MichaelVessia/tailscale
modules/programs/agents/shared/skills/tailscale/SKILL.md
Inspect the local tailnet via the Tailscale CLI. Use when the user asks about tailscale, tailnet peers, exit nodes, MagicDNS, who's online over Tailscale, or wants to ping/whois a Tailscale host. Read-only — no mutations to tailnet state.
$ install --global
skillsauthnpx skillsauth add MichaelVessia/nixos-config tailscaleInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 26, 2026, 2:39 AM138.6s1 file scanned
SKILL.md
- name:
- tailscale
- description:
- Inspect the local tailnet via the Tailscale CLI. Use when the user asks about tailscale, tailnet peers, exit nodes, MagicDNS, who's online over Tailscale, or wants to ping/whois a Tailscale host. Read-only — no mutations to tailnet state.
- allowed-tools:
- Bash
Tailscale
Wraps the local Tailscale daemon on framework13. All operations are read-only: list peers, see which exit nodes are advertised, inspect MagicDNS, look up an IP, ping a host. No tailnet state changes.
Environment
No secrets, no env vars. The installed tailscale CLI is a garage wrapper that
uses the system Tailscale binary (/run/current-system/sw/bin/tailscale) and
whichever tailnet the local daemon is logged in to. tailscale status --json
from the system binary returns the full peer list, so we do not need to call the
remote Tailscale API for reads.
CLI
Use the installed tailscale CLI for common operations. It always emits a
single JSON envelope with ok, command, result or error, and
next_actions. scripts/tailscale.sh remains as a compatibility shim for
older workflows.
tailscale status --limit 25 # compact peer summary (hostname/ip/online/exit)
tailscale peers --limit 50 # peers with hostname, IP, OS, online
tailscale exit-nodes --limit 25 # peers advertising as exit nodes
tailscale current-exit-node # which exit node we're routing through
tailscale dns # MagicDNS + DNS config
tailscale ip # this machine's v4 and v6
tailscale whois 100.x.y.z # identify a tailnet IP
tailscale ping host # system tailscale ping --c 3
For raw Tailscale commands not covered by the garage wrapper, call
/run/current-system/sw/bin/tailscale explicitly. See
references/quick-reference.md and references/api-endpoints.md for the status
JSON shape.
Topology notes
- framework13 is this machine. The skill runs here against the local
tailscaled. - tailscale-gateway is a dedicated LXC (LAN 192.168.1.247, tailnet 100.111.175.25) that advertises as exit node + subnet router for the home LAN. The skill sees it like any other peer; we do not SSH into it.
Mutations
Out of scope. up, down, logout, set --exit-node, funnel, serve,
file cp and similar are not exposed here because they either require
interactive auth or change tailnet state. If the user wants one, surface the raw
/run/current-system/sw/bin/tailscale ... command and let them run it manually.
References
references/api-endpoints.md— schema oftailscale status --jsonreferences/quick-reference.md— copy-paste recipesreferences/troubleshooting.md— daemon down, peer offline, exit node not advertising, MagicDNS issues
Related Skills
MichaelVessia/stack
tools
VerifiedTrustedCommunity
User guide for the local squash-safe `stack` CLI for stacked PR/MR repair on GitHub and GitLab. Use when someone asks how to inspect, track, sync, merge, document, or undo stacked pull requests / merge requests in squash-merge repositories. Prefer this tool over GitHub's `gh stack` command for this workflow.
2SKILL.mdUpdated Jun 5, 2026
MichaelVessia/herdr
tools
VerifiedTrustedCommunity
Control herdr from inside it. Manage workspaces and tabs, split panes, spawn agents, read output, and wait for state changes — all via CLI commands that talk to the running herdr instance over a local unix socket. Use when running inside herdr (HERDR_ENV=1).
2SKILL.mdUpdated Jun 4, 2026
MichaelVessia/autocaliweb
development
VerifiedTrustedCommunity
Inspect my self-hosted AutoCaliWeb library. Use when the user asks about AutoCaliWeb, books in Calibre, OPDS status, recent imports, shelves, catalog stats, or wants to search the ebook library.
2SKILL.mdUpdated May 25, 2026
MichaelVessia/add-youtube-channel
data-ai
VerifiedTrustedCommunity
Subscribe a YouTube channel in TubeArchivist, queue its top videos by views from recent uploads, wait for the first file, scan Jellyfin, and rename + lock the channel folder to a friendly display name. Use when the user says "add a youtube channel", "subscribe to <channel>", or wants a curated TubeArchivist + Jellyfin import for a creator.
2SKILL.mdUpdated May 24, 2026