← Back to Skills Marketplace
jebadiahgreenwood

HostLink

by jebadiahgreenwood · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ⚠ suspicious
82
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install hostlink
Description
Execute commands on the host machine from inside the OpenClaw container via the HostLink daemon. Provides secure, authenticated remote shell execution over a...
README (SKILL.md)

HostLink Skill

Execute commands on the host machine from inside this container.

Quick Reference

# Execute a command on the host
hostlink exec "ls /home/jebadiah"

# Ping the daemon (connection test)
hostlink ping

# With explicit socket/token (if env vars not set)
hostlink -s /run/hostlink/hostlink.sock -k $HOSTLINK_TOKEN exec "echo hello"

# Set working directory
hostlink -w /home/jebadiah exec "pwd"

# Set environment variables
hostlink -e MY_VAR=value exec "echo $MY_VAR"

# With timeout (ms)
hostlink -T 60000 exec "long-running-command"

# JSON output (machine-readable)
hostlink -j exec "ls -la" | python3 -c "import sys,json; d=json.load(sys.stdin); print(d['stdout'])"

# List configured targets
hostlink targets

Environment Variables

Set these so you don't need to pass flags every time:

Variable Purpose Default
HOSTLINK_SOCKET Unix socket path /run/hostlink/hostlink.sock
HOSTLINK_TOKEN Auth token (required)
HOSTLINK_TARGET Target node name (optional)

Best place to set these: workspace/.env or openclaw.json env.vars section.

Connection Status

Check if hostlinkd is reachable:

hostlink ping
# Expected: [hostname] pong - uptime Xs
# If error: daemon not running or socket not mounted

Common Use Cases

Access host filesystem

hostlink exec "ls /home/jebadiah/projects"
hostlink exec "cat /etc/hostname"

Run host-side GPU/ML tools

hostlink exec "nvidia-smi"
hostlink exec "ollama list"
hostlink exec "ls ~/.cache/huggingface/hub"

Access the Qwen3 merge project

hostlink exec "ls /path/to/qwen3-merge"
hostlink exec "cat /path/to/qwen3-merge/README.md"

Docker management on host

hostlink exec "docker ps"
hostlink exec "docker stats --no-stream"

Exit Codes

Code Meaning
0 Success
1 Remote command failed (check exit_code in JSON output)
2 Connection failed (daemon unreachable)
3 Authentication failed (wrong token)
5 Timeout
7 Client error (bad args, missing targets file)

Troubleshooting

"Connection failed" / exit 2:

  • hostlinkd not running on host: sudo systemctl start hostlinkd
  • Socket not mounted: check docker-compose volume mount
  • Wrong socket path: check HOSTLINK_SOCKET env var

"Authentication failed" / exit 3:

  • Wrong HOSTLINK_TOKEN — must match auth_token in /etc/hostlink/hostlink.conf

"server busy" error:

  • Host is at max_concurrent limit — retry shortly

Architecture

Container (you are here)          Host machine
┌─────────────────────┐          ┌──────────────────────────┐
│  hostlink (client)  │◄────────►│  hostlinkd (daemon)      │
│  workspace/bin/     │  Unix    │  /etc/hostlink/           │
│                     │  socket  │  auth_token = \x3Csecret>    │
└─────────────────────┘          │  shell = /bin/bash        │
                                 └──────────────────────────┘

See references/setup.md for installation and docker-compose configuration.

Usage Guidance
This skill legitimately provides host command execution — which is powerful and risky. Before installing or enabling it: - Treat HOSTLINK_TOKEN as a high-value secret. Do NOT store it in global config files unless you understand the risk; prefer ephemeral or workspace-scoped secrets and avoid committing it to disk or git. - The registry metadata is inconsistent: it does not declare the required HOSTLINK_TOKEN or config path it expects. Ask the publisher to correct metadata or do not trust automatic installation. - Vet the hostlinkd repository/binary (https://github.com/jebadiahgreenwood/hostlink) before installing on your host; build from source if you must, and review the code for privilege escalation/backdoors. - Run hostlinkd as a least-privileged user where possible; do not run it as root unless you accept the risk. - Limit socket access (unix_mode, group membership) and avoid enabling TCP unless protected by WireGuard and strict network controls. - If you enable this skill for an agent, restrict autonomous invocation or remove the token from global agent configs; consider requiring explicit human confirmation for any host-executed command. - Rotate the auth token after any change, and monitor hostlinkd logs for unexpected commands. Given the metadata/instruction mismatch and the ability to run arbitrary host commands, proceed only if you fully trust the daemon, the repo, and the people who will control the agent.
Capability Analysis
Type: OpenClaw Skill Name: hostlink Version: 0.1.0 The 'hostlink' skill provides a mechanism for the AI agent to execute arbitrary shell commands on the host machine from within the container, effectively bypassing container isolation. While the documentation (SKILL.md and references/setup.md) presents this as a utility for host-side tool management (e.g., Docker, GPUs), it grants the agent full RCE capabilities on the host, often with root privileges. This is an inherently high-risk capability that could be abused for host compromise, although no specific evidence of malicious exfiltration or hidden backdoors was found in the provided files.
Capability Assessment
Purpose & Capability
The name/description match the runtime instructions: this skill is explicitly for executing commands on the host via a hostlink daemon. Asking for access to the host socket and the ability to run host commands is coherent with that purpose.
Instruction Scope
The SKILL.md instructs use of a required secret (HOSTLINK_TOKEN) and host socket paths and tells the user to add that token to openclaw.json or workspace/.env. The registry metadata declares no required env vars or config paths, so the instructions access secrets/configuration that the skill metadata does not advertise. The instructions also enable arbitrary host command execution (including reading /etc, GPU tooling, Docker, etc.), which is expected but high-impact.
Install Mechanism
This is an instruction-only skill (no install spec) so it won’t write code into the container. The setup guide points to a GitHub repo and building/installing host binaries on the host — normal for a host-side daemon, but you should vet the upstream repository and binary before installing on your host.
Credentials
Although SKILL.md requires an auth token (HOSTLINK_TOKEN) and suggests placing it in openclaw.json or workspace/.env, the registry metadata lists no required env vars and no required config paths. Requesting a persistent secret (potentially stored in ~/.openclaw/openclaw.json) without declaring it is disproportionate and a metadata mismatch. Storing the token in a global agent config grants ongoing host-execution capability to the agent if invoked.
Persistence & Privilege
always:false (good), but the skill is user-invocable and the platform allows autonomous invocation. If the HOSTLINK_TOKEN is placed in agent configuration (as the guide suggests), the agent would have persistent credentials enabling arbitrary host command execution. That combination (autonomous invocation + undisclosed persistent secret) materially increases risk.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install hostlink
  3. After installation, invoke the skill by name or use /hostlink
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release. Secure host command execution from OpenClaw container via Unix socket or TCP/WireGuard. 58/58 integration tests passing.
Metadata
Slug hostlink
Version 0.1.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is HostLink?

Execute commands on the host machine from inside the OpenClaw container via the HostLink daemon. Provides secure, authenticated remote shell execution over a... It is an AI Agent Skill for Claude Code / OpenClaw, with 82 downloads so far.

How do I install HostLink?

Run "/install hostlink" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is HostLink free?

Yes, HostLink is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does HostLink support?

HostLink is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created HostLink?

It is built and maintained by jebadiahgreenwood (@jebadiahgreenwood); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments