← Back to Skills Marketplace
Create New Openclaw Instance on GCP VM
by
Divide-By-0
· GitHub ↗
· v1.0.0
2210
Downloads
1
Stars
4
Active Installs
1
Versions
Install in OpenClaw
/install create-new-openclaw-in-gcp
Description
Deploy and configure an OpenClaw instance on a GCP VM with Tailscale networking, Brave Search integration, and secure credential handling.
README (SKILL.md)
OpenClaw Cloud Setup Skill
Deploy OpenClaw to GCP with Tailscale and Brave Search.
Required Environment Variables
export OPENCLAW_PROJECT_ID="your-gcp-project"
export OPENCLAW_USERNAME="your-ssh-username"
export ANTHROPIC_TOKEN="sk-ant-oat01-..." # Keep secret
export BRAVE_API_KEY="..." # Keep secret
Quick Start
chmod +x openclaw-quick-setup.sh
./openclaw-quick-setup.sh
Manual Setup (Copy-Paste)
# Set variables first (see above)
ZONE="us-central1-a"
VM="openclaw"
# Create VM
gcloud compute instances create "$VM" \
--project="$OPENCLAW_PROJECT_ID" --zone="$ZONE" \
--machine-type=e2-medium \
--image-family=debian-12 --image-project=debian-cloud \
--boot-disk-size=10GB \
--metadata=ssh-keys="${OPENCLAW_USERNAME}:$(cat ~/.ssh/id_ed25519.pub)"
IP=$(gcloud compute instances describe "$VM" \
--project="$OPENCLAW_PROJECT_ID" --zone="$ZONE" \
--format='get(networkInterfaces[0].accessConfigs[0].natIP)')
# Wait for SSH, then run setup
sleep 30
ssh -o StrictHostKeyChecking=no "${OPENCLAW_USERNAME}@${IP}" "
set -euo pipefail
sudo apt-get update && sudo apt-get install -y git curl ufw jq
curl -fsSL https://tailscale.com/install.sh | sh
"
# Manual: authorize Tailscale
ssh "${OPENCLAW_USERNAME}@${IP}" "sudo tailscale up"
# Continue setup
ssh "${OPENCLAW_USERNAME}@${IP}" "
set -euo pipefail
sudo ufw allow 22/tcp && sudo ufw allow in on tailscale0 && echo y | sudo ufw enable
echo 'nameserver 8.8.8.8' | sudo tee -a /etc/resolv.conf
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
source ~/.nvm/nvm.sh && nvm install 22
source ~/.nvm/nvm.sh && npm install -g openclaw@latest
"
# Configure OpenClaw (credentials via stdin)
ssh "${OPENCLAW_USERNAME}@${IP}" '
source ~/.nvm/nvm.sh
openclaw onboard --non-interactive --accept-risk \
--auth-choice token --token-provider anthropic \
--token "$(cat)" --gateway-bind loopback --install-daemon
' \x3C\x3C\x3C "$ANTHROPIC_TOKEN"
# Add Brave key + enable Tailscale auth
ssh "${OPENCLAW_USERNAME}@${IP}" "
set -euo pipefail
mkdir -p ~/.config/systemd/user/openclaw-gateway.service.d
cat > ~/.config/systemd/user/openclaw-gateway.service.d/brave.conf \x3C\x3C CONF
[Service]
Environment=\"BRAVE_API_KEY=\$(cat)\"
CONF
chmod 600 ~/.config/systemd/user/openclaw-gateway.service.d/brave.conf
systemctl --user daemon-reload
source ~/.nvm/nvm.sh
jq '.gateway.auth.allowTailscale = true' ~/.openclaw/openclaw.json > /tmp/oc.json
mv /tmp/oc.json ~/.openclaw/openclaw.json
chmod 600 ~/.openclaw/openclaw.json
openclaw gateway restart
sudo tailscale serve --bg 18789
" \x3C\x3C\x3C "$BRAVE_API_KEY"
# Get dashboard URL
ssh "${OPENCLAW_USERNAME}@${IP}" "tailscale serve status"
# After first browser access, approve device
ssh "${OPENCLAW_USERNAME}@${IP}" 'source ~/.nvm/nvm.sh && openclaw devices list'
# Then: openclaw devices approve \x3CREQUEST_ID>
Key Learnings
| Issue | Solution |
|---|---|
| e2-micro OOM | Use e2-medium (4GB minimum) |
| nodesource failures | Use nvm for Node.js 22 |
| DNS broken after Tailscale | Add 8.8.8.8 to /etc/resolv.conf |
| Brave key in config rejected | Use systemd env var drop-in |
| Dashboard "pairing required" | Run openclaw devices approve \x3Cid> |
Security Notes
- Credentials passed via stdin (
\x3C\x3C\x3C), not command-line args - Config files set to
chmod 600 - Gateway binds to loopback, exposed only via Tailscale
- UFW blocks all inbound except SSH and Tailscale
Usage Guidance
This SKILL.md reasonably describes how to create an OpenClaw VM, but the manifest and the instructions disagree — the file expects several environment variables and a local SSH key that the registry did not declare. Before using it: 1) Do not run the quick script (chmod +x ./openclaw-quick-setup.sh && ./...) without first opening and inspecting the script. 2) Manually inspect any remote install scripts (tailscale install.sh, nvm install.sh) instead of piping them to sh; prefer downloading, reviewing, then executing. 3) Ensure you understand where secrets go: ANTHROPIC_TOKEN and BRAVE_API_KEY will be sent to the VM and stored in a systemd drop-in; only use keys you are willing to place on that machine, and ensure file permissions and service scope are appropriate. 4) Confirm the npm package openclaw@latest source and prefer pinning a known-good version. 5) Update or ask the skill author to fix registry metadata to list required env vars and explain why each secret is needed. 6) If you want automation, run the commands interactively yourself (or in a sandbox) rather than letting an agent execute them autonomously.
Capability Analysis
Type: OpenClaw Skill
Name: create-new-openclaw-in-gcp
Version: 1.0.0
The skill bundle is classified as suspicious primarily due to the use of `curl | sh` for installing Tailscale and NVM from remote URLs (tailscale.com and raw.githubusercontent.com) within the SKILL.md file. While these actions are plausibly needed for the stated purpose of deploying OpenClaw and the sources appear legitimate, executing arbitrary remote scripts directly is a high-risk security practice. There is no clear evidence of intentional malicious behavior such as data exfiltration, backdoors, or prompt injection against the agent, and sensitive credentials are handled via stdin with secure file permissions.
Capability Assessment
Purpose & Capability
The intent (provision an OpenClaw instance on GCP) matches the commands in SKILL.md (gcloud, ssh, install OpenClaw, Tailscale, Brave integration). However the registry metadata declares no required env vars/credentials, while the instructions explicitly require OPENCLAW_PROJECT_ID, OPENCLAW_USERNAME, ANTHROPIC_TOKEN, and BRAVE_API_KEY, and also rely on a local SSH public key (~/.ssh/id_ed25519.pub). The missing declarations are an incoherence that makes the skill's manifest unreliable.
Instruction Scope
The instructions read local files (~/.ssh/id_ed25519.pub), require environment secrets (Anthropic and Brave keys) and transmit those secrets to the remote VM via stdin/ssh heredocs. They also write a systemd drop-in containing an API key and modify ~/.openclaw/openclaw.json. While all of this is plausibly required for provisioning, the instructions perform file reads/writes and secret transmission beyond what the skill metadata declares — and they use broad, interactive commands (ssh, systemctl --user, jq edits) that an automated agent would carry out with real privileges.
Install Mechanism
This is an instruction-only skill (no install spec), which reduces platform-side risk. However the runtime instructions repeatedly download and execute remote install scripts (curl | sh from tailscale.com and raw.githubusercontent.com) and globally install an npm package (openclaw@latest). Piping arbitrary remote scripts into sh and installing 'latest' packages are common in bootstraps but are higher-risk actions and should be reviewed before execution.
Credentials
The SKILL.md requires multiple secrets (ANTHROPIC_TOKEN and BRAVE_API_KEY) plus a GCP project and SSH username; these are reasonable for the described deployment, but the skill metadata did not declare any required environment variables or a primary credential. That mismatch is a red flag: the skill is asking for sensitive credentials without declaring them in its manifest, making it easier to accidentally grant secrets without realizing the skill needs them.
Persistence & Privilege
The skill does not request always:true and does not claim system-wide persistent privileges. It writes user-level systemd config and modifies the user's OpenClaw config on the VM, which is expected for installing/ configuring OpenClaw. No evidence it attempts to modify other skills or global agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install create-new-openclaw-in-gcp - After installation, invoke the skill by name or use
/create-new-openclaw-in-gcp - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Deploy OpenClaw to Google Cloud Platform with integrated Tailscale access and Brave Search.
- Provides quick-setup script and full manual setup instructions.
- Securely handles credentials and configuration using stdin and restricted file permissions.
- Installs and configures all required software including Tailscale and OpenClaw gateway.
- Enables Tailscale network access and Brave API integration via systemd environment.
- Guides for troubleshooting known setup issues and enforcing secure access.
Metadata
Frequently Asked Questions
What is Create New Openclaw Instance on GCP VM?
Deploy and configure an OpenClaw instance on a GCP VM with Tailscale networking, Brave Search integration, and secure credential handling. It is an AI Agent Skill for Claude Code / OpenClaw, with 2210 downloads so far.
How do I install Create New Openclaw Instance on GCP VM?
Run "/install create-new-openclaw-in-gcp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Create New Openclaw Instance on GCP VM free?
Yes, Create New Openclaw Instance on GCP VM is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Create New Openclaw Instance on GCP VM support?
Create New Openclaw Instance on GCP VM is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Create New Openclaw Instance on GCP VM?
It is built and maintained by Divide-By-0 (@divide-by-0); the current version is v1.0.0.
More Skills