← Back to Skills Marketplace
115
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install vibe-remote
Description
Vibe Remote 远程 AI Coding 工具。当用户提到 vibe-remote、vibe remote、远程 coding、iOS 远程控制 Mac 跑 AI 写代码、安装 vibe-remote、配置 vibe-remote、或提交 vibe-remote issue 时使用。
Usage Guidance
What to consider before installing:
- There are clear metadata vs instruction mismatches. The SKILL.md expects you to run a local binary (vibe-remote), the GitHub CLI, and curl, but the skill metadata declares no required binaries or env vars — verify these requirements yourself before trusting the skill.
- The instructions include a headless mode that takes --account and --password. Never hand a password to a skill or agent without verifying what the binary does and whether credentials are stored/transported. Prefer using a scoped token or not running headless at all.
- The skill suggests uploading images/videos to catbox.moe (a public third‑party). Any uploaded screenshot or video can become public — redact sensitive data and avoid uploading secrets or proprietary code.
- The _meta.json ownerId/version differs from the registry metadata; confirm the publisher (check the GitHub repo and official docs) and prefer binaries from official releases with checksums/signatures.
- Recommended actions before you proceed: inspect the referenced GitHub repo and release binaries, verify checksums, run the binary locally in a safe environment, avoid providing real credentials (use limited-scope tokens), and do not upload sensitive files to public hosts. If you cannot validate the binary and its behavior, treat the skill as untrusted.
Capability Analysis
Type: OpenClaw Skill
Name: vibe-remote
Version: 1.0.1
The skill facilitates remote machine control and AI coding via the 'vibe-remote' binary. It includes high-risk capabilities such as handling user credentials for headless authentication and instructions to upload files (images/videos) to the third-party service catbox.moe via curl for GitHub issue reporting. While these actions are aligned with the tool's stated purpose in SKILL.md, the inherent risks of remote execution, credential handling, and external data transfer to non-standard endpoints meet the criteria for a suspicious classification.
Capability Assessment
Purpose & Capability
The SKILL.md describes a CLI binary (vibe-remote), use of the GitHub CLI (gh), curl, and third‑party upload utilities; however the skill metadata declares no required binaries, no environment variables, and no install spec. That mismatch (the skill claims no requirements but instructs the agent to run specific binaries and provide account/password) is inconsistent and unexpected. Additionally, the packaged _meta.json shows a different ownerId/version than the registry metadata, another inconsistency.
Instruction Scope
Runtime instructions tell the agent to: run vibe-remote (including a headless mode that takes --account and --password), check gh auth status, create GitHub issues via gh, and upload images/videos to catbox.moe (or call another skill). These steps involve handling user credentials and sending user-provided files to external services. The skill also instructs the agent to always send the created issue link back to the user. The instructions therefore touch on sensitive actions (credential use and external file upload) beyond simple conversational assistance.
Install Mechanism
There is no install spec and no code files (instruction-only), which reduces the risk of arbitrary code being written by the installer. However, the skill assumes the presence of external binaries (vibe-remote, gh, curl) and references a repo/docs. Because installation/verification steps for the binary are not provided or enforced, users must manually obtain and verify the binary — omission is notable but not inherently malicious.
Credentials
The skill does not declare required environment variables or credentials, yet the SKILL.md instructs use of account/password for headless mode and relies on the user's GitHub authentication state. Asking for or passing plaintext account/passwords (or files) is high-risk and not justified by the metadata. The skill also recommends uploading potentially sensitive screenshots/videos to a public third-party (catbox.moe), which can expose private data. Cross-skill calls (nodeimage-upload) are referenced but not declared.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It allows normal autonomous invocation (default), which is expected. There is no evidence it modifies other skills or system-wide agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install vibe-remote - After installation, invoke the skill by name or use
/vibe-remote - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Add catbox fallback for image upload when nodeimage-upload skill is unavailable
v1.0.0
Initial release: remote AI coding via iOS app, GitHub issue submission workflow
Metadata
Frequently Asked Questions
What is Vibe Remote?
Vibe Remote 远程 AI Coding 工具。当用户提到 vibe-remote、vibe remote、远程 coding、iOS 远程控制 Mac 跑 AI 写代码、安装 vibe-remote、配置 vibe-remote、或提交 vibe-remote issue 时使用。 It is an AI Agent Skill for Claude Code / OpenClaw, with 115 downloads so far.
How do I install Vibe Remote?
Run "/install vibe-remote" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Vibe Remote free?
Yes, Vibe Remote is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Vibe Remote support?
Vibe Remote is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Vibe Remote?
It is built and maintained by FireTable (@firetable); the current version is v1.0.1.
More Skills