ClawHub

RTS Dashboard

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real local OpenClaw dashboard, but it exposes powerful unauthenticated local controls and conversation data that users should review before installing.

Install only if you are comfortable running a localhost dashboard that can read OpenClaw configuration and session transcripts, use the Gateway token, create a persistent device key, send chat messages to agents, and stop or restart the Gateway. Keep port 4320 private to localhost, avoid exposing it through tunnels or shared browsers, and delete or rotate .device-keys.json when you stop using the dashboard.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The dashboard is presented as a monitoring and visualization interface, but it also exposes operational gateway control actions such as restart and stop. Mixing read-only observability with privileged control increases the chance that users grant the UI broader trust than warranted, enabling destructive actions from a surface that may not be expected to require strong authorization.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The UI includes direct administrative actions to stop or restart the gateway, which can disrupt all connected agents and sessions. In the context of a browser dashboard, this creates a high-impact denial-of-service capability that becomes dangerous if the page is exposed to less-privileged users, embedded in broader workflows, or backed by weak server-side authorization.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
This monitoring dashboard exposes POST endpoints that can restart and stop the OpenClaw gateway, which materially exceeds the stated monitoring/visualization purpose. Because the server also sets Access-Control-Allow-Origin: * and performs no authentication or authorization checks, any local webpage or process able to reach the service can trigger operational disruption.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The code invokes local shell commands via execSync to stop and restart the gateway. Even though the command strings are static, exposing these actions through unauthenticated HTTP APIs gives remote callers an easy way to terminate or disrupt a core local service, creating a denial-of-service and privilege-boundary issue.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The README explicitly states that the Gateway authentication token may be read automatically, but it does not warn users that the dashboard accesses local credentials or explain the trust boundary of that behavior. In the context of a browser-based command dashboard that interfaces with OpenClaw control APIs, undocumented credential harvesting from local configuration increases the risk of over-privileged access and accidental deployment without informed consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The stop command force-kills any process bound to port 4320, without validating that it is the dashboard process and without warning about impact. This can terminate the wrong local service if the port is reused, causing denial of service or data loss.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The session-history endpoint returns user and assistant conversation contents from local session JSONL files without any access control, and the dashboard WebSocket broadcast includes live session metadata and excerpts. In the context of an agent-control system, these conversations can contain secrets, prompts, operational context, and personal data, so exposing them through an unauthenticated API materially increases data-leak risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal