skills$openclaw/ecto-connection

4.7k★

ecto-connection – OpenClaw Skill

Name: ecto-connection
Author: tsheasha

ecto-connection is an OpenClaw Skills integration for security workflows. Connect OpenClaw to the internet via Tailscale Funnel. Use when user says "connect with ecto", "setup ecto connection", "expose openclaw publicly", or "enable external access".

4.7k stars7.5k forksSecurity L1

Updated Feb 7, 2026Created Feb 7, 2026security

Skill Snapshot

name	ecto-connection
description	Connect OpenClaw to the internet via Tailscale Funnel. Use when user says "connect with ecto", "setup ecto connection", "expose openclaw publicly", or "enable external access". OpenClaw Skills integration.
owner	tsheasha
repository	tsheasha/reverse-proxy-local
language	Markdown
license	MIT
topics
security	L1
install	openclaw add @tsheasha/reverse-proxy-local
last updated	Feb 7, 2026

Maintainer

tsheasha

Maintains ecto-connection in the OpenClaw Skills directory.

View GitHub profile

File Explorer

9 files

scripts

connect.sh

10.5 KB

disconnect.sh

1.3 KB

package-for-friend.sh

3.6 KB

status.sh

3.5 KB

test-connection.sh

2.0 KB

_meta.json

313 B

README.md

3.1 KB

SKILL.md

2.3 KB

SKILL.md

name: ecto-connection version: 1.0.0 description: Connect OpenClaw to the internet via Tailscale Funnel. Use when user says "connect with ecto", "setup ecto connection", "expose openclaw publicly", or "enable external access". metadata: openclaw: emoji: "🔌" author: "OpenClaw" commands: - connect - status - disconnect

Ecto Connection Skill

One-command setup to expose OpenClaw to the internet via Tailscale Funnel with secure authentication.

What It Does

Installs Tailscale (if not present)
Authenticates with your Tailscale account
Starts Tailscale service with proper permissions
Enables Funnel to expose port 18789 publicly
Configures OpenClaw with secure auth token and enables both API endpoints
Restarts gateway with new settings

Usage

When user says "connect with ecto" or similar:

~/.openclaw/workspace/skills/ecto-connection/scripts/connect.sh

Commands

Connect (full setup):

./scripts/connect.sh

Check status:

./scripts/status.sh

Disconnect (disable funnel):

./scripts/disconnect.sh

Output

On success, the script outputs:

Public URL: https://<machine>.tail<xxxxx>.ts.net/v1/chat/completions
Auth token for API access
Example curl command

Requirements

macOS with Homebrew
Tailscale account (free at tailscale.com)
sudo access (for Tailscale service)

Security

Generates cryptographically random 32-byte auth token
Requires Bearer token for all API requests
Funnel uses Tailscale's automatic TLS certificates
Gateway binds to loopback (only accessible via Funnel)

After Setup

Use the OpenAI-compatible API:

curl https://<your-url>/v1/chat/completions \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d '{"messages":[{"role":"user","content":"Hello!"}]}'

Troubleshooting

Funnel not working?

Ensure Funnel is enabled on your tailnet: https://login.tailscale.com/admin/machines
Check: tailscale funnel status

Auth errors?

Token is in: ~/.openclaw/ecto-credentials.json
Regenerate with: ./scripts/connect.sh --regenerate-token

Gateway not responding?

Check logs: cat /tmp/openclaw-gateway.log
Restart: ./scripts/connect.sh --restart

README.md

Ecto Connection Skill

🔌 One-command setup to expose OpenClaw to the internet via Tailscale Funnel.

Quick Start

~/.openclaw/workspace/skills/ecto-connection/scripts/connect.sh

That's it! The script will:

Check/install Homebrew (if needed)
Install Tailscale (if needed)
Start the Tailscale service
Prompt you to log in to Tailscale
Enable Funnel to expose port 18789
Generate a secure auth password
Configure OpenClaw gateway (password auth + funnel mode)
Restart the gateway

Commands

Command	Description
`./scripts/connect.sh`	Full setup (install, login, configure)
`./scripts/status.sh`	Check connection status
`./scripts/disconnect.sh`	Disable public access
`./scripts/package-for-friend.sh`	Create shareable package for friends
`./scripts/test-connection.sh`	Test API connection (for you or friends)
`./scripts/connect.sh --restart`	Just restart gateway
`./scripts/connect.sh --regenerate-token`	Generate new auth token

After Setup

Your credentials are saved to ~/.openclaw/ecto-credentials.json:

{
  "token": "your-secure-password",
  "url": "https://your-machine.tailxxxxx.ts.net",
  "port": 18789,
  "created": "2026-02-01T12:00:00Z"
}

Share this file with anyone you want to give API access to your OpenClaw instance.

API Usage

Chat Completions:

curl https://your-machine.tailxxxxx.ts.net/v1/chat/completions \
  -H "Authorization: Bearer YOUR_PASSWORD_FROM_CREDENTIALS" \
  -H "Content-Type: application/json" \
  -d '{"messages":[{"role":"user","content":"Hello!"}]}'

Sharing Access with Friends

Easiest way - Create a package:

./scripts/package-for-friend.sh

This creates a folder with:

Credentials file
Test script
Instructions for your friend

Then share the folder (or zip it):

zip -r ecto-connection.zip ecto-connection-package

Manual way:

Run the setup script (if you haven't already)
Share ~/.openclaw/ecto-credentials.json with them
Share scripts/test-connection.sh for easy testing

For your friend (test the connection):

./test-connection.sh ecto-credentials.json

For your friend (manual way):

# Read credentials
URL=$(jq -r '.url' ecto-credentials.json)
TOKEN=$(jq -r '.token' ecto-credentials.json)

# Make a request
curl "$URL/v1/chat/completions" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"messages":[{"role":"user","content":"Hello!"}]}'

To regenerate access credentials:

./scripts/connect.sh --regenerate-token

Requirements

macOS with Homebrew
Tailscale account (free at https://tailscale.com)
sudo access
OpenClaw installed (npm install -g openclaw)

Troubleshooting

"Funnel not enabled on your tailnet"

Visit the link shown to enable Funnel for your machine

SSL errors when curling

Wait a few seconds for TLS cert provisioning
Check: tailscale funnel status

Gateway not responding

Check logs: cat /tmp/openclaw-gateway.log
Restart: ./scripts/connect.sh --restart

License

MIT - Part of OpenClaw

Permissions & Security

Security level L1: Low-risk skills with minimal permissions. Review inputs and outputs before running in production.

- Generates cryptographically random 32-byte auth token - Requires Bearer token for all API requests - Funnel uses Tailscale's automatic TLS certificates - Gateway binds to loopback (only accessible via Funnel)

Requirements

- macOS with Homebrew - Tailscale account (free at tailscale.com) - sudo access (for Tailscale service)

FAQ

How do I install ecto-connection?

Run openclaw add @tsheasha/reverse-proxy-local in your terminal. This installs ecto-connection into your OpenClaw Skills catalog.

Does this skill run locally or in the cloud?

OpenClaw Skills execute locally by default. Review the SKILL.md and permissions before running any skill.

Where can I verify the source code?

The source repository is available at https://github.com/openclaw/skills/tree/main/skills/tsheasha/reverse-proxy-local. Review commits and README documentation before installing.