macOS Bridge
Use this skill when a Linux OpenClaw gateway should expose Mac-owned tools as stable Linux-side commands.
This skill is for tools that are inherently macOS-backed:
- - �INLINECODE0
- INLINECODE1
- INLINECODE2
- INLINECODE3
- INLINECODE4
It does not try to make Linux pretend those binaries are native. It installs explicit Linux-side wrappers that call the owning Mac over SSH.
If the matching feature is disabled in openclaw.json, do not force the bridge.
If the feature is enabled and Linux already has a working local binary, that is also acceptable. Use this skill when the enabled feature needs the Mac-owned implementation.
Use This Skill For
- - same-LAN Linux gateway to Mac node setups
- Mac-owned tools with macOS permissions or data access
- wrapper-backed public skills that should stay truthful on Linux
- enabled-channel auto-selection from �INLINECODE6
- INLINECODE7� auto-discovery from an existing OpenClaw config
- optional Wake-on-LAN recovery when a Mac sleeps
Do Not Use This Skill For
- - Homebrew-centric Linux augmentation where the main goal is exposing
/opt/homebrew/bin tools in general - Linux-native tools that should be installed locally
- patching OpenClaw internals so macOS-only tools show as green on Linux
- WAN-routed or untrusted remote Macs
Requirements
- - Linux gateway and Mac nodes share the same trusted local network or VLAN
- Linux gateway can SSH to the owning Mac node
- remote binaries exist and already have the needed macOS permissions
- Macs stay awake for work windows or support Wake-on-LAN if you expect remote resume
Workflow
1. Render A Tool Ownership Map
Run:
CODEBLOCK0
If the OpenClaw config already contains enabled macOS-backed channels, this prints an auto-discovered map for enabled tools first.
2. Install The macOS Pack
Example:
CODEBLOCK1
When no --tool or --map arguments are provided, the installer now auto-selects only the supported tools whose channels are enabled in the OpenClaw config.
The installer resolves hosts in this order:
- - explicit �INLINECODE11
- matching
remoteHost in the OpenClaw config - INLINECODE13
- the single discovered Mac host if only one unique
remoteHost exists - no repeated host questions when the OpenClaw config already resolves the owner
3. Verify The Pack
Run:
CODEBLOCK2
When --openclaw-config is provided, verification only checks enabled macOS-backed features instead of treating every supported tool as required.
Design Contract
- - Linux holds the wrapper paths
- macOS holds the real binaries and OS permissions
- published skills depend on wrapper paths, not remote binary paths
- tool ownership stays explicit and auditable
Files
- -
scripts/install-wrapper.sh: create one SSH wrapper for a remote binary - INLINECODE17�: install a batch of macOS-owned tool wrappers with auto-discovery and optional Wake-on-LAN
- INLINECODE18�: verify the installed wrapper pack
- INLINECODE19�: print auto-discovered or fallback ownership maps
- INLINECODE20�: publishability rules for wrapper-backed skills
macOS Bridge
当 Linux OpenClaw 网关需要将 Mac 拥有的工具作为稳定的 Linux 端命令暴露时,使用此技能。
此技能适用于本质上由 macOS 支持的工具:
- - imsg
- remindctl
- memo
- things
- peekaboo
它不会试图让 Linux 假装这些二进制文件是原生的。它会安装明确的 Linux 端包装器,通过 SSH 调用拥有该工具的 Mac。
如果在 openclaw.json 中禁用了匹配的功能,则不要强制建立桥接。
如果该功能已启用,且 Linux 已有可用的本地二进制文件,那也是可以接受的。当已启用的功能需要 Mac 拥有的实现时,使用此技能。
适用场景
- - 同一局域网内 Linux 网关到 Mac 节点的设置
- 需要 macOS 权限或数据访问的 Mac 拥有工具
- 基于包装器的公共技能,在 Linux 上应保持真实性
- 从 channels.*.enabled 启用的通道自动选择
- 从现有 OpenClaw 配置自动发现 remoteHost
- 当 Mac 休眠时,可选的网络唤醒恢复
不适用场景
- - 以 Homebrew 为中心的 Linux 增强,主要目标是通用地暴露 /opt/homebrew/bin 工具
- 应本地安装的 Linux 原生工具
- 修补 OpenClaw 内部机制,使仅限 macOS 的工具在 Linux 上显示为绿色
- 通过广域网路由或不可信的远程 Mac
要求
- - Linux 网关和 Mac 节点共享相同的可信本地网络或 VLAN
- Linux 网关可以通过 SSH 连接到拥有工具的 Mac 节点
- 远程二进制文件已存在,并已拥有所需的 macOS 权限
- Mac 在工作时段保持唤醒状态,或者如果您期望远程恢复,则支持网络唤醒
工作流程
1. 生成工具所有权映射
运行:
bash
scripts/render-tool-map.sh /home/node/.openclaw/openclaw.json
如果 OpenClaw 配置已包含已启用的 macOS 支持通道,这将首先打印已启用工具的自动发现映射。
2. 安装 macOS 包
示例:
bash
scripts/install-macos-pack.sh \
--target-dir /home/node/.openclaw/bin \
--openclaw-config /home/node/.openclaw/openclaw.json \
--default-host agent2@192.168.88.12 \
--wake-map mac-node.local=AA:BB:CC:DD:EE:FF \
--wake-wait 20 \
--wake-retries 2
当未提供 --tool 或 --map 参数时,安装程序现在会自动仅选择其通道在 OpenClaw 配置中已启用的受支持工具。
安装程序按以下顺序解析主机:
- - 显式的 --map tool=user@host
- OpenClaw 配置中匹配的 remoteHost
- --default-host user@host
- 如果只有一个唯一的 remoteHost,则使用发现的单个 Mac 主机
- 当 OpenClaw 配置已解析所有者时,不会重复询问主机
3. 验证包
运行:
bash
scripts/verify-macos-pack.sh \
--target-dir /home/node/.openclaw/bin \
--openclaw-config /home/node/.openclaw/openclaw.json
当提供 --openclaw-config 时,验证仅检查已启用的 macOS 支持功能,而不是将每个受支持的工具都视为必需。
设计契约
- - Linux 持有包装器路径
- macOS 持有真实的二进制文件和操作系统权限
- 已发布的技能依赖于包装器路径,而非远程二进制文件路径
- 工具所有权保持明确且可审计
文件
- - scripts/install-wrapper.sh:为远程二进制文件创建一个 SSH 包装器
- scripts/install-macos-pack.sh:批量安装 Mac 拥有的工具包装器,支持自动发现和可选的网络唤醒
- scripts/verify-macos-pack.sh:验证已安装的包装器包
- scripts/render-tool-map.sh:打印自动发现或回退的所有权映射
- references/skill-readiness.md:基于包装器的技能的发布性规则
