← 返回 Skills 市场
Common options for
374
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install hle-tunnel
功能描述
Access your AI agent's web UI from anywhere and share it securely — automatic HTTPS, SSO access control, no VPN or port forwarding needed.
使用说明 (SKILL.md)
HLE Tunnel
Access your agent's web UI from anywhere and share it with others — secure remote access with automatic HTTPS and SSO, powered by HLE (Home Lab Everywhere).
When to use
Use this skill when the user wants to:
- Access their agent's Control UI (port 18789) remotely — from a phone, laptop, or another network
- Share their agent UI with a friend or collaborator via SSO (Google, GitHub)
- Expose any local service the agent manages — Home Assistant, Grafana, Portainer, Jupyter, dev servers
- Manage tunnel access control (SSO, PIN, share links, basic auth)
Do not use this skill for general networking, port forwarding within a LAN, or VPN setup.
Setup
Before exposing services, the user needs an HLE account and API key:
- Sign up at https://hle.world and create an API key in the dashboard
- Run
hle auth loginto save the key (opens browser), or set theHLE_API_KEYenvironment variable
Check auth status with hle auth status.
Usage
Access your agent UI remotely
# Expose the Control UI so you can access it from anywhere
hle expose --service http://localhost:18789 --label my-agent
# Share access with a collaborator via SSO
hle expose --service http://localhost:18789 --label my-agent \
--allow [email protected]
# Allow multiple people
hle expose --service http://localhost:18789 --label my-agent \
--allow [email protected] --allow [email protected]
The command runs in the foreground and prints the public URL (e.g. https://my-agent-x7k.hle.world). Anyone you --allow can log in via Google or GitHub SSO — no account sharing needed.
Expose services your agent manages
# Home Assistant
hle expose --service http://localhost:8123 --label ha \
--allow [email protected]
# Grafana dashboard — share with your team
hle expose --service http://localhost:3000 --label grafana \
--allow [email protected] --allow [email protected]
# Dev server — share with a client for a demo
hle expose --service http://localhost:3000 --label dev \
--allow [email protected]
# Jupyter notebook — share with a colleague
hle expose --service http://localhost:8888 --label notebook \
--allow [email protected]
List active tunnels
hle tunnels
Access control
# Allow a specific email to access a tunnel via SSO
hle access add my-agent-x7k [email protected]
# Set a PIN for quick access
hle pin set my-agent-x7k
# Create a temporary share link (expires in 24h by default)
hle share create my-agent-x7k --duration 1h --max-uses 5
# Set HTTP Basic Auth
hle basic-auth set my-agent-x7k
Common options for hle expose
| Flag | Description |
|---|---|
--service URL |
Local service URL (required) |
--label NAME |
Subdomain label (e.g. my-agent -> my-agent-x7k.hle.world) |
--auth sso|none |
Auth mode (default: sso) |
--allow EMAIL |
Allow email for SSO access (repeatable) |
--websocket/--no-websocket |
WebSocket proxying (default: on) |
--verify-ssl |
Verify local service SSL cert |
--upstream-basic-auth USER:PASS |
Inject Basic Auth to upstream |
--forward-host |
Forward browser Host header to local service |
Run with Docker
If Docker is available, you can run HLE as a container instead of installing the CLI.
Headless (tunnels only, no UI)
docker run -d \
--name hle \
-e HLE_API_KEY=your_key_here \
-v hle-data:/data \
ghcr.io/hle-world/hle-docker:headless
# Expose your agent's Control UI running on the Docker host
docker exec hle hle expose \
--service http://host.docker.internal:18789 \
--label my-agent \
--allow [email protected]
With Web UI
docker run -d \
--name hle \
-p 8099:8099 \
-e HLE_API_KEY=your_key_here \
-v hle-data:/data \
ghcr.io/hle-world/hle-docker:latest
Open http://localhost:8099 to manage tunnels from a browser.
Docker Compose
services:
hle:
image: ghcr.io/hle-world/hle-docker:headless
restart: unless-stopped
volumes:
- hle-data:/data
environment:
- HLE_API_KEY=your_key_here
volumes:
hle-data:
Important notes
- The
hle exposecommand runs in the foreground. To run as a background service, usenohup,tmux,screen, or a process manager. - Self-signed certificates on local services are accepted by default (no
--verify-sslneeded). - The public URL format is
https://\x3Clabel>-\x3Cuser_code>.hle.world. - By default, only you (the account owner) can access the tunnel. Use
--allowto grant access to others via SSO. - API key can be set via
--api-keyflag,HLE_API_KEYenv var, or~/.config/hle/config.toml.
Installation
If hle is not installed:
# Homebrew (macOS/Linux)
brew install hle-world/tap/hle-client
# pip/pipx
pipx install hle-client
# or: pip install hle-client
安全使用建议
This skill appears to be what it says: a client for the HLE tunneling service. Before installing, confirm you trust hle.world and the hle-world publisher (Homebrew tap and GHCR image). Treat HLE_API_KEY like a password — anyone with it could expose services from your machine. Avoid exposing sensitive services (databases, admin panels) unless you fully understand access controls; prefer limiting access to specific emails, enable PIN/basic-auth, and use --verify-ssl where possible. If you run the GHCR container, verify image provenance (official repository, tags, checksums). If you want stronger assurance, run the client in an isolated environment (container or dedicated VM) and monitor active tunnels (hle tunnels) and config files (~/.config/hle/config.toml) for unexpected keys or activity.
功能分析
Type: OpenClaw Skill
Name: hle-tunnel
Version: 1.2.0
The skill provides instructions and examples for the AI agent to install and use the 'hle' (Home Lab Everywhere) CLI to create internet tunnels for local services, including the agent's own control UI (port 18789). While the skill is aligned with its stated purpose of providing remote access and includes documentation for SSO and access controls, the inherent capability to bypass firewalls and expose internal infrastructure to the public internet is a high-risk behavior. No evidence of intentional malice or hidden data exfiltration was found in SKILL.md or references/examples.md, but the functionality facilitates significant security exposure.
能力评估
Purpose & Capability
Name/description match the declared requirements: the skill needs the 'hle' client (brew/pipx/uv) and an HLE_API_KEY to create tunnels and SSO access. Required binaries and env var are proportionate to a tunneling product.
Instruction Scope
SKILL.md only instructs the agent/user to install and run the hle client or run the official ghcr.io container and to set HLE_API_KEY or use 'hle auth login'. It explicitly tells how to expose local services (including the agent Control UI). This is expected, but exposing the agent's control UI and other local services is inherently sensitive. The doc also notes self-signed certs are accepted by default (no --verify-ssl), which reduces security for upstream services and should be considered carefully.
Install Mechanism
Install options are Homebrew (hle-world/tap) or a package (uv/pipx), and the docs reference a GHCR container (ghcr.io/hle-world/hle-docker). These are standard mechanisms for distributing a CLI and container; however, the brew tap is a third-party tap and the container image is from ghcr.io/hle-world — verify you trust that publisher before installing.
Credentials
Only HLE_API_KEY is required. That is appropriate for a service that authorizes creation of public tunnels. Treat this API key as highly sensitive because it allows creating public access to your local services.
Persistence & Privilege
The metadata does not request always:true nor modify other skills or system-wide agent settings. Instructions mention storing credentials in ~/.config/hle/config.toml or env vars, which is normal for a CLI. Note: the agent (if it invokes the skill autonomously) could run hle commands and create tunnels while authorized — this is expected behavior but worth being aware of.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install hle-tunnel - 安装完成后,直接呼叫该 Skill 的名称或使用
/hle-tunnel触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
Reposition for agent remote access: expose Control UI from anywhere, --allow SSO examples front and center, Docker support added
v1.1.0
Reposition for agent remote access: expose Control UI from anywhere, --allow SSO examples front and center, Docker support added
v1.0.0
Initial release: expose local services to the internet with automatic HTTPS and SSO via HLE (hle.world)
元数据
常见问题
HLE Tunnel 是什么?
Access your AI agent's web UI from anywhere and share it securely — automatic HTTPS, SSO access control, no VPN or port forwarding needed. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 374 次。
如何安装 HLE Tunnel?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install hle-tunnel」即可一键安装,无需额外配置。
HLE Tunnel 是免费的吗?
是的,HLE Tunnel 完全免费(开源免费),可自由下载、安装和使用。
HLE Tunnel 支持哪些平台?
HLE Tunnel 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 HLE Tunnel?
由 jspanos(@jspanos)开发并维护,当前版本 v1.2.0。
推荐 Skills