← 返回 Skills 市场
388
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install zerotier-remote-web
功能描述
通过 ZeroTier 自动绑定 OpenClaw Gateway 到虚拟 IP,实现安全便捷的远程 WEB 控制和访问管理功能。
安全使用建议
This skill appears to do what it says: it will back up and modify ~/.openclaw/openclaw.json, bind the gateway to 0.0.0.0, add your ZeroTier IP to allowedOrigins, and intentionally relax authentication (allowInsecureAuth = true, dangerouslyDisableDeviceAuth = true). Those are powerful, security-reducing changes — only enable them if you fully understand the risks and trust all devices on the ZeroTier network. Before running: 1) Manually inspect the scripts (they're included) and confirm you accept the auth changes. 2) Make an independent manual backup of ~/.openclaw/openclaw.json and test recovery. 3) Do not blindly run the suggested `curl | sudo bash` installer — instead use official distribution channels or review the installer script. 4) After enabling, rotate or securely manage tokens printed by the script and restrict ZeroTier network membership to trusted devices. 5) Note there are some coding issues (use of await/import in places that may cause runtime errors); test in a safe environment before using on production systems. If you want, I can highlight the exact lines that change authentication and show a safer recommended config alternative.
功能分析
Type: OpenClaw Skill
Name: zerotier-remote-web
Version: 1.0.1
The skill is classified as suspicious due to several security-weakening configurations in `scripts/enable-remote.mjs` and a risky prerequisite installation method in `SKILL.md`. Specifically, `enable-remote.mjs` configures the OpenClaw gateway to bind to `0.0.0.0` (all network interfaces) and sets `controlUi.allowInsecureAuth: true` and `controlUi.dangerouslyDisableDeviceAuth: true`, which significantly expands the attack surface and weakens the authentication mechanism. While these changes are intended to enable remote access as per the skill's stated purpose, they introduce critical vulnerabilities. Additionally, `SKILL.md` suggests `curl https://install.zerotier.com | sudo bash` for ZeroTier installation, an inherently risky pattern if executed by the agent.
能力评估
Purpose & Capability
The name/description (ZeroTier remote web access) matches the implementation: scripts check ZeroTier, read/modify ~/.openclaw/openclaw.json, back up files, and restart the OpenClaw gateway. No unrelated credentials or cloud APIs are requested.
Instruction Scope
The SKILL.md and scripts perform file reads/writes under the user's home (~/.openclaw/openclaw.json), system commands (systemctl, zerotier-cli, ip, ss, pgrep, pkill, nohup), and modify auth-related fields (allowInsecureAuth, dangerouslyDisableDeviceAuth) and bind to 0.0.0.0. These actions are within the stated scope but have significant security implications (they deliberately relax authentication and expose services). SKILL.md also suggests installing ZeroTier via `curl | sudo bash`, which is a potentially risky installation pattern to follow blindly.
Install Mechanism
This is an instruction-only skill with included scripts; there is no install spec that downloads external archives. The skill does not pull code from third-party URLs at install time. The only external installation guidance in SKILL.md is a recommendation to run ZeroTier's installer via curl, which is common but should be treated cautiously.
Credentials
The skill requests no environment variables or external credentials. It reads and writes the local OpenClaw config and uses local system tools (ZeroTier CLI, systemctl). That access is proportional to the purpose of changing gateway binding and authentication.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It only modifies the OpenClaw configuration in the user's home directory and restarts the gateway process; it does not alter other skills or system-wide agent settings. This is expected for its functionality.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install zerotier-remote-web - 安装完成后,直接呼叫该 Skill 的名称或使用
/zerotier-remote-web触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Updated to bind 0.0.0.0 for better compatibility with SSH and local access
v1.0.0
Initial release
元数据
常见问题
ZeroTier Remote Web Access 是什么?
通过 ZeroTier 自动绑定 OpenClaw Gateway 到虚拟 IP,实现安全便捷的远程 WEB 控制和访问管理功能。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 388 次。
如何安装 ZeroTier Remote Web Access?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install zerotier-remote-web」即可一键安装,无需额外配置。
ZeroTier Remote Web Access 是免费的吗?
是的,ZeroTier Remote Web Access 完全免费(开源免费),可自由下载、安装和使用。
ZeroTier Remote Web Access 支持哪些平台?
ZeroTier Remote Web Access 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ZeroTier Remote Web Access?
由 maoyf0571(@maoyf0571)开发并维护,当前版本 v1.0.1。
推荐 Skills