docs: document PALAIA_UI_UNSAFE_BIND for remote access

[iret77]

Summary

• Document PALAIA_UI_UNSAFE_BIND env var in all 4 SKILL.md copies and palaia ui --help
• The env var existed since v2.7 but was only discoverable by reading source code
• Agents (and users) reading the docs saw "Localhost only" with no escape hatch documented

Context

User's agent on a headless OpenClaw instance suggested adding a --host CLI flag — the correct mechanism already existed but was undocumented.

Test plan

• palaia ui --help shows epilog with PALAIA_UI_UNSAFE_BIND hint
• All 4 SKILL.md files contain the remote access section

🤖 Generated with Claude Code

[iret77]

🤖 Codex Review

OpenAI Codex v0.117.0 (research preview)

workdir: /home/dev/projects/palaia-plugin
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: none
reasoning summaries: none
session id: 019d6caa-2a12-7dd1-9ae5-ccfc92d38d79

user
changes against 'origin/main'
2026-04-08T10:36:28.513159Z ERROR codex_core::tools::router: error=exec_command failed for /bin/bash -lc 'git diff 198cc50fcb226021c886619aaefc995357207b46': CreateProcess { message: "Codex(Sandbox(Denied { output: ExecToolCallOutput { exit_code: 1, stdout: StreamOutput { text: "", truncated_after_lines: None }, stderr: StreamOutput { text: "bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted\n", truncated_after_lines: None }, aggregated_output: StreamOutput { text: "bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted\n", truncated_after_lines: None }, duration: 0ns, timed_out: false }, network_policy_decision: None }))" }
2026-04-08T10:36:31.589987Z ERROR codex_core::tools::router: error=exec_command failed for /bin/bash -c 'git diff 198cc50fcb226021c886619aaefc995357207b46': CreateProcess { message: "Codex(Sandbox(Denied { output: ExecToolCallOutput { exit_code: 1, stdout: StreamOutput { text: "", truncated_after_lines: None }, stderr: StreamOutput { text: "bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted\n", truncated_after_lines: None }, aggregated_output: StreamOutput { text: "bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted\n", truncated_after_lines: None }, duration: 0ns, timed_out: false }, network_policy_decision: None }))" }
mcp: codex/list_mcp_resources started
mcp: codex/list_mcp_resources (completed)
mcp: codex_apps/github_list_repositories started
mcp: codex_apps/github_list_repositories (completed)
mcp: codex_apps/github_search_repositories started
mcp: codex_apps/github_search_repositories (failed)
mcp: codex_apps/github_search_repositories started
mcp: codex_apps/github_search_repositories (failed)
mcp: codex_apps/github_search_repositories started
mcp: codex_apps/github_search_repositories (completed)
mcp: codex_apps/github_search_installed_repositories_v2 started
mcp: codex_apps/github_search_installed_repositories_v2 (completed)
mcp: codex_apps/github_search_commits started
mcp: codex_apps/github_search_commits (completed)
mcp: codex_apps/github_get_users_recent_prs_in_repo started
mcp: codex_apps/github_get_users_recent_prs_in_repo (completed)
mcp: codex_apps/github_fetch_pr_patch started
mcp: codex_apps/github_fetch_pr_patch (completed)
mcp: codex_apps/github_fetch_file started
mcp: codex_apps/github_fetch_file (completed)
mcp: codex_apps/github_search started
mcp: codex_apps/github_search (completed)
mcp: codex_apps/github_search started
mcp: codex_apps/github_search (completed)
mcp: codex_apps/github_search started
mcp: codex_apps/github_search (completed)
mcp: codex_apps/github_search started
mcp: codex_apps/github_search (completed)
mcp: codex_apps/github_search_commits started
mcp: codex_apps/github_search_commits (completed)
codex
The patch reintroduces a previously fixed security footgun by advertising the unauthenticated all-interfaces bind path in standard help output. That regression is significant enough that the patch should not be considered correct as-is.

Review comment:

• [P1] Keep the unsafe bind escape hatch out of palaia ui --help — /home/dev/projects/palaia-plugin/palaia/cli_args.py:292-296
  Publishing PALAIA_UI_UNSAFE_BIND=0.0.0.0 in the normal ui --help path undoes the protection added in commit 48a64e5, where the whole point of moving remote binding behind an env var was to keep unauthenticated network exposure out of copy-pasted commands and tutorials. In environments where users or agents rely on --help to construct commands, this now makes it easy to expose the WebUI on all interfaces again, which is exactly the security regression that earlier fix was preventing.
  The patch reintroduces a previously fixed security footgun by advertising the unauthenticated all-interfaces bind path in standard help output. That regression is significant enough that the patch should not be considered correct as-is.

Review comment:

• [P1] Keep the unsafe bind escape hatch out of palaia ui --help — /home/dev/projects/palaia-plugin/palaia/cli_args.py:292-296
  Publishing PALAIA_UI_UNSAFE_BIND=0.0.0.0 in the normal ui --help path undoes the protection added in commit 48a64e5, where the whole point of moving remote binding behind an env var was to keep unauthenticated network exposure out of copy-pasted commands and tutorials. In environments where users or agents rely on --help to construct commands, this now makes it easy to expose the WebUI on all interfaces again, which is exactly the security regression that earlier fix was preventing.

---

Automated review by OpenAI Codex on devhost