Safety Report

Private Bridge

Name: Private Bridge
Author: jason-czar

@jason-czar

Secure outbound-only relay for remote OpenClaw control — no exposed ports, no SSH, no Telegram.

165Downloads

0Installs

0Stars

1Versions

Networking & DNS1,102 Notifications & Alerts1,061 Legal & Compliance738

Security Analysis

high confidence

Clean

The skill's code, instructions, and required environment variables are coherent with its stated purpose (an outbound-only WebSocket relay for remote control) and do not request unrelated credentials or system access.

Feb 24, 202610 files

Purpose & Capabilityok

Name/description (PrivateBridge / remote-relay) match the included code: the RelayClient opens an outbound WebSocket to a configured relay, authenticates with a token and node_id, sends heartbeats, and dispatches capability-scoped commands (prompt, status, restart, workflow). Required env vars (RELAY_URL, NODE_ID, AUTH_TOKEN) align with functionality.

Instruction Scopeok

SKILL.md instructs only to configure relay_url/node_id/auth_token and start OpenClaw; the runtime code only uses those values and the provided OpenClaw runtime interface. The instructions do not ask the agent to read other files, environment variables, or system configuration. Note: SKILL.md asserts the relay does not persist prompt content — that is a promise by the remote operator and cannot be verified from the client code.

Install Mechanismok

There is no install script or external download. The package is instruction- and code-based with local TypeScript files; nothing in the manifest pulls third-party binaries or remote archives during install.

Credentialsok

The skill requires exactly three env/config values: relay URL, node id, and auth token. Those are appropriate and proportional to establishing an authenticated outbound relay connection. No unrelated secrets or system credentials are requested.

Persistence & Privilegeok

The skill is not forced-always-installed (always: false) and does not modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but is consistent with the skill's purpose (it needs to receive remote commands while running).

Guidance

This skill appears internally consistent, but it gives a remote operator the ability to send prompts, trigger workflows, and restart your OpenClaw instance over an authenticated outbound channel. Before installing: only configure a relay URL you trust, treat AUTH_TOKEN like a secret and rotate it if compromised, review the relay operator's privacy/persistence guarantees (the client cannot enforce server-side retention), run the skill on a host with appropriate isolation/permissions, and monitor logs/network usage. If you need stronger assurance, review the relay server code or host your own relay.

Latest Release

v1.0.2

- Rebranded and renamed the skill as "private-bridge" for secure outbound-only remote OpenClaw control. - Removes reliance on SSH, Telegram, and Discord by using a TLS-encrypted WebSocket relay channel. - Adds node lifecycle management with defined Online, Reconnecting, and Offline states. - Enforces strict capability-based remote command execution (chat, status, restart, workflow). - Clarifies security posture: outbound-only network activity, limited data transmission, and no external data persistence. - Expanded documentation with configuration steps, protocol details, and explicit trust statement.

Popular Skills

Openclaw Skill Scanner

@jason-allen-oneal · 2 stars

AI Songwriter

@jason-hou-pe · 0 stars

AI Songwriter (Clone)

@jason-hou-pe · 0 stars

Bind Protocol MCP Server Use

@jason-c-child · 0 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Published by @jason-czar on ClawHub