← Back to Skills Marketplace
Tailscale Manager
by
LookUpMark
· GitHub ↗
· v1.3.0
· MIT-0
152
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install lookupmark-tailscale-manager
Description
Manage Tailscale tailnet from chat. Check status, list devices, ping hosts, run network diagnostics, check serve/funnel config. All public IPs are automatica...
README (SKILL.md)
Tailscale Manager
Secure Tailscale network management with automatic IP masking.
Usage
python3 scripts/tailscale_ctrl.py status # Network overview
python3 scripts/tailscale_ctrl.py devices # Connected devices
python3 scripts/tailscale_ctrl.py ip # This device's IPs
python3 scripts/tailscale_ctrl.py ping \x3Chost> # Ping a device
python3 scripts/tailscale_ctrl.py netcheck # Network diagnostics
python3 scripts/tailscale_ctrl.py serve-status # Current serve config
python3 scripts/tailscale_ctrl.py whois \x3Cip> # Who is this IP
All commands support --json for structured output.
Security
- Command whitelist: Only safe read-only commands (
status,ip,ping,netcheck,whois,serve-status) - No write access: Cannot modify serve/funnel config, change ACLs, or administer tailnet
- IP masking: Public IPs automatically replaced with
[IP-MASKED] - No auth keys: Never accesses or exposes Tailscale auth keys
- No secrets: Does not read config files or tokens
What's Masked
| Kept | Masked |
|---|---|
| Tailscale IPs (100.x.x.x) | Public IPs |
| DNS names | External IPs |
| Online/offline status | — |
Usage Guidance
This skill appears to do exactly what it says: it runs read-only tailscale CLI commands and masks public IPs in displayed output. Before installing: ensure the host already has the tailscale CLI and that you expect the agent to be able to run that binary. Understand that the script relies on the local Tailscale daemon for state/auth — it does not itself read auth tokens, but the tailscale CLI uses the system's existing credentials. Masking is applied to final printed output (including printed JSON); structured Python objects returned inside the script are not masked until serialized, so avoid programmatic consumption of raw internal data if you need masking guarantees. If you require stronger enforcement, ask the author to (a) remove unused constants (like READ_COMMANDS) or enforce them at runtime, and (b) explicitly document that masking is strictly applied only to printed output.
Capability Analysis
Type: OpenClaw Skill
Name: lookupmark-tailscale-manager
Version: 1.3.0
The tailscale-manager skill provides a read-only interface for monitoring Tailscale networks. It implements security best practices including a command whitelist, safe subprocess execution (avoiding shell injection), and automated masking of public IP addresses in the output. No evidence of malicious intent, data exfiltration, or unauthorized access was found in scripts/tailscale_ctrl.py or SKILL.md.
Capability Assessment
Purpose & Capability
Name/description, declared dependency (tailscale CLI), and included script align: the script runs read-only Tailscale CLI commands (status, ip, ping, netcheck, whois, serve status). There are no unrelated binaries or credentials requested.
Instruction Scope
SKILL.md claims a command whitelist and IP masking of public addresses. The CLI subparsers restrict available commands to read-only operations. Minor implementation notes: the READ_COMMANDS constant is defined but not programmatically enforced (the argparse subparsers provide the actual restriction). IP masking is applied to the final text output and to the printed JSON string; the internal structured summary returned by get_status_json is not masked until it is serialized and printed. This is coherent for CLI use but means code-level consumers of the raw dict would see unmasked structured fields (Tailscale IPs are kept unmasked by design).
Install Mechanism
No install spec; instruction-only skill that requires the tailscale CLI to be present. There are no downloads or external install URLs in the package.
Credentials
The skill declares no environment variables or credentials. It invokes the tailscale binary, which uses the system's Tailscale daemon and its existing auth state; the script itself does not read config files, tokens, or unrelated secrets.
Persistence & Privilege
always:false and normal user-invocable/autonomous settings. The skill does not request persistent presence, nor does it modify other skills or system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install lookupmark-tailscale-manager - After installation, invoke the skill by name or use
/lookupmark-tailscale-manager - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.0
IP masking in JSON output, improved IPv6 regex
v1.2.0
Fixed: IP masking now happens AFTER JSON parsing, not before. Added tailscale CLI dependency in metadata. Cleaner separation of raw vs masked output.
v1.1.0
IPv6 public IP masking added.
v1.0.0
Initial release. Status, devices, ping, netcheck, serve-status. Public IP masking. Read-only commands.
Metadata
Frequently Asked Questions
What is Tailscale Manager?
Manage Tailscale tailnet from chat. Check status, list devices, ping hosts, run network diagnostics, check serve/funnel config. All public IPs are automatica... It is an AI Agent Skill for Claude Code / OpenClaw, with 152 downloads so far.
How do I install Tailscale Manager?
Run "/install lookupmark-tailscale-manager" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Tailscale Manager free?
Yes, Tailscale Manager is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Tailscale Manager support?
Tailscale Manager is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Tailscale Manager?
It is built and maintained by LookUpMark (@lookupmark); the current version is v1.3.0.
More Skills