← Back to Skills Marketplace
webvictim

Teleport tsh SSH (Identity-First SSH Access, no passwords/static keys)

by webvictim · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
238
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install teleport-tsh-ssh
Description
Use Teleport tsh CLI with a Machine ID (tbot) identity file to SSH into Teleport-managed hosts or run remote commands through Teleport access controls. Trigg...
Usage Guidance
This skill is coherent for using Teleport's tsh with a Machine ID identity, but before installing: (1) confirm you want an agent that can read your local tbot identity files (typically sensitive short-lived certs and private keys) in ~/.openclaw/workspace/tbot or other discovered locations; (2) be aware the skill will write the resolved proxy to ~/.openclaw/workspace/tbot/proxy unless you set TELEPORT_PROXY yourself; (3) the SKILL.md references TELEPORT_PROXY but the registry metadata does not declare it — if you rely on environment-based proxy config, set TELEPORT_PROXY to avoid prompts/saves; (4) ensure tsh is installed and that the identity files you point the skill to are the intended automation identities (least privilege); and (5) if you allow autonomous agent invocation, understand the agent could use those identity files to connect to Teleport-managed hosts — limit the identity’s privileges and review companion bootstrap skills and provenance before enabling in sensitive environments.
Capability Analysis
Type: OpenClaw Skill Name: teleport-tsh-ssh Version: 1.0.0 The teleport-tsh-ssh skill provides instructions for an AI agent to use the Teleport `tsh` CLI for SSH access, remote command execution, and file transfers using Machine ID identity files. It includes logic for identity file discovery and proxy resolution within the `~/.openclaw/workspace/tbot/` directory. The behavior is entirely consistent with its stated purpose of managing Teleport-mediated access, and no indicators of malicious intent, data exfiltration, or unauthorized persistence were found in SKILL.md or the associated reference documentation.
Capability Assessment
Purpose & Capability
Name and description (Teleport tsh with Machine ID identity) match the instructions: discover/use an identity file, resolve a Teleport proxy, run tsh ssh/ls/scp/status with explicit -i and --proxy. No unrelated services, binaries, or credentials are requested.
Instruction Scope
SKILL.md tells the agent to read identity files (default ~/.openclaw/workspace/tbot/identity or discovered candidates), check mtime to pick a match, optionally prompt the user for a path, and save a resolved proxy to ~/.openclaw/workspace/tbot/proxy. These file reads/writes are expected for this feature, but the skill references the TELEPORT_PROXY env var even though no env vars were declared in metadata — the mismatch should be declared or documented.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is lowest-risk from an install perspective (nothing is downloaded or written by an install step).
Credentials
The skill does not declare required env vars but references TELEPORT_PROXY as a precedence source. It will read sensitive local identity material (Machine ID bundles) from the user's workspace — that is necessary for its function, but users should understand the agent will access those files. No unrelated credentials or remote endpoints are requested.
Persistence & Privilege
always is false and the skill does not request system-wide privileges or modify other skills. It does persist the proxy address to ~/.openclaw/workspace/tbot/proxy, which is reasonable for a client helper. Note: the skill can be invoked autonomously by the agent (disable-model-invocation is false) — combined with access to identity files this increases what the agent could do if misused, but that is normal for skills and not in itself an inconsistency.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install teleport-tsh-ssh
  3. After installation, invoke the skill by name or use /teleport-tsh-ssh
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of teleport-tsh-ssh: Provides standardized workflows for accessing Teleport-managed SSH nodes via tsh with a Machine ID identity file and explicit proxy resolution. - Supports connecting to Teleport hosts, running remote commands, node discovery, and file transfers using tsh with `-i <identity>` and `--proxy=<proxy>`. - Implements robust identity file discovery and proxy resolution, with user prompts and fallbacks. - Provides troubleshooting guidance for common Teleport CLI and access errors. - Designed to complement the teleport-tbot-bootstrap skill for Machine ID setup. - Focused on SSH workflows; does not cover app, DB, or Kubernetes access. - Adds proxy resolution order: TELEPORT_PROXY → saved proxy file → prompt user - Supports node discovery via `tsh ls` - Supports command execution via `tsh ssh <host> <cmd>` • Supports file transfer patterns via `tsh scp` • Includes practical troubleshooting flow for common Teleport errors
Metadata
Slug teleport-tsh-ssh
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Teleport tsh SSH (Identity-First SSH Access, no passwords/static keys)?

Use Teleport tsh CLI with a Machine ID (tbot) identity file to SSH into Teleport-managed hosts or run remote commands through Teleport access controls. Trigg... It is an AI Agent Skill for Claude Code / OpenClaw, with 238 downloads so far.

How do I install Teleport tsh SSH (Identity-First SSH Access, no passwords/static keys)?

Run "/install teleport-tsh-ssh" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Teleport tsh SSH (Identity-First SSH Access, no passwords/static keys) free?

Yes, Teleport tsh SSH (Identity-First SSH Access, no passwords/static keys) is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Teleport tsh SSH (Identity-First SSH Access, no passwords/static keys) support?

Teleport tsh SSH (Identity-First SSH Access, no passwords/static keys) is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Teleport tsh SSH (Identity-First SSH Access, no passwords/static keys)?

It is built and maintained by webvictim (@webvictim); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments