← 返回 Skills 市场
430
总下载
0
收藏
5
当前安装
2
版本数
在 OpenClaw 中安装
/install webchat-https-proxy
功能描述
HTTPS/WSS reverse proxy for OpenClaw WebChat Control UI. Serves the Control UI over HTTPS with TLS cert management, proxies WebSocket connections to the gate...
安全使用建议
This skill appears to do what it claims, but review before installing: 1) Back up ~/.openclaw/openclaw.json — deploy.sh will modify allowedOrigins and the proxy will read the gateway token from that file. 2) If you expose the service to your LAN (setting VOICE_HOST/VOICE_BIND_HOST or using a non-local bind), ensure a gateway token is configured — otherwise /transcribe may be accessible from the network. 3) Note small naming mismatch: the service unit uses VOICE_BIND_HOST but SKILL.md documents VOICE_HOST; deploy.sh sets VOICE_BIND_HOST for the unit. 4) Inspect assets/https-server.py yourself (it is included) if you need to confirm cert handling and auth behavior. 5) The skill installs a user systemd service and writes files under ~/.openclaw/workspace/voice-input and certs; uninstall.sh attempts to remove those. 6) The registry metadata appears to have malformed required-env entries ("[object Object]"); get clarification from the publisher if that matters to you. If these behaviors are acceptable, the skill is proportionate to its purpose; if you require stronger guarantees (no token access, no config modification, or no persistent service), do not install.
功能分析
Type: OpenClaw Skill
Name: webchat-https-proxy
Version: 0.1.1
The skill implements an HTTPS/WSS reverse proxy for the OpenClaw WebChat UI with a strong focus on security. Key features include SSRF protection (restricting upstream connections to localhost), path traversal protection for static file serving using realpath validation, and constant-time authentication token validation (hmac.compare_digest). The scripts (deploy.sh, uninstall.sh) and the Python server (https-server.py) follow best practices, such as enforcing TLS 1.2+, implementing upload/response size limits, and setting restrictive file permissions (0600) on generated private keys. No indicators of malicious intent or data exfiltration were found.
能力评估
Purpose & Capability
Name/description match what the files do: they copy a Python proxy into the user's workspace, update gateway.allowedOrigins in ~/.openclaw/openclaw.json, and install a user systemd service to serve HTTPS/WSS and proxy /transcribe to a local transcription service.
Instruction Scope
SKILL.md and scripts explicitly modify ~/.openclaw/openclaw.json, write a user systemd unit, and copy the runtime python to ~/.openclaw/workspace/voice-input. The proxy reads the gateway token from that config for optional auth. All file and network accesses are declared in SKILL.md, but note the auth behavior: when no gateway token is present the proxy permits requests (safe for localhost by default), so exposing to a LAN without a gateway token would allow unauthenticated /transcribe access.
Install Mechanism
No external downloads or opaque installers. It's an instruction-only skill with included scripts and a Python file. Deploy copies local files into user workspace and relies on an existing Python + aiohttp; no arbitrary remote code is fetched or executed during install.
Credentials
Requested env/config access is appropriate for a local proxy (port, bind host, allowed origin, workspace paths, and the openclaw config for gateway token). Minor inconsistencies exist between documented env names and actual usage: SKILL.md documents VOICE_HOST/VOICE_ALLOWED_ORIGIN/VOICE_HTTPS_PORT and config_paths, but the runtime python reads VOICE_BIND_HOST and WORKSPACE; deploy.sh maps VOICE_HOST → VOICE_BIND_HOST when creating the systemd unit. Registry metadata at the top also shows garbled required-env entries ("[object Object]").
Persistence & Privilege
The skill creates a user-level systemd service (~/.config/systemd/user) and enables it for the user; no root/sudo operations. always:true is not set. Uninstall script attempts to revert created artifacts.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install webchat-https-proxy - 安装完成后,直接呼叫该 Skill 的名称或使用
/webchat-https-proxy触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
MIT license added; same-origin transcribe auth hardening; preserve configured voice host on redeploy.
v0.1.0
Security hardening pass: constant-time auth compare, SSRF guard, symlink-safe path checks, CORS origin validation, bounded request sizes, docs cleanup
元数据
常见问题
WebChat HTTPS Proxy 是什么?
HTTPS/WSS reverse proxy for OpenClaw WebChat Control UI. Serves the Control UI over HTTPS with TLS cert management, proxies WebSocket connections to the gate... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 430 次。
如何安装 WebChat HTTPS Proxy?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install webchat-https-proxy」即可一键安装,无需额外配置。
WebChat HTTPS Proxy 是免费的吗?
是的,WebChat HTTPS Proxy 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
WebChat HTTPS Proxy 支持哪些平台?
WebChat HTTPS Proxy 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 WebChat HTTPS Proxy?
由 neldar(@neldar)开发并维护,当前版本 v0.1.1。
推荐 Skills