← Back to Skills Marketplace
jason-czar

PrivaClaw

by Jason Czarnecki · GitHub ↗ · v1.0.4
cross-platform ⚠ suspicious
465
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install privaclaw
Description
Secure outbound-only relay for remote OpenClaw control — no exposed ports, no SSH, no Telegram.
Usage Guidance
Before installing: (1) Treat the relay operator as highly trusted — this skill transmits prompt content and streamed tokens to that remote relay. Verify the relay URL (prefer an operator you control or audited code). (2) Enforce TLS: provide a wss:// URL; note the code will accept ws:// if you give an http:// URL, and the token is sent in a post-open message (not as a WebSocket subprotocol/header). (3) Use a scoped, revocable AUTH_TOKEN and limit its lifetime/permissions on the relay side. (4) Review the shipped TypeScript (relayClient.ts, config.ts) to confirm behavior matches your expectations (especially restart and workflow semantics) and to ensure there are no hidden endpoints. (5) Run the skill in a controlled environment first (network egress rules, minimal privileges) and consider self-hosting the relay if you need stronger guarantees about persistence and data handling. If you want higher assurance, ask the maintainer for the relay server code or run your own relay implementation.
Capability Analysis
Type: OpenClaw Skill Name: privaclaw Version: 1.0.4 This skill is classified as suspicious due to its inherent high-risk capabilities, despite being transparently documented. It establishes an outbound WebSocket connection to a remote relay server (`relay_url` from config.ts/SKILL.md) and transmits sensitive data, including an `auth_token` and prompt content/responses, as implemented in `relayClient.ts`. The skill enables remote execution of commands such as `prompt`, `workflow`, and `restart` on the local OpenClaw instance via the `OpenClawRuntime` interface. While the skill's code itself does not exhibit direct malicious intent (e.g., arbitrary file exfiltration, direct shell execution), the remote execution capabilities present a significant attack surface if the relay server is compromised or if the `OpenClawRuntime` implementation is vulnerable to injection, making it a powerful tool that requires a high degree of trust in the relay operator, as explicitly stated in SKILL.md.
Capability Assessment
Purpose & Capability
The skill's name/description line up with the code: it opens an outbound WebSocket, authenticates with a token, sends heartbeats, and forwards relay commands to the host runtime. The three required env vars (relay URL, node id, auth token) are proportional to the purpose. Minor mismatch: SKILL.md was presented as an instruction-only skill in registry metadata, but the package actually includes TypeScript source files (relayClient.ts, config.ts, etc.), so it's not purely instruction-only.
Instruction Scope
SKILL.md claims the token is sent 'during the WebSocket handshake' and that all connections use TLS; the implementation actually sends the token as a post-open message and validateConfig will happily convert an http:// URL to ws:// (non-TLS). The skill also relies on the host-provided OpenClawRuntime API to execute prompts, workflows, and restart the process — this grants remote callers the ability to run declared workflows and restart the runtime, which is expected but requires you to trust the relay operator and to ensure workflows are properly scoped. The SKILL.md also asserts the relay does not persist data — that is a policy claim by the relay operator, not something enforced locally.
Install Mechanism
There is no install script or external download; the package provides TypeScript source and tests. That keeps install risk low (no arbitrary third-party binaries), but because code ships with the skill, it will run inside your agent's environment. Review the code before enabling.
Credentials
Only three env vars are required (RELAY_URL, NODE_ID, AUTH_TOKEN) and AUTH_TOKEN is declared as the primary credential — this is proportional. Small inconsistencies: code expects lowercase keys in the config object (relay_url/node_id/auth_token) while SKILL.md and registry list uppercase env var names; your platform likely maps them, but confirm. No other credentials or paths are requested.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide configuration changes. It can be invoked autonomously by the agent (default) which is normal for skills. It does not persist credentials or write to other skills' configs in the provided code.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install privaclaw
  3. After installation, invoke the skill by name or use /privaclaw
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.4
- Renamed skill from remote-relay to privaclaw and updated all references accordingly. - Updated homepage URL to https://github.com/openclaw/privaclaw. - Changed default relay endpoint in the Trust Statement from wss://privaclaw.fly.dev to wss://relay.privaclaw.com. - Adjusted setup instructions and dashboard links to use the new skill name. - No changes to files or core functionality; documentation and branding updated only.
v1.0.3
- Renamed the skill from "PrivateBridge" to "PrivaClaw" - Updated trust statement with the new default relay: `wss://privaclaw.fly.dev` - All references to the skill now use "PrivaClaw" - No functional or file changes; documentation only
Metadata
Slug privaclaw
Version 1.0.4
License
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is PrivaClaw?

Secure outbound-only relay for remote OpenClaw control — no exposed ports, no SSH, no Telegram. It is an AI Agent Skill for Claude Code / OpenClaw, with 465 downloads so far.

How do I install PrivaClaw?

Run "/install privaclaw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is PrivaClaw free?

Yes, PrivaClaw is completely free (open-source). You can download, install and use it at no cost.

Which platforms does PrivaClaw support?

PrivaClaw is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created PrivaClaw?

It is built and maintained by Jason Czarnecki (@jason-czar); the current version is v1.0.4.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments