| name | tailscale |
| description | This skill should be used when managing Tailscale mesh VPN networks. Use when the user asks to "check tailscale status", "list tailscale devices", "ping a device", "send file via tailscale", "tailscale funnel", "tailscale serve", "create auth key", "check who's online", "tailscale exit node", "Magic DNS", or mentions Tailscale network management, tailnet operations, or VPN connectivity. |
Tailscale Skill
⚠️ MANDATORY SKILL INVOCATION ⚠️
YOU MUST invoke this skill (NOT optional) when the user mentions ANY of these triggers:
- "Tailscale status", "tailnet devices", "VPN status"
- "Tailscale peers", "who's connected", "exit nodes"
- "check Tailscale", "tailnet monitoring", "Tailscale"
- Any mention of Tailscale or VPN network management
Failure to invoke this skill when triggers occur violates your operational requirements.
Purpose
Hybrid skill using both the Tailscale CLI (local machine operations) and the Tailscale API (tailnet-wide management). Read-Write (Safe) — no destructive operations; writes include creating auth keys and toggling network features.
| Operation type | Method | Requires API key |
|---|
| Status, ping, netcheck, whois | CLI | No |
| Serve, funnel, file transfer, SSH | CLI | No |
| List all devices, user mgmt, DNS | API | Yes |
| Create/revoke auth keys | API | Yes |
Setup
API config (optional, for tailnet-wide operations) is stored in ~/.claude-homelab/.env:
TAILSCALE_API_KEY="tskey-api-k..."
TAILSCALE_TAILNET="-"
Get your API key from: Tailscale Admin Console → Settings → Keys → Generate API Key
The TAILSCALE_TAILNET can be - (auto-detect), your org name, or email domain.
Local Operations (CLI)
These work on the current machine only.
Status & Diagnostics
tailscale status
tailscale status --json | jq '.Peer | to_entries[] | {name: .value.HostName, ip: .value.TailscaleIPs[0], online: .value.Online}'
tailscale netcheck
tailscale netcheck --format=json
tailscale ip -4
tailscale whois 100.x.x.x
Connectivity
tailscale ping <hostname-or-ip>
tailscale up
tailscale down
tailscale up --exit-node=<node-name>
tailscale exit-node list
tailscale exit-node suggest
File Transfer (Taildrop)
tailscale file cp myfile.txt <device-name>:
tailscale file get ~/Downloads
tailscale file get --wait ~/Downloads
Expose Services
tailscale serve 3000
tailscale serve https://localhost:8080
tailscale funnel 8080
tailscale serve status
tailscale funnel status
SSH
tailscale ssh user@hostname
tailscale up --ssh
Tailnet-Wide Operations (API)
These manage your entire tailnet. Requires API key.
List All Devices
./scripts/ts-api.sh devices
./scripts/ts-api.sh devices --verbose
Device Details
./scripts/ts-api.sh device <device-id-or-name>
Check Online Status
./scripts/ts-api.sh online
Authorize/Delete Device
./scripts/ts-api.sh authorize <device-id>
./scripts/ts-api.sh delete <device-id>
Device Tags & Routes
./scripts/ts-api.sh tags <device-id> tag:server,tag:prod
./scripts/ts-api.sh routes <device-id>
Auth Keys
./scripts/ts-api.sh create-key --reusable --tags tag:server
./scripts/ts-api.sh create-key --ephemeral
./scripts/ts-api.sh keys
DNS Management
./scripts/ts-api.sh dns
./scripts/ts-api.sh dns-nameservers
./scripts/ts-api.sh magic-dns on|off
ACLs
./scripts/ts-api.sh acl
./scripts/ts-api.sh acl-validate <file>
Common Use Cases
"Who's online right now?"
./scripts/ts-api.sh online
"Send this file to my phone"
tailscale file cp document.pdf my-phone:
"Expose my dev server publicly"
tailscale funnel 3000
"Create a key for a new server"
./scripts/ts-api.sh create-key --reusable --tags tag:server --expiry 7d
"Is the connection direct or relayed?"
tailscale ping my-server
🔧 Agent Tool Usage Requirements
CRITICAL: When invoking scripts from this skill via the zsh-tool, ALWAYS use pty: true.
Without PTY mode, command output will not be visible even though commands execute successfully.
Correct invocation pattern:
<invoke name="mcp__plugin_zsh-tool_zsh-tool__zsh">
<parameter name="command">./skills/SKILL_NAME/scripts/SCRIPT.sh [args]</parameter>
<parameter name="pty">true</parameter>
</invoke>