← Back to Skills Marketplace
1864
Downloads
0
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install reverse-proxy-local
Description
Connect OpenClaw to the internet via Tailscale Funnel. Use when user says "connect with ecto", "setup ecto connection", "expose openclaw publicly", or "enable external access".
Usage Guidance
What to consider before installing/running:
- This skill will install system software (Homebrew if missing, then Tailscale via brew) and requires sudo to start daemon processes — only run on machines you control. Review the Homebrew installer and any network install commands before executing.
- It will generate and save a bearer token at ~/.openclaw/ecto-credentials.json and configure the OpenClaw gateway to accept password auth. That token grants API access to your OpenClaw instance; do not share it unless you explicitly intend to grant access.
- The package-for-friend helper explicitly copies that credentials file into a shareable folder — this makes it easy to leak access. Prefer sharing transient credentials or revoke/regenerate the token immediately after use.
- The registry metadata omits the real runtime requirements (tailscale, openclaw CLI, jq, curl, openssl). Treat that omission as a red flag: verify the scripts manually before running.
- If you decide to use it: test in an isolated environment or VM first, inspect scripts line-by-line, and plan how to revoke access (regen token, disable Funnel) after exposure. Consider using Tailscale ACLs and tailnet admin settings instead of broad public sharing.
If you want, I can: (1) point out exact lines in scripts that perform installs and create/share credentials, (2) produce a safer checklist to run these scripts manually, or (3) suggest modifications to the scripts to avoid packaging credentials for sharing.
Capability Analysis
Type: OpenClaw Skill
Name: reverse-proxy-local
Version: 1.0.1
The skill is designed to expose the OpenClaw API publicly via Tailscale Funnel, which inherently involves high-risk operations. It uses `sudo` extensively for installing and managing Tailscale, and modifies OpenClaw's configuration. The primary reason for classifying as suspicious is the `scripts/connect.sh` script's use of `curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh | /bin/bash -c` to install Homebrew, which is a common supply chain risk vector, allowing arbitrary code execution if the remote script or server is compromised. While the intent appears aligned with the stated purpose (exposing the API and sharing access), this method of installation introduces a significant vulnerability.
Capability Assessment
Purpose & Capability
The skill's stated purpose (expose OpenClaw via Tailscale Funnel) matches what the scripts do. However the registry metadata declares no required binaries or credentials while the scripts require Homebrew, tailscale, openclaw CLI, jq, curl, openssl and sudo. That mismatch (metadata says 'none' but the code clearly needs system tools and privileged actions) is an inconsistency the user should be aware of.
Instruction Scope
The SKILL.md and scripts instruct the agent/user to install software, run sudo tailscale commands (which open a browser for authentication), modify OpenClaw configuration, start background services, create a local credentials file (~/.openclaw/ecto-credentials.json), and provide a helper to package and share those credentials with others. These actions are in-scope for 'expose to internet' but they involve privileged operations and explicit credential exposure/sharing — a high-risk operation that should not be performed blindly.
Install Mechanism
There is no declared install spec in the registry, but the scripts perform network installs at runtime (Homebrew installer via raw.githubusercontent.com and 'brew install tailscale'). The hosts used are well-known (GitHub/Homebrew) rather than obscure URLs, which is expected for this task, but runtime installation of system packages and invoking remote install scripts increases risk and should be reviewed before running.
Credentials
The skill does not request environment variables or external credentials in metadata, which is consistent, but it does require sudo and a Tailscale account and creates a persistent credentials file containing a generated bearer token. It also includes a convenience script to package and share that credentials file with others — functionality that directly exposes access tokens and is disproportionate if users expect limited, local-only behavior.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or global agent settings. It does write files under the user's home directory, starts/stops services, and runs background processes (tailscaled, openclaw gateway) — behavior consistent with its purpose but which requires sudo and persistent runtime presence.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install reverse-proxy-local - After installation, invoke the skill by name or use
/reverse-proxy-local - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
No functional changes detected in this release.
- Version bump to 1.0.1 with no file modifications.
- All features and behaviors remain the same as in the previous version.
v1.0.0
Initial release: Quickly and securely expose OpenClaw to the internet with Tailscale Funnel.
- One-command setup to install, authenticate, and start Tailscale with Funnel enabled
- Automatically exposes OpenClaw’s API on a public URL with secure, random auth token
- Provides connect, status, and disconnect commands
- Includes simple curl examples and troubleshooting steps
- Requires macOS, Tailscale account, and sudo access for setup
Metadata
Frequently Asked Questions
What is Reverse proxy from internet to open claw?
Connect OpenClaw to the internet via Tailscale Funnel. Use when user says "connect with ecto", "setup ecto connection", "expose openclaw publicly", or "enable external access". It is an AI Agent Skill for Claude Code / OpenClaw, with 1864 downloads so far.
How do I install Reverse proxy from internet to open claw?
Run "/install reverse-proxy-local" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Reverse proxy from internet to open claw free?
Yes, Reverse proxy from internet to open claw is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Reverse proxy from internet to open claw support?
Reverse proxy from internet to open claw is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Reverse proxy from internet to open claw?
It is built and maintained by tsheasha (@tsheasha); the current version is v1.0.1.
More Skills