node-connect
node-connect diagnoses why OpenClaw companion apps fail to pair or connect to nodes, particularly when QR codes, setup codes, or manual connection attempts fail despite local Wi-Fi connectivity. Use this skill when errors reference pairing failures, authorization issues, invalid bootstrap tokens, or configuration paths like gateway.bind, gateway.remote.url, or Tailscale settings, and it systematically maps the network topology and validates whether the gateway is correctly advertising its reachable route.
git clone --depth 1 https://github.com/the-open-agent/openagent /tmp/node-connect && cp -r /tmp/node-connect/skills/node-connect ~/.claude/skills/node-connectSKILL.md
# Node Connect Goal: find the one real route from node -> gateway, verify OpenClaw is advertising that route, then fix pairing/auth. ## Topology first Decide which case you are in before proposing fixes: - same machine / emulator / USB tunnel - same LAN / local Wi-Fi - same Tailscale tailnet - public URL / reverse proxy Do not mix them. - Local Wi-Fi problem: do not switch to Tailscale unless remote access is actually needed. - VPS / remote gateway problem: do not keep debugging `localhost` or LAN IPs. ## If ambiguous, ask first If the setup is unclear or the failure report is vague, ask short clarifying questions before diagnosing. Ask for: - which route they intend: same machine, same LAN, Tailscale tailnet, or public URL - whether they used QR/setup code or manual host/port - the exact app text/status/error, quoted exactly if possible - whether `openclaw devices list` shows a pending pairing request Do not guess from `can't connect`. ## Canonical checks Prefer `openclaw qr --json`. It uses the same setup-code payload Android scans. ```bash openclaw config get gateway.mode openclaw config get gateway.bind openclaw config get gateway.tailscale.mode openclaw config get gateway.remote.url openclaw config get gateway.auth.mode openclaw config get gateway.auth.allowTailscale openclaw config get plugins.entries.device-pair.config.publicUrl openclaw qr --json openclaw devices list openclaw nodes status ``` If this OpenClaw instance is pointed at a remote gateway, also run: ```bash openclaw qr --remote --json ``` If Tailscale is part of the story: ```bash tailscale status --json ``` ## Read the result, not guesses `openclaw qr --json` success means: - `gatewayUrl`: this is the actual endpoint the app should use. - `urlSource`: this tells you which config path won. Common good sources: - `gateway.bind=lan`: same Wi-Fi / LAN only - `gateway.bind=tailnet`: direct tailnet access - `gateway.tailscale.mode=serve` or `gateway.tailscale.mode=funnel`: Tailscale route - `plugins.entries.device-pair.config.publicUrl`: explicit public/reverse-proxy route - `gateway.remote.url`: remote gateway route ## Root-cause map If `openclaw qr --json` says `Gateway is only bound to loopback`: - remote node cannot connect yet - fix the route, then generate a fresh setup code - `gateway.bind=auto` is not enough if the effective QR route is still loopback - same LAN: use `gateway.bind=lan` - same tailnet: prefer `gateway.tailscale.mode=serve` or use `gateway.bind=tailnet` - public internet: set a real `plugins.entries.device-pair.config.publicUrl` or `gateway.remote.url` If `gateway.bind=tailnet set, but no tailnet IP was found`: - gateway host is not actually on Tailscale If `qr --remote requires gateway.remote.url`: - remote-mode config is incomplete If the app says `pairing required`: - network route and auth worked - approve the pending device ```bash openclaw devices list openclaw devices approve --latest ``` If the app says `bootstrap token invalid or expired`: - old setup code - generate a fresh one and rescan - do this after any URL/auth fix too If the app says `unauthorized`: - wrong token/password, or wrong Tailscale expectation - for Tailscale Serve, `gateway.auth.allowTailscale` must match the intended flow - otherwise use explicit token/password ## Fast heuristics - Same Wi-Fi setup + gateway advertises `127.0.0.1`, `localhost`, or loopback-only config: wrong. - Remote setup + setup/manual uses private LAN IP: wrong. - Tailnet setup + gateway advertises LAN IP instead of MagicDNS / tailnet route: wrong. - Public URL set but QR still advertises something else: inspect `urlSource`; config is not what you think. - `openclaw devices list` shows pending requests: stop changing network config and approve first. ## Fix style Reply with one concrete diagnosis and one route. If there is not enough signal yet, ask for setup + exact app text instead of guessing. Good: - `The gateway is still loopback-only, so a node on another network can never reach it. Enable Tailscale Serve, restart the gateway, run openclaw qr again, rescan, then approve the pending device pairing.` Bad: - `Maybe LAN, maybe Tailscale, maybe port forwarding, maybe public URL.`
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Manage Apple Notes via the `memo` CLI on macOS (create, view, edit, delete, search, move, and export notes). Use when a user asks OpenClaw to add a note, list notes, search notes, or manage note folders.
Manage Apple Reminders via remindctl CLI (list, add, edit, complete, delete). Supports lists, date filters, and JSON/plain output.
Create, search, and manage Bear notes via grizzly CLI.
Monitor blogs and RSS/Atom feeds for updates using the blogwatcher CLI.
BluOS CLI (blu) for discovery, playback, grouping, and volume.
Use when you need to send or manage iMessages via BlueBubbles (recommended iMessage integration). Calls go through the generic message tool with channel="bluebubbles".
Capture frames or clips from RTSP/ONVIF cameras.