Source Code
Ecto Connection Skill
One-command setup to expose OpenClaw to the internet via Tailscale Funnel with secure authentication.
What It Does
- Installs Tailscale (if not present)
- Authenticates with your Tailscale account
- Starts Tailscale service with proper permissions
- Enables Funnel to expose port 18789 publicly
- Configures OpenClaw with secure auth token and enables both API endpoints
- Restarts gateway with new settings
Usage
When user says "connect with ecto" or similar:
~/.openclaw/workspace/skills/ecto-connection/scripts/connect.sh
Commands
Connect (full setup):
./scripts/connect.sh
Check status:
./scripts/status.sh
Disconnect (disable funnel):
./scripts/disconnect.sh
Output
On success, the script outputs:
- Public URL:
https://<machine>.tail<xxxxx>.ts.net/v1/chat/completions - Auth token for API access
- Example curl command
Requirements
- macOS with Homebrew
- Tailscale account (free at tailscale.com)
- sudo access (for Tailscale service)
Security
- Generates cryptographically random 32-byte auth token
- Requires Bearer token for all API requests
- Funnel uses Tailscale's automatic TLS certificates
- Gateway binds to loopback (only accessible via Funnel)
After Setup
Use the OpenAI-compatible API:
curl https://<your-url>/v1/chat/completions \
-H "Authorization: Bearer <your-token>" \
-H "Content-Type: application/json" \
-d '{"messages":[{"role":"user","content":"Hello!"}]}'
Troubleshooting
Funnel not working?
- Ensure Funnel is enabled on your tailnet: https://login.tailscale.com/admin/machines
- Check:
tailscale funnel status
Auth errors?
- Token is in:
~/.openclaw/ecto-credentials.json - Regenerate with:
./scripts/connect.sh --regenerate-token
Gateway not responding?
- Check logs:
cat /tmp/openclaw-gateway.log - Restart:
./scripts/connect.sh --restart