High Risk:This skill has significant security concerns. Review the findings below before installing.

ecto-connection

Caution·Scanned 2/18/2026

Dangerous skill exposes the host to remote code execution by directing users to run ./scripts/connect.sh, which invokes /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" and uses sudo to start services. It stores and shares secrets in ~/.openclaw/ecto-credentials.json and makes external requests to Tailscale and funnel URLs like https://<machine>.tail<xxxxx>.ts.net/v1/chat/completions.

from clawhub.ai·v1.0.0·26.3 KB·0 installs
Scanned from 1.0.1 at 21fdfc8 · Transparency log ↗
$ vett add clawhub.ai/tsheasha/ecto-connectionReview security findings before installing

Ecto Connection Skill

🔌 One-command setup to expose OpenClaw to the internet via Tailscale Funnel.

Quick Start

~/.openclaw/workspace/skills/ecto-connection/scripts/connect.sh

That's it! The script will:

  1. Check/install Homebrew (if needed)
  2. Install Tailscale (if needed)
  3. Start the Tailscale service
  4. Prompt you to log in to Tailscale
  5. Enable Funnel to expose port 18789
  6. Generate a secure auth password
  7. Configure OpenClaw gateway (password auth + funnel mode)
  8. Restart the gateway

Commands

CommandDescription
./scripts/connect.shFull setup (install, login, configure)
./scripts/status.shCheck connection status
./scripts/disconnect.shDisable public access
./scripts/package-for-friend.shCreate shareable package for friends
./scripts/test-connection.shTest API connection (for you or friends)
./scripts/connect.sh --restartJust restart gateway
./scripts/connect.sh --regenerate-tokenGenerate new auth token

After Setup

Your credentials are saved to ~/.openclaw/ecto-credentials.json:

{
  "token": "your-secure-password",
  "url": "https://your-machine.tailxxxxx.ts.net",
  "port": 18789,
  "created": "2026-02-01T12:00:00Z"
}

Share this file with anyone you want to give API access to your OpenClaw instance.

API Usage

Chat Completions:

curl https://your-machine.tailxxxxx.ts.net/v1/chat/completions \
  -H "Authorization: Bearer YOUR_PASSWORD_FROM_CREDENTIALS" \
  -H "Content-Type: application/json" \
  -d '{"messages":[{"role":"user","content":"Hello!"}]}'

Sharing Access with Friends

Easiest way - Create a package:

./scripts/package-for-friend.sh

This creates a folder with:

  • Credentials file
  • Test script
  • Instructions for your friend

Then share the folder (or zip it):

zip -r ecto-connection.zip ecto-connection-package

Manual way:

  1. Run the setup script (if you haven't already)
  2. Share ~/.openclaw/ecto-credentials.json with them
  3. Share scripts/test-connection.sh for easy testing

For your friend (test the connection):

./test-connection.sh ecto-credentials.json

For your friend (manual way):

# Read credentials
URL=$(jq -r '.url' ecto-credentials.json)
TOKEN=$(jq -r '.token' ecto-credentials.json)

# Make a request
curl "$URL/v1/chat/completions" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"messages":[{"role":"user","content":"Hello!"}]}'

To regenerate access credentials:

./scripts/connect.sh --regenerate-token

Requirements

  • macOS with Homebrew
  • Tailscale account (free at https://tailscale.com)
  • sudo access
  • OpenClaw installed (npm install -g openclaw)

Troubleshooting

"Funnel not enabled on your tailnet"

  • Visit the link shown to enable Funnel for your machine

SSL errors when curling

  • Wait a few seconds for TLS cert provisioning
  • Check: tailscale funnel status

Gateway not responding

  • Check logs: cat /tmp/openclaw-gateway.log
  • Restart: ./scripts/connect.sh --restart

License

MIT - Part of OpenClaw