功能描述

Legacy combined bridge skill for Linux-to-Mac wrapper installs. Prefer the newer split skills `macos-bridge` for Mac-owned CLIs and `homebrew-bridge` for Hom...

使用说明 (SKILL.md)

Linux to Mac Bridge

Name: Linux To Mac Bridge
Author: matthewxmurphy

This is now the legacy combined skill.

Prefer:

macos-bridge for imsg, remindctl, memo, things, peekaboo
homebrew-bridge for brew, gh, and other /opt/homebrew/bin tools

Use this skill when a Linux gateway should expose Mac-backed tools as stable Linux-side commands.

This is the publishable answer to the “gray macOS skill on Linux gateway” problem:

do not patch bundled skills
do not pretend Linux can run macOS binaries
install explicit wrappers on the Linux gateway
make public skills depend on those wrapper paths instead
assume the Linux gateway and Mac nodes are on the same trusted local network

Use This Skill For

imsg, remindctl, memo, things, peekaboo
Homebrew business tools that live on a connected Mac node
wrapper-backed skills that should show as ready on a Linux gateway
capability reports and stable tool ownership mapping
same-LAN Linux gateway to Mac node setups
Mac nodes that are kept awake or have Wake-on-LAN enabled

Do Not Use This Skill For

Linux-native tools that should just be installed locally
random internet-routed Mac hosts or untrusted WAN hops
arbitrary remote shell access
patching OpenClaw internals so bundled macOS skills lie about support

Requirements

Linux gateway and Mac nodes share the same trusted local network or VLAN
Linux gateway can SSH to the owning Mac nodes
remote binaries exist and have the needed macOS permissions
you know which Mac owns each tool
Mac nodes should stay awake for agent work, or at minimum have Wake-on-LAN enabled if you expect them to be resumed remotely

Local Network Contract

This skill is designed for a homelab or office-local topology:

Linux gateway on the same LAN as the Macs
stable RFC1918 or otherwise local addresses for the Mac nodes
low-latency SSH between gateway and nodes
no requirement for public internet routing to the Macs

Default assumption:

if the gateway cannot reach the Mac over the local network, the wrapper-backed workflow is not healthy

Wake-on-LAN note:

the wrapper install scripts can embed Wake-on-LAN metadata and retry logic
if a Mac may sleep, configure a wake map so the Linux-side wrapper can send a magic packet and retry SSH automatically

Design Contract

Linux gateway holds the wrappers
Mac nodes hold the real binaries and OS-level permissions
public skills depend on the wrapper path, not the remote path
tool ownership stays explicit and auditable
the bridge is optimized for same-LAN node reachability, not public-host reachability

Workflow

1. Render A Tool Ownership Map

Run:

scripts/render-tool-map.sh

If ~/.openclaw/openclaw.json already contains Mac-backed remoteHost entries, this will auto-render a gateway-local ownership map from that config first. In that case, do not ask again for IP address or SSH username unless the discovered mapping is missing or clearly wrong.

Otherwise it gives you a repeatable starter map such as:

imsg -> [email protected]
remindctl -> [email protected]
gh -> [email protected]

2. Install The macOS Pack

Example:

scripts/install-macos-pack.sh \
  --target-dir /home/node/.openclaw/bin \
  --tool imsg \
  --tool remindctl \
  --tool memo \
  --tool gh \
  --openclaw-config /home/node/.openclaw/openclaw.json \
  --wake-map mac-messages.local=AA:BB:CC:DD:EE:FF \
  --wake-map mac-tools.local=11:22:33:44:55:66 \
  --wake-wait 20 \
  --wake-retries 2

The installer will now:

use explicit --map tool=user@host entries when you provide them
otherwise try to infer the tool host from remoteHost values in the OpenClaw config
fall back to a single discovered Mac host for unmapped tools when only one unique remoteHost is known
let you force a shared owner with --default-host user@host
avoid manual host questions when it can already resolve the owner from the OpenClaw config

This creates wrapper paths on Linux such as:

/home/node/.openclaw/bin/imsg
/home/node/.openclaw/bin/remindctl
/home/node/.openclaw/bin/memo
/home/node/.openclaw/bin/gh

When a wake map is configured, the generated wrapper will:

attempt SSH normally first
send a Wake-on-LAN magic packet if the first attempt fails
wait the configured number of seconds
retry the remote command

3. Verify The Pack

Run:

scripts/verify-macos-pack.sh --target-dir /home/node/.openclaw/bin

This verifies the wrapper executables exist and can be resolved from the gateway side.

It also shows whether Wake-on-LAN is embedded in each installed wrapper.

4. Build Public Skills On Top

When publishing a community skill:

require the Linux wrapper path, not the macOS binary path
document which Mac is expected to own the tool
treat the wrapper as the stable API surface

Read references/skill-readiness.md.

Security Rules

one wrapper per tool
one explicit owning Mac per tool
no generic remote shell bridge
no secrets stored in the skill folder
no core patching to force a green badge

Files

scripts/install-wrapper.sh: create one SSH wrapper for a remote binary
scripts/install-macos-pack.sh: install a batch of common Mac-backed tool wrappers with optional auto-discovery from OpenClaw config and Wake-on-LAN maps
scripts/verify-macos-pack.sh: verify the wrapper pack on the Linux gateway and show Wake-on-LAN status
scripts/render-tool-map.sh: print the auto-discovered or recommended tool ownership map plus Wake-on-LAN map examples
references/skill-readiness.md: how to make public skills stay ready on Linux without patching core

安全使用建议

This skill is coherent for the intended local-LAN use case, but it creates Linux wrappers that SSH into remote Macs and can run arbitrary commands there — treat it as granting remote execution to whichever SSH identity you configure. Before installing: (1) inspect the scripts (install-wrapper.sh is the wrapper template) to confirm the remote commands and escaping meet your policy; (2) provide an SSH key with limited rights and use a known_hosts file to avoid MITM risk; (3) ensure the OpenClaw config (~/.openclaw/openclaw.json) is trustworthy because the scripts may auto-discover remoteHost entries from it; (4) be aware Wake-on-LAN will broadcast packets on your LAN; (5) prefer the split 'macos-bridge' or 'homebrew-bridge' skills if they better match your needs. If you need stronger assurance, run the scripts in a controlled test environment first.

功能分析

Type: OpenClaw Skill Name: linux-to-mac-bridge Version: 1.2.1 The skill bundle provides a legitimate utility for creating Linux-side SSH wrappers to execute specific macOS commands (e.g., imsg, brew, gh) on a remote Mac node. The implementation in scripts/install-wrapper.sh and scripts/install-macos-pack.sh uses proper shell escaping (printf %q) to prevent command injection and includes a standard Python-based Wake-on-LAN mechanism for node recovery. No evidence of data exfiltration, unauthorized persistence, or malicious intent was found.

能力评估

✓ Purpose & Capability

Name/description match what the code does: the scripts render a tool map, create SSH-backed wrapper executables, verify them, and support Wake-on-LAN. Nothing in the files requests unrelated services or credentials.

ℹ Instruction Scope

SKILL.md directs running the included scripts and explicitly references reading ~/.openclaw/openclaw.json for auto-discovery. The scripts do read that config (if present) and require python3 for some operations; this behavior is consistent with the skill purpose but the SKILL.md does not declare python3 as a required runtime dependency nor explicitly list that the scripts will read the user's OpenClaw config file in $HOME. You should be aware the scripts will read that config and will create/written wrapper files into whatever --target-dir you supply.

ℹ Install Mechanism

There is no remote install or URL download (instruction-only), but the package includes multiple executable scripts which will be written to disk and executed by the operator. This is a normal pattern for a wrapper installer, but you should review the included scripts before running them.

✓ Credentials

The skill requests no environment variables or credentials. It optionally accepts an SSH key path and known-hosts file via script args (reasonable for SSH-based wrappers). No unrelated secret or cloud credentials are requested.

✓ Persistence & Privilege

The skill is not always-enabled and does not request elevated platform privileges. It installs wrappers into a user-specified directory only and does not modify other skills or global agent settings.

版本历史

v1.2.1

Patch wrapper forwarding refresh and ClawHub-managed bridge install.

v1.2.0

# linux-to-mac-bridge 1.2.0 - Added ClawHub card emoji metadata. - No behavior change; this is a presentation and registry metadata update.

v1.1.0

# linux-to-mac-bridge 1.1.0 Updated the legacy bridge skill so it no longer teaches the old business-pack flow. ## Changed - Replaced `install-business-pack.sh` and `verify-business-pack.sh` references with `install-macos-pack.sh` and `verify-macos-pack.sh`. - Clarified that the skill should auto-discover tool owners from OpenClaw `remoteHost` config before asking for manual host details. - Removed machine-specific fallback host examples from the skill and wrapper map output. - Strengthened the legacy guidance to prefer `macos-bridge` and `homebrew-bridge` when the split skills fit better.

v1.0.2

# Linux to Mac Bridge 1.0.2 - Added optional Wake-on-LAN support to generated Linux-side wrappers. - Added wake maps, broadcast, port, wait, and retry settings to the batch installer. - Updated verification output to show whether Wake-on-LAN is embedded for each wrapper. - Updated examples and skill metadata to describe automatic wake-and-retry behavior for same-LAN Macs.

v1.0.1

# Linux to Mac Bridge 1.0.1 - Clarified that the bridge is designed for the same trusted local network or VLAN. - Added Wake-on-LAN guidance for Mac nodes that may sleep between work windows. - Updated skill metadata and readiness guidance to reflect LAN-first node reachability.

v1.0.0

# linux-to-mac-bridge 1.0.0 Initial release. ## Added - Linux-side wrapper install flow for Mac-backed business tools. - Batch installer for common tools including `imsg`, `remindctl`, `memo`, `things`, `peekaboo`, `brew`, and `gh`. - Tool ownership map for mixed Linux gateway and Mac node setups. - Wrapper readiness verification to support publishable wrapper-backed skills. - Guidance for keeping skills ready on Linux without patching OpenClaw core or pretending Linux natively owns macOS tools.

元数据

Slug linux-to-mac-bridge

版本 1.2.1

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 6

常见问题