 4) Consider that ScrappyLabs may receive audio — read their privacy policy if you care about external processing. 5) Prefer running only software you can audit, and do not expose your agent to untrusted mobile clients without additional access controls. If you want a safer install, ask the skill author for precise install hashes, a documented security model for tokens, and details about what data is sent to ScrappyLabs and the TestFlight app.
Capability Analysis
Type: OpenClaw Skill
Name:
Developer:
Version:
Description: OpenClaw Agent Skill
The skill bundle is benign. The `SKILL.md` file provides clear, straightforward instructions for a user to set up a self-hosted WebSocket gateway, including `git clone` and `pip install` commands pointing to a public GitHub repository and PyPI package. There are no instructions for the OpenClaw agent to perform malicious actions, no prompt injection attempts, no data exfiltration, and no obfuscation within the provided files. The content aligns with the stated purpose of connecting an iOS device to AI agents.
Capability Assessment
Purpose & Capability
The SKILL.md describes a self‑hosted WebSocket gateway for iOS and references GitHub, a pip package, Docker Compose, a TestFlight app, and ScrappyLabs TTS/ASR. The skill metadata, however, provides no description, declares no required binaries (git, docker, pip), no install spec, and no environment variables. That absence is inconsistent: a gateway that instructs cloning a repo or running Docker clearly relies on tools not declared in the metadata.
Instruction Scope
Runtime instructions direct the user/agent to clone and run third‑party code, run a long‑running local service that prints an authentication token and exposes a wss:// endpoint, and to use a TestFlight iOS app plus ScrappyLabs for TTS/ASR. The instructions do not include integrity checks (checksums/signatures), do not document token lifecycle or access controls, and implicitly involve sending audio to an external service (ScrappyLabs). These are broader actions than the metadata suggests and could expose an agent to remote clients if misconfigured.
Install Mechanism
There is no formal install spec in the skill metadata, yet the SKILL.md instructs using git clone, docker compose up, or pip install to fetch and run code from third parties (GitHub and PyPI). Fetching and executing remote code without verification (no commit hashes, checksums, or release tags cited) increases risk. The instruction to join a TestFlight beta also relies on unvetted mobile code outside the metadata.
Credentials
The skill declares no required environment variables or credentials, but the gateway workflow relies on runtime tokens printed by the gateway, TLS configuration for wss://, and calls to an external TTS/ASR provider (ScrappyLabs). The absence of any declared env variables is inconsistent with the real-world configuration steps implied by the instructions (e.g., certificates, hostnames).
Persistence & Privilege
The skill is not marked always:true and does not request platform‑level privileges. However, the gateway software the instructions tell you to run is a long‑running network service that will listen on port 8770 and print tokens for client connections; running it permanently increases your attack surface. Autonomous model invocation is enabled by default (normal), but combine this with the gateway's network exposure before proceeding.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install shellphone-gateway - After installation, invoke the skill by name or use
/shellphone-gateway - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
shellphone-gateway 1.0.0
- Initial release of a private WebSocket gateway for connecting iOS devices directly to self-hosted AI bots.
- Enables encrypted communication between your iPhone and local AI agents without third-party platforms.
- Auto-detects locally running ollama models for zero-configuration setup.
- Integrated free text-to-speech (TTS) and automatic speech recognition (ASR) via ScrappyLabs, no account required.
- Quick setup with Docker or Python; easy iOS app connection via TestFlight and QR code.
Metadata
Frequently Asked Questions
What is Shellphone Gateway?
Private WebSocket gateway enabling direct, encrypted communication between iOS devices and self-hosted AI bots with no third-party servers involved. It is an AI Agent Skill for Claude Code / OpenClaw, with 1393 downloads so far.
How do I install Shellphone Gateway?
Run "/install shellphone-gateway" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Shellphone Gateway free?
Yes, Shellphone Gateway is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Shellphone Gateway support?
Shellphone Gateway is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Shellphone Gateway?
It is built and maintained by loserbcc (@loserbcc); the current version is v1.0.0.
More Skills