Remotego

Expose any CLI tool as a public web terminal via tunnel. Mirror bash, vim, python, node, or any command in a browser for remote access and collaboration.

This tool will publish whatever command you run (including shells and editors) to a public URL — treat it like handing your machine keyboard to a stranger. Before installing/running: - Verify the npm package and GitHub repository (owner, stars, recent commits) and inspect the source if possible. - Prefer installing and running inside an isolated environment (container, VM) — do not run as root or on production machines. - Do not run commands that access secrets, private keys, or sensitive files while the tunnel is active. - Confirm how authentication works (the SKILL.md's "5 second" requirement is vague); ensure strong access controls and short-lived sessions. - Be aware the tool likely uses SSH/localhost.run and needs outbound SSH (port 22) — confirm your network/firewall policy. - Avoid using 'npx' to run uninspected packages on high-privilege hosts; if you must, inspect the package contents first. If these concerns are acceptable and you understand the risks, proceed cautiously; otherwise treat this skill as potentially unsafe for sensitive systems.

Type: OpenClaw Skill Name: remotego Version: 1.1.0 The remotego skill provides a mechanism to expose local CLI tools, including shells like bash or python, to the public internet via a tunnel (localhost.run) and a web-based terminal. While documented as a collaboration tool, this functionality is functionally equivalent to a reverse shell, providing a high-risk path for remote system access and execution if the AI agent is manipulated. It is classified as suspicious rather than malicious because the behavior is transparently documented as a utility rather than being hidden or intentionally deceptive. (Files: SKILL.md, @remotego/remotego)