← Back to Skills Marketplace
SSH Handoff
by
Jonathan97480
· GitHub ↗
· v1.0.1
· MIT-0
116
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install ssh-handoff
Description
Create and reuse a secure shared terminal handoff when a human must authenticate first and the agent must resume work in the same shell session afterward. Us...
Usage Guidance
This skill appears to implement what it says, but take these precautions before using it:
- Verify provenance: the package has no homepage and an unknown source; review all included scripts yourself before running.
- Ensure required binaries (tmux, ttyd, node, python3) are installed from trusted packages; the registry metadata does not list them even though SKILL.md and scripts require them.
- Never bind the proxy to a public interface or 0.0.0.0 unless you explicitly accept the risk; prefer 127.0.0.1 or a restricted LAN address.
- When using LAN mode set EXPECTED_HOST/EXPECTED_ORIGIN and/or CLIENT_IP to restrict access, and apply firewall rules (UFW_ALLOW_CMD shown by the launcher).
- Treat the one-shot URL/token as sensitive and deliver it to the human out-of-band (not via public chat).
- Confirm the tmux pane state with tmux capture-pane before the agent issues any commands.
- Run the scripts in a controlled environment (non-production host or with a retained snapshot) until you’ve audited them.
If you want higher confidence, ask the publisher for source provenance or a signed release, or run the scripts in an isolated test VM to observe behavior before using on important hosts.
Capability Analysis
Type: OpenClaw Skill
Name: ssh-handoff
Version: 1.0.1
The skill provides a mechanism for an AI agent to resume work in a terminal session after a human has performed sensitive authentication, using tmux and ttyd. It includes a Node.js proxy (scripts/url-token-proxy.js) and launchers (scripts/start-url-token-web-terminal.sh) that implement security features such as one-shot URL tokens, IP-based access filtering, Host/Origin header validation, and automatic TTL-based cleanup. While the code is well-documented and includes defensive instructions for the agent in SKILL.md, the core functionality of exposing a shell session via a web interface (even if restricted to localhost or LAN) is an inherently high-risk capability. Per the analysis criteria, such risky capabilities are classified as suspicious even when they align with the stated purpose and lack evidence of malicious intent.
Capability Assessment
Purpose & Capability
The skill's name and description match the included scripts and instructions: it needs tmux, ttyd, node, and python3 to implement local/LAN web terminals that hand off a tmux session. However, the registry metadata lists no required binaries or env vars while SKILL.md and the scripts clearly require several runtime binaries and read multiple environment variables — that metadata mismatch is an inconsistency you should verify before install.
Instruction Scope
SKILL.md limits actions to creating/attaching tmux sessions, launching the bundled launchers, capturing the pane, and printing connection/cleanup info. The instructions explicitly warn against public exposure, prompt to verify pane state before continuing, and do not instruct reading unrelated files or exfiltrating secrets.
Install Mechanism
There is no install spec (instruction-only at registry level) and the code files are bundled with the skill. No remote downloads or extract-from-URL steps appear in the package, which reduces installation risk. The included scripts spawn background processes and write to /tmp and a temporary runtime dir — expected for this functionality.
Credentials
The registry declares no required env vars or credentials, but the scripts rely on many runtime environment variables (HOST, PORT, CLIENT_IP, TTL_MINUTES, EXPECTED_HOST/ORIGIN, COOKIE_SECURE, ACCESS_TOKEN via internally generated values, etc.). None are secret credentials for external services, but the metadata omission is a proportionality/information gap you should confirm.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It spawns ephemeral background processes (ttyd, Node proxy), writes temp state files, and installs a TTL-based cleanup — behavior is scoped to its purpose and documented. Be aware these processes bind network ports and remain until TTL expiry or cleanup.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ssh-handoff - After installation, invoke the skill by name or use
/ssh-handoff - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Initial public release of ssh-handoff
Added human-auth-first terminal handoff workflow using tmux
Added plain tmux handoff mode
Added local browser terminal mode using ttyd
Added LAN-restricted browser terminal mode with one-shot token proxy
Added TTL-based automatic cleanup for temporary processes and runtime files
Added session cookie flow and one-shot token URL handling
Added optional trusted client IP restriction for LAN access
Added expected Host and websocket Origin checks in the proxy
Added FORBID_REUSE_IF_AUTHENTICATED safeguard
Added explicit approval flow before replacing an existing live session
Added conflict handling for existing sessions and occupied ports
Added stronger security documentation and external-channel guardrails
Added publication cleanup for generic examples and repository documentation
v1.0.0
ssh-handoff 1.0.0
- Initial release.
- Provides secure terminal handoff using shared tmux sessions, supporting scripted and browser-based workflows.
- Three modes: plain tmux handoff, local browser terminal (via ttyd), and LAN-restricted browser terminal with one-shot tokens.
- Includes bundled launcher scripts for each workflow and detailed environment variable support for configuration.
- Emphasizes local/LAN-only exposure, avoids credential sharing in chat, and enforces short-lived, single-use access for browser modes.
- Includes robust guardrails, usage examples, cleanup instructions, and pane state capture to ensure session integrity and security.
Metadata
Frequently Asked Questions
What is SSH Handoff?
Create and reuse a secure shared terminal handoff when a human must authenticate first and the agent must resume work in the same shell session afterward. Us... It is an AI Agent Skill for Claude Code / OpenClaw, with 116 downloads so far.
How do I install SSH Handoff?
Run "/install ssh-handoff" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is SSH Handoff free?
Yes, SSH Handoff is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does SSH Handoff support?
SSH Handoff is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created SSH Handoff?
It is built and maintained by Jonathan97480 (@jonathan97480); the current version is v1.0.1.
More Skills