← 返回 Skills 市场
toxicpine

Ambit Cli

作者 Arbion Halili · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
585
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install ambit-cli
功能描述
Use this skill for any task involving the ambit CLI: creating or destroying private networks, deploying apps to a private network, checking network or router...
使用说明 (SKILL.md)

Ambit CLI

What Ambit Is

Ambit deploys apps to the cloud in a way that makes them completely unreachable from the public internet. Only devices enrolled in the user's private Tailscale network can connect to them. From the outside world's perspective, the app does not exist — there is no IP address to find, no port to scan.

This matters because putting a database, dashboard, or internal tool on the normal internet forces you to build login pages, configure firewalls, and harden the app against strangers. Ambit skips all of that. Access control is handled at the network level: if a device is on the Tailscale network, it can reach the app; if it isn't, the connection is refused before the app ever sees it.

Each private network you create is called an ambit. Every app deployed to it gets a human-readable address under that network's name — so http://my-app.lab means the my-app application on the lab ambit. These addresses work automatically for any device enrolled in the user's Tailscale account.

Installation

If ambit is not already installed, run it directly via Nix:

npx @cardelli/ambit

How It Works

graph LR
    A[Your Device\x3Cbr/>on Tailscale] -->|Tailscale tunnel| B[Ambit Router\x3Cbr/>Fly.io VM]
    B -->|Flycast / private IPv6| C[Your App\x3Cbr/>no public IP]

Ambit creates a router on Fly.io that joins the user's Tailscale network and advertises the private IPv6 subnet for that ambit. It also sets up split DNS so that *.\x3Cnetwork> queries resolve to the right app. Apps deployed with ambit deploy get a private Flycast address on the network and never receive a public IP.

Prerequisites

  • flyctl installed and authenticated (fly auth login)
  • Tailscale installed and connected (tailscale up)
  • Accept-routes enabled (sudo tailscale set --accept-routes)
  • A Tailscale API access token (tskey-api-...) — create one at https://login.tailscale.com/admin/settings/keys

Commands

ambit create \x3Cnetwork>

Creates a new private network. This is the first command to run when setting up a new ambit. It deploys a router on Fly.io, connects it to the user's Tailscale network, and configures split DNS so apps on the network are reachable by name.

ambit create lab
ambit create lab --org my-org --region sea
ambit create lab --self-approve

Flags:

  • --org \x3Corg> — Fly.io organization slug
  • --region \x3Cregion> — Fly.io region (default: iad)
  • --api-key \x3Ckey> — Tailscale API access token (prompted interactively if omitted)
  • --tag \x3Ctag> — Tailscale ACL tag for the router (default: tag:ambit-\x3Cnetwork>)
  • --self-approve — Approve subnet routes via Tailscale API instead of requiring autoApprovers in the ACL policy
  • -y, --yes — Skip confirmation prompts
  • --json — Output as JSON

What it does:

  1. Validates Fly.io auth and the Tailscale API key
  2. Checks that the tag (default tag:ambit-\x3Cnetwork>, or custom via --tag) exists in Tailscale ACL tagOwners
  3. Checks autoApprovers config (unless --self-approve)
  4. Creates a Fly.io app on the custom network
  5. Sets secrets: TAILSCALE_API_TOKEN, NETWORK_NAME, TAILSCALE_TAGS
  6. Deploys the router container
  7. Waits for the device to join the tailnet
  8. Configures split DNS (*.\x3Cnetwork> → router)
  9. Enables accept-routes locally if possible

Before running, the user must add the router's tag in their Tailscale ACL settings at https://login.tailscale.com/admin/acls/visual/tags. The tag defaults to tag:ambit-\x3Cnetwork> but can be overridden with --tag.

And optionally (or use --self-approve to skip this):

"autoApprovers": { "routes": { "fdaa:X:XXXX::/48": ["tag:ambit-\x3Cnetwork>"] } }

ambit deploy \x3Capp> --network \x3Cname>

Deploys an app onto a private network. This is the safe alternative to fly deploy: it always passes --no-public-ips and --flycast, runs pre-flight checks on the fly.toml for dangerous settings, and audits the result to verify no public IPs were allocated.

There are three mutually exclusive deployment modes:

Config mode (default) — uses a local fly.toml:

ambit deploy my-app --network lab
ambit deploy my-app --network lab --config ./custom.toml

Image mode — deploys a Docker image without fly.toml:

ambit deploy my-app --network lab --image registry.fly.io/my-app:latest
ambit deploy my-app --network lab --image registry.fly.io/my-app:latest --main-port 3000

Template mode — fetches a template from a GitHub repository and deploys it:

ambit deploy my-browser --network lab --template ToxicPine/ambit-templates/chromatic
ambit deploy my-browser --network lab --template ToxicPine/ambit-templates/[email protected]
ambit deploy my-shell --network lab --template ToxicPine/ambit-templates/wetty

Flags:

  • --network \x3Cname> — Target network (required)
  • --org \x3Corg> — Fly.io organization
  • --region \x3Cregion> — Primary region
  • --config \x3Cpath> — Explicit path to fly.toml (config mode)
  • --image \x3Cimg> — Docker image to deploy (image mode)
  • --main-port \x3Cport> — Internal port for HTTP service in image mode (default: 80, "none" to skip)
  • --template \x3Cref> — GitHub template reference (template mode)
  • -y, --yes — Skip confirmation
  • --json — Output as JSON

Template reference format:

owner/repo/path             Fetch from the default branch
owner/repo/path@tag         Fetch a tagged release
owner/repo/path@branch      Fetch a specific branch
owner/repo/path@commit      Fetch a specific commit

The template must contain a fly.toml (and typically a Dockerfile). The template is fetched from GitHub's tarball API, the target subdirectory is extracted, pre-flight scanned, and deployed. The temp directory is cleaned up automatically.

ambit list

Lists all discovered routers across all networks.

ambit list
ambit list --org my-org --json

Shows: network name, app name, region, machine state, private IP, subnet, and Tailscale device status.

ambit status

Shows detailed router status. Run without --network to see all routers, or with --network to focus on one.

ambit status
ambit status --network lab

Detailed view includes: machine state, SOCKS5 proxy address, Tailscale IP, online status, advertised routes, and split DNS config.

ambit destroy --network \x3Cname>

Tears down a router and cleans up all associated resources. Apps deployed on the network are NOT deleted — only the router is removed. The user will need to manually remove ACL policy entries for the network tag.

ambit destroy --network lab
ambit destroy --network lab --yes

What it does:

  1. Finds the router app for the network
  2. Clears split DNS configuration
  3. Removes the Tailscale device
  4. Destroys the Fly.io app

ambit doctor

Health check for the local environment and router infrastructure. Run this whenever something seems wrong — it checks the most common failure points and gives remediation hints.

ambit doctor
ambit doctor --network lab

Checks:

  • Tailscale CLI installed
  • Tailscale connected (BackendState = Running)
  • Accept-routes enabled
  • Router(s) exist and machines are running
  • Router(s) visible in tailnet

Templates

Ready-to-deploy templates are available at ToxicPine/ambit-templates:

Template Description
ToxicPine/ambit-templates/chromatic Headless Chrome exposing Chrome DevTools Protocol on port 9222 — for AI agents or scripts that need a browser on the private network.
ToxicPine/ambit-templates/wetty A cloud devshell with a web terminal, persistent home directory, passwordless sudo, and auto start/stop.
ToxicPine/ambit-templates/opencode A private OpenCode web workspace — Nix-based environment with persistent home and auto start/stop. 
ambit deploy my-browser --network lab --template ToxicPine/ambit-templates/chromatic
ambit deploy my-shell --network lab --template ToxicPine/ambit-templates/wetty
ambit deploy my-code --network lab --template ToxicPine/ambit-templates/opencode

Common Workflows

First-Time Setup

# 1. Add tag to Tailscale ACL policy in the web UI
# 2. Create the router
ambit create lab --self-approve

# 3. Deploy an app
ambit deploy my-app --network lab

# 4. App is now reachable as http://my-app.lab from any device on the tailnet

# 5. Invite people to your tailnet:
#    https://login.tailscale.com/admin/users
# 6. Control their access:
#    https://login.tailscale.com/admin/acls/visual/general-access-rules

Deploy from a Template

ambit deploy my-browser --network lab --template ToxicPine/ambit-templates/chromatic
# → headless Chrome at my-browser.lab:9222, reachable via CDP

Debugging Connectivity

ambit doctor --network lab    # Check all the common failure points
ambit status --network lab    # Detailed router state

Tearing Down

ambit destroy --network lab
# Then remove from Tailscale ACL:
#   tagOwners: tag:ambit-lab
#   autoApprovers: routes for tag:ambit-lab

Troubleshooting

Symptom Fix
"Tag not configured in tagOwners" Add "tag:ambit-\x3Cnetwork>": ["autogroup:admin"] to Tailscale ACL tagOwners.
"autoApprovers not configured" Either configure autoApprovers in the ACL or re-run with --self-approve.
Router deployed but not reachable Run ambit doctor. Check that accept-routes is enabled locally.
"Timeout waiting for device" Check router logs. Most common cause: expired or invalid Tailscale API key.
Apps not resolving as \x3Capp>.\x3Cnetwork> Verify split DNS is configured: ambit status --network \x3Cname>. Check the router is online in the tailnet.
"Flyctl not found" Install from https://fly.io/docs/flyctl/install/
安全使用建议
This skill appears to implement an Ambit CLI workflow, but before using it: (1) be cautious about running remote packages with `npx @cardelli/ambit`—inspect the npm package source or prefer a vetted local binary; (2) expect to provide Fly.io authentication and a Tailscale API token—these are sensitive credentials that grant the ability to change routes/ACLs; (3) review any commands that require sudo (e.g., enabling accept-routes) and changes to Tailscale ACL tags because they alter network routing; (4) ask the publisher to update registry metadata to list required env vars and any install steps; and (5) consider testing in an isolated account or environment first. If you need help auditing the npm package or the GitHub templates before running them, get that code reviewed or run the tool in a disposable VM.
功能分析
Type: OpenClaw Skill Name: ambit-cli Version: 0.1.0 The skill bundle is classified as suspicious due to several high-risk behaviors and supply chain vulnerabilities, despite lacking explicit malicious intent. The `SKILL.md` instructs the agent to execute an external `npx` package (`npx @cardelli/ambit`) and to download and deploy remote templates from GitHub (`ToxicPine/ambit-templates`), both of which introduce significant supply chain risks. Furthermore, the skill requires the agent to handle sensitive `TAILSCALE_API_TOKEN`s and perform privileged operations (`sudo tailscale set --accept-routes`), increasing the potential attack surface if any of the external dependencies were compromised or if the agent were to be prompted maliciously.
能力评估
Purpose & Capability
The name and description match the instructions: the skill manages Ambit/Fly.io routers and Tailscale private networks, deploys apps, and configures DNS/routes. Requested actions (Fly.io auth, Tailscale token, modifying ACL tags, enabling accept-routes) are coherent with that purpose.
Instruction Scope
The SKILL.md stays on-topic: it describes creating routers, setting Fly.io secrets, configuring split DNS, and using Tailscale API tokens. It legitimately asks the user to modify Tailscale ACL tags and enable accept-routes (which have network-level consequences) and to store TAILSCALE_API_TOKEN as a Fly secret. It does not appear to instruct reading unrelated host files or exfiltrating data, but it does require handling sensitive tokens and running privileged tailscale commands.
Install Mechanism
There is no formal install spec in the registry, but the doc tells users to run `npx @cardelli/ambit` to execute a remote npm package. Running code directly from npm via npx is higher-risk because it executes code fetched at runtime from a package author and may write/execute arbitrary code locally. The SKILL.md also fetches templates from GitHub (expected) and uses flyctl/tailscale executables (expected).
Credentials
The manifest declares no required environment variables, but the instructions explicitly require Fly.io authentication and a Tailscale API access token (and show setting TAILSCALE_API_TOKEN as a Fly secret). This mismatch (metadata omitting required secrets) reduces transparency. The credentials requested by the instructions are logically needed for the described operations, but they are sensitive (Tailscale API tokens can modify routes/ACLs) and should be declared in metadata and handled carefully.
Persistence & Privilege
The skill is instruction-only (no install spec writing to disk) and does not request always:true. The agent can invoke the skill autonomously (default) but that is normal for skills. The runtime instructions do request changes to user Fly/Tailscale configuration (secrets, tags, accept-routes) which have lasting network effects, but the skill itself does not request elevated platform privileges or long-term installation.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install ambit-cli
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /ambit-cli 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of ambit-cli: Deploy private, internet-invisible apps using Tailscale and Fly.io. - Supports creating private networks ("ambits") with isolated access via Tailscale routing and split DNS. - Enables deploying apps to these networks using local fly.toml, Docker images, or GitHub templates—with automatic safety checks. - Provides commands to list routers, check network/router health, and view detailed status. - Includes network teardown and resource cleanup via `ambit destroy`. - Offers a `doctor` command for health checking and troubleshooting of all core components.
元数据
Slug ambit-cli
版本 0.1.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Ambit Cli 是什么?

Use this skill for any task involving the ambit CLI: creating or destroying private networks, deploying apps to a private network, checking network or router... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 585 次。

如何安装 Ambit Cli?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ambit-cli」即可一键安装,无需额外配置。

Ambit Cli 是免费的吗?

是的,Ambit Cli 完全免费(开源免费),可自由下载、安装和使用。

Ambit Cli 支持哪些平台?

Ambit Cli 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Ambit Cli?

由 Arbion Halili(@toxicpine)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论