← Back to Skills Marketplace
openclaw-twoway deployment
by
MarsHong-86
· GitHub ↗
· v1.0.0
· MIT-0
131
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-two-way-deployment
Description
Deploy OpenClaw with a cloud gateway using Tailscale and SSH tunnel for secure local control, including auto environment check and firewall setup.
Usage Guidance
This package appears to implement the claimed deployment, but take precautions before running the scripts as root: 1) Inspect the scripts line-by-line (they run curl | sh and npm install -g). 2) Remove or change the insecure options (plan2 sets dangerouslyAllowInsecurePrivateWs and an environment flag OPENCLAW_ALLOW_INSECURE_PRIVATE_WS=1). 3) Don't leave generated tokens in plaintext; store them with restrictive permissions (chmod 600) or use a secret store. 4) Prefer the official npm registry if you mistrust mirrors, and audit the openclaw package code before global install. 5) Limit exposure of SSH (port 22) and gateway ports in cloud security groups—use key-based SSH and restrict source IPs where possible. 6) If unsure, run the deployment first in an isolated VM or test instance rather than a production host. If you want, I can highlight the exact lines in the scripts that set insecure flags, write tokens to files, or run remote installers so you can review them.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-two-way-deployment
Version: 1.0.0
The skill bundle contains multiple deployment scripts (e.g., plan1-cloud-gateway.sh, plan2-cloud-remote-gateway.sh, and plan3-local-gateway.ps1) that perform high-privilege system modifications. These include installing software globally via 'curl | sh' (Tailscale and NodeSource), modifying firewall rules (ufw, firewalld, iptables), and establishing persistence through systemd services on Linux and scheduled tasks on Windows. While these actions are consistent with the stated purpose of deploying a network gateway, the requirement for root/SYSTEM privileges and the automated modification of security configurations represent significant risky capabilities.
Capability Assessment
Purpose & Capability
The name/description (deploy OpenClaw with a cloud gateway via Tailscale/SSH and auto environment/firewall setup) aligns with what the scripts do: install/enable Tailscale, install Node/OpenClaw, configure firewall rules, create systemd service(s) and generate tokens. Nothing requested is extraneous to deployment.
Instruction Scope
The SKILL.md and included scripts instruct the agent (and the user) to run as root, modify firewall/security groups, install packages from network sources, create systemd services, generate and write tokens to plaintext files, and set an explicit insecure configuration flag (plan2: "dangerouslyAllowInsecurePrivateWs" / OPENCLAW_ALLOW_INSECURE_PRIVATE_WS=1). Those actions are within deployment scope but have security implications and weaken default protections—this is not just diagnostic or read-only.
Install Mechanism
There is no formal install spec in the registry, but the scripts perform network installs at runtime: curl | sh from tailscale.com and NodeSource, and npm install -g openclaw (sometimes via a third-party npm mirror registry.npmmirror.com). These are common for deployment but carry moderate risk (remote scripts executed as root; npm global installs pull third‑party code).
Credentials
The skill declares no required environment variables or external credentials, which is consistent; however, it generates secrets (random tokens) and writes them to ~/.openclaw/token.txt or plaintext JSON config files, and it enables 'dangerouslyAllowInsecurePrivateWs'. Saving tokens unencrypted and enabling insecure options are disproportionate security risks relative to a straightforward deployment and should be justified or changed.
Persistence & Privilege
The scripts create and enable a systemd service so the gateway runs persistently and require root to install/configure—this is expected for a server deployment. The skill does not demand 'always: true' or other unusual platform privileges, nor does it modify other skills' config. Still, it introduces a persistent service that will run with system privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-two-way-deployment - After installation, invoke the skill by name or use
/openclaw-two-way-deployment - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
OpenClaw-deploy 1.0.0
- Major revamp: Simplified structure and focused on three deployment scripts for cloud scenarios.
- Added automated deployment scripts: diagnostic.sh, plan1-cloud-gateway.sh, plan2-cloud-remote-gateway.sh, plan3-cloud-gateway.sh.
- Removed Docker and portable package build scripts; Docker-compose and related templates are no longer included.
- Usage flow now centers on running scenario scripts for guided deployment with firewall and dependency checks.
- Updated documentation for new deployment models and requirements.
Metadata
Frequently Asked Questions
What is openclaw-twoway deployment?
Deploy OpenClaw with a cloud gateway using Tailscale and SSH tunnel for secure local control, including auto environment check and firewall setup. It is an AI Agent Skill for Claude Code / OpenClaw, with 131 downloads so far.
How do I install openclaw-twoway deployment?
Run "/install openclaw-two-way-deployment" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is openclaw-twoway deployment free?
Yes, openclaw-twoway deployment is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does openclaw-twoway deployment support?
openclaw-twoway deployment is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created openclaw-twoway deployment?
It is built and maintained by MarsHong-86 (@marshong-86); the current version is v1.0.0.
More Skills