Mac Node Bridge

Use this skill when your gateway runs on Linux but the real tool lives on a Mac node.

This skill does not patch bundled OpenClaw skills. It creates explicit SSH wrappers and verification steps so a Linux gateway can call macOS binaries on connected nodes in a way that is publishable, repeatable, and auditable.

Use This Skill For

• imsg, remindctl, memo, things, peekaboo, or other macOS-only CLIs
• Homebrew-installed business tools that only exist on a Mac node
• Linux gateway + one or more Mac nodes where you want a stable remote execution path
• ClawHub-ready skills that should target Macs cleanly instead of mutating bundled Linux assumptions

Do Not Use This Skill For

• Linux-native CLIs that should simply be installed on the gateway
• UI-only pairing problems
• Cases where you do not have passwordless SSH from the gateway to the Mac node
• Forcing bundled OpenClaw macOS skills to show green on Linux by patching core files

Requirements

• Linux gateway can SSH to the target Mac node without a password
• Remote binary exists on the Mac node and is executable
• The Mac node already has any required macOS privacy permissions granted
• You know which Mac should own the tool

Path Rules

Use dynamic paths by default.

• Wrapper install dir defaults to OPENCLAW_BIN_DIR, then XDG_DATA_HOME/openclaw/bin, then HOME/.openclaw/bin
• Preset installs resolve remote binaries dynamically with command -v, remote brew --prefix, and common Homebrew prefixes
• Use --target-dir or --remote-bin only when you intentionally need to override the defaults

Trust Model

This skill assumes:

• the Linux gateway is the orchestrator
• each Mac node is a separately trusted execution surface
• cross-host access must be narrow, explicit, and reversible

Plan around these rules:

• use strong, scoped credentials and per-node trust, not one broad shared secret
• require the Mac side to prove identity before the gateway accepts orchestration signals
• give each wrapper only the minimum action it needs
• log cross-host setup, verification, and deployment steps
• fail soft when a Mac is unavailable; do not crash the whole system

Read references/security-model.md before publishing or extending this skill.

Workflow

1. Pick The Owning Mac

Default pattern:

• M1: always-on services like imsg
• MacBook Pro: heavier interactive or business tooling

If you are unsure, verify first:

scripts/verify-node-tool.sh --host [email protected] --tool imsg
scripts/verify-node-tool.sh --host [email protected] --tool remindctl

If the tool lives outside the normal shell path or Homebrew defaults, pass an explicit path:

scripts/verify-node-tool.sh --host [email protected] --bin /custom/path/remindctl

2. Install A Wrapper On The Gateway

For a known tool preset:

scripts/install-preset.sh \
  --tool imsg \
  --host [email protected]

Or install a generic wrapper:

scripts/install-wrapper.sh \
  --name remindctl-mbp \
  --host [email protected] \
  --remote-bin /opt/homebrew/bin/remindctl

Override the wrapper directory only when you need a non-default layout:

scripts/install-preset.sh \
  --tool memo \
  --host [email protected] \
  --target-dir "$HOME/.local/bin"

3. Verify The Wrapper

"${OPENCLAW_BIN_DIR:-${XDG_DATA_HOME:-$HOME/.openclaw}/openclaw/bin}"/imsg chats --limit 1
"${OPENCLAW_BIN_DIR:-${XDG_DATA_HOME:-$HOME/.openclaw}/openclaw/bin}"/remindctl-mbp lists

If the wrapper works but a bundled OpenClaw skill still shows gray, that is expected on a Linux gateway. Use the wrapper-backed workflow or publish a wrapper-aware skill instead of patching OpenClaw core.

4. Publish Wrapper-Aware Skills

When building a new ClawHub skill on top of this bridge:

• call the wrapper through a configurable path contract, not a user-specific absolute home path
• document which node owns the tool
• keep secrets and tokens on the node or gateway config, not in the skill folder
• treat the wrapper as the stable contract

Read references/publish-pattern.md before turning a one-off wrapper into a public skill.

Security Rules

• Use a dedicated SSH key for gateway-to-node wrappers whenever possible
• Use non-root accounts on the Mac nodes
• Prefer one wrapper per tool per node instead of a single unrestricted shell bridge
• Never store API tokens, app secrets, or OAuth cookies in the skill folder
• Never patch bundled OpenClaw skill files just to make Linux appear to support macOS tools
• Keep wrapper names explicit, for example imsg-m1 or remindctl-mbp, when multiple Macs may own similar tools
• Log who installed or rotated a wrapper and when
• Keep a rollback path: remove one wrapper, do not tear down the whole node
• If a tool needs more than read or one explicit action, define that permission boundary in the published skill
• If a wrapper depends on a Mac-only GUI permission, verify it explicitly and report a degraded-but-safe state instead of pretending success

Common Presets

Supported presets in scripts/install-preset.sh:

• imsg
• remindctl
• memo
• things
• peekaboo
• brew
• gh

The preset installer resolves the remote binary dynamically. If resolution fails, pass --remote-bin explicitly.

Examples

Wire iMessage Through M1

scripts/install-preset.sh \
  --tool imsg \
  --host [email protected]

Wire Reminders Through MacBook Pro

scripts/install-preset.sh \
  --tool remindctl \
  --host [email protected] \
  --name remindctl-mbp

Use A Custom Binary

scripts/install-wrapper.sh \
  --name my-mac-tool \
  --host [email protected] \
  --remote-bin /custom/tools/my-mac-tool

Files

• scripts/install-wrapper.sh: create one secure SSH wrapper for a remote binary
• scripts/install-preset.sh: install wrappers for common macOS tools with dynamic remote resolution
• scripts/verify-node-tool.sh: verify SSH and remote binary availability by path or tool name
• references/publish-pattern.md: how to build a publishable wrapper-aware skill on top
• references/security-model.md: trust boundaries, least privilege, audit trail, and rollback expectations