Manage Tailscale tailnet via CLI and API. Use when the user asks to "check tailscale status", "list tailscale devices", "ping a device", "send file via tailscale", "tailscale funnel", "create auth key", "check who's online", or mentions Tailscale network management.
Security Analysis
medium confidenceThe skill appears to implement the advertised Tailscale CLI/API functionality, but its metadata omits required credential and config declarations (it reads a Tailscale API key and a credentials file), which is an internal inconsistency you should resolve before trusting it.
Name/description (manage a Tailscale tailnet) align with the provided scripts and SKILL.md: local CLI commands and API operations (devices, keys, DNS, ACLs) are coherent with the stated purpose.
SKILL.md instructs the agent to run local tailscale CLI commands and the included ts-api.sh script for tailnet-wide tasks. That scope is appropriate, but the instructions reference a specific credential file (~/.clawdbot/credentials/tailscale/config.json) and environment variables (TS_API_KEY, TS_TAILNET) which are not declared in the registry metadata — an inconsistency that should be fixed. The skill does not instruct exfiltration to unknown endpoints; API calls target api.tailscale.com.
This is an instruction-only skill with one helper script; there is no install spec or remote download. No high-risk install behavior observed.
The runtime script expects a Tailscale API key (TS_API_KEY) and optionally TS_TAILNET or a config file, but the registry metadata lists no required env vars or primary credential. Requesting an API key is proportionate to the skill's purpose, however the metadata omission is misleading and could lead to surprise when the agent attempts to read/store credentials.
always is false and the skill does not request permanent agent-wide presence or modify other skills. It runs normal network and CLI operations appropriate to its role.
Guidance
This skill appears to do what it claims (control Tailscale locally and via the API), but the package metadata does not declare that it needs your Tailscale API key or a credentials file. Before installing or enabling the skill: - Verify the skill source/author (homepage unknown) and inspect the included scripts yourself (ts-api.sh is present and readable). - Only provide a Tailscale API key with the minimum required privileges; prefer creating an ephemeral or limited-scope key in the Tailscale Admin Console. - Store the key in the expected config file (~/.clawdbot/credentials/tailscale/config.json) or via TS_API_KEY, and avoid putting broader credentials in that location. - Ask the publisher to update registry metadata to declare TS_API_KEY (primary credential) and the config path so the requirements are explicit. If you cannot verify the publisher or are uncomfortable providing an API key, do not enable the tailnet-wide features; you can still use local CLI operations if the tailscale binary is present on the machine.
Latest Release
v1.0.0
- Initial release of the Tailscale skill. - Enables management of your Tailscale tailnet via CLI (local) and API (tailnet-wide) commands. - Provides examples for checking status, listing devices, file transfer, device tagging, exposing services, SSH, funneling ports, and managing auth keys. - Supports both everyday user queries (e.g., “who’s online?”, “send file”) and advanced network management tasks. - Offers setup instructions for both CLI use and API authentication.
More by @jmagar
Published by @jmagar on ClawHub
