# tailscale > Manage Tailscale tailnet via CLI and API. Use when the user asks to "check tailscale status", "list tailscale devices", "ping a device", "send file via tailscale", "tailscale funnel", "create auth key", "check who's online", or mentions Tailscale network management. - Author: 0xturboblitz - Repository: sundial-org/awesome-openclaw-skills - Version: 20260201003509 - Stars: 38 - Forks: 0 - Last Updated: 2026-02-06 - Source: https://github.com/sundial-org/awesome-openclaw-skills - Web: https://mule.run/skillshub/@@sundial-org/awesome-openclaw-skills~tailscale:20260201003509 --- --- name: tailscale version: 1.0.0 description: Manage Tailscale tailnet via CLI and API. Use when the user asks to "check tailscale status", "list tailscale devices", "ping a device", "send file via tailscale", "tailscale funnel", "create auth key", "check who's online", or mentions Tailscale network management. --- # Tailscale Skill Hybrid skill using CLI for local operations and API for tailnet-wide management. ## Setup API config (optional, for tailnet-wide operations): `~/.clawdbot/credentials/tailscale/config.json` ```json { "apiKey": "tskey-api-k...", "tailnet": "-" } ``` Get your API key from: Tailscale Admin Console → Settings → Keys → Generate API Key The `tailnet` can be `-` (auto-detect), your org name, or email domain. --- ## Local Operations (CLI) These work on the current machine only. ### Status & Diagnostics ```bash # Current status (peers, connection state) tailscale status tailscale status --json | jq '.Peer | to_entries[] | {name: .value.HostName, ip: .value.TailscaleIPs[0], online: .value.Online}' # Network diagnostics (NAT type, DERP, UDP) tailscale netcheck tailscale netcheck --format=json # Get this machine's Tailscale IP tailscale ip -4 # Identify a Tailscale IP tailscale whois 100.x.x.x ``` ### Connectivity ```bash # Ping a peer (shows direct vs relay) tailscale ping # Connect/disconnect tailscale up tailscale down # Use an exit node tailscale up --exit-node= tailscale exit-node list tailscale exit-node suggest ``` ### File Transfer (Taildrop) ```bash # Send files to a device tailscale file cp myfile.txt : # Receive files (moves from inbox to directory) tailscale file get ~/Downloads tailscale file get --wait ~/Downloads # blocks until file arrives ``` ### Expose Services ```bash # Share locally within tailnet (private) tailscale serve 3000 tailscale serve https://localhost:8080 # Share publicly to internet tailscale funnel 8080 # Check what's being served tailscale serve status tailscale funnel status ``` ### SSH ```bash # SSH via Tailscale (uses MagicDNS) tailscale ssh user@hostname # Enable SSH server on this machine tailscale up --ssh ``` --- ## Tailnet-Wide Operations (API) These manage your entire tailnet. Requires API key. ### List All Devices ```bash ./scripts/ts-api.sh devices # With details ./scripts/ts-api.sh devices --verbose ``` ### Device Details ```bash ./scripts/ts-api.sh device ``` ### Check Online Status ```bash # Quick online check for all devices ./scripts/ts-api.sh online ``` ### Authorize/Delete Device ```bash ./scripts/ts-api.sh authorize ./scripts/ts-api.sh delete ``` ### Device Tags & Routes ```bash ./scripts/ts-api.sh tags tag:server,tag:prod ./scripts/ts-api.sh routes ``` ### Auth Keys ```bash # Create a reusable auth key ./scripts/ts-api.sh create-key --reusable --tags tag:server # Create ephemeral key (device auto-removes when offline) ./scripts/ts-api.sh create-key --ephemeral # List keys ./scripts/ts-api.sh keys ``` ### DNS Management ```bash ./scripts/ts-api.sh dns # Show DNS config ./scripts/ts-api.sh dns-nameservers # List nameservers ./scripts/ts-api.sh magic-dns on|off # Toggle MagicDNS ``` ### ACLs ```bash ./scripts/ts-api.sh acl # Get current ACL ./scripts/ts-api.sh acl-validate # Validate ACL file ``` --- ## Common Use Cases **"Who's online right now?"** ```bash ./scripts/ts-api.sh online ``` **"Send this file to my phone"** ```bash tailscale file cp document.pdf my-phone: ``` **"Expose my dev server publicly"** ```bash tailscale funnel 3000 ``` **"Create a key for a new server"** ```bash ./scripts/ts-api.sh create-key --reusable --tags tag:server --expiry 7d ``` **"Is the connection direct or relayed?"** ```bash tailscale ping my-server ```