Remoting

Mirror your Claude Code terminal in a browser for remote viewing and real-time interaction. Creates a public web terminal via localhost.run tunnel.

This skill will open a publicly reachable, interactive shell session — anyone with the URL can type commands and see your terminal, so it can expose sensitive files, environment variables, or credentials. Before using: 1) Don’t run this on a machine containing secrets; prefer an isolated VM/container. 2) Verify the npm package and source code before running (check npm owner, package homepage, and the GitHub repo contents). The SKILL.md lists @remotego/remotego but points to a different GitHub repo — confirm this mismatch. 3) Be aware tunnels often reuse your SSH agent/keys (check whether localhost.run will access your SSH keys) and avoid exposing machines with SSH credentials. 4) Prefer using read-only/viewer modes if available, or restrict --cwd to an empty/safe directory. 5) If you must use it, run npx in a disposable environment, avoid global installs, and never run as root. If you want me to, I can: (a) help locate and inspect the npm package and its GitHub repo, or (b) suggest safer alternatives (screen-only viewers, authenticated sharing services) and command examples for running inside a disposable container.

Type: OpenClaw Skill Name: remoting Version: 1.1.0 The skill facilitates remote terminal mirroring and interaction by installing the '@remotego/remotego' package and establishing a public tunnel via 'localhost.run'. While the stated purpose is terminal sharing, this functionality effectively creates a remote shell/backdoor, exposing the entire Claude Code session (including potentially sensitive environment variables and credentials) to the public internet. The use of third-party tunneling to bypass local security boundaries for terminal access is a high-risk behavior primarily seen in remote access tools. (File: SKILL.md)