Free Mission Control for OpenClaw AI Agents
v2.0.8JARVIS Mission Control v2 — free, self-hosted command center for OpenClaw AI agents. Kanban board, real-time chat, Claude Code session tracking, GitHub Issue...
⭐ 4· 1.6k·8 current·8 all-time
byAsif@asif2bd
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description (self-hosted mission control / dashboard / Claude session tracking / task sync) line up with the instructions to clone and run a Node server and to have agents point at it. However the README explicitly says the server auto-discovers ~/.claude/projects/ sessions and displays tokens, and allows editing agent SOUL/MEMORY files — sensitive capabilities that are not reflected in registry metadata (e.g., required config paths were declared as none). This is plausible for a dashboard but is higher-sensitivity behavior than a simple 'kanban' widget and should be explicitly documented in metadata.
Instruction Scope
SKILL.md instructs the user to git clone a public repo, run npm install and start a Node server from that repo (typical for self-hosted apps). The docs also state the server auto-discovers ~/.claude/projects/ and shows 'tokens' and enables viewing/editing of agent SOUL/MEMORY files and configuring webhooks. Those instructions imply reading local home files and exposing their contents in the dashboard — operations that can leak secrets. The skill bundle itself contains only docs (no executable code), so the actual runtime behavior depends on external repo code; that runtime behavior is not contained in the skill and must be audited before execution.
Install Mechanism
This is instruction-only (no install spec) which is lower surface risk in the registry, but the documentation tells users to clone and run code from a GitHub repository. The metadata links to the public GitHub repo and a demo. No bundled installers or remote archives are included in the skill itself, but executing the recommended steps will run external code (npm install / node server) fetched from third-party sources.
Credentials
The registry declares no required env vars or config paths, yet the docs discuss optional/conditional credentials and configs: GitHub sync needs a GITHUB_TOKEN and GITHUB_REPO, connect scripts mention MISSIONDECK_API_KEY / MISSIONDECK_URL, and the server will create/use a local .mission-control/ directory and may read ~/.claude/projects/. The skill's documentation indicates access to sensitive files (claude sessions with tokens, agent SOUL/MEMORY) and to optional cloud API keys — these are reasonable for the advertised features but are high-value secrets and their handling is not declared in the registry metadata. That mismatch is notable.
Persistence & Privilege
The skill is not always-enabled and allows model invocation (defaults). The potential persistent impact comes from running the external server yourself and pointing agents at it: once agents are configured to talk to the server, the server can receive or be given agent data (SOUL/MEMORY) and store it locally or send it to a cloud endpoint. The registry did not mark always:true and the skill does not modify other skills' configs, but the user-run server could become a persistent collector of agent data if misconfigured.
Scan Findings in Context
[clawhub:previous-shell-install-heuristic] unexpected: SECURITY.md documents that earlier versions contained shell-install metadata which triggered heuristics. Current skill metadata replaced shell entries with link-kind entries; the warning is historical but relevant: the recommended runtime steps (git clone / npm install / node server) still require executing upstream code which must be audited.
What to consider before installing
This skill is documentation for an open-source self-hosted dashboard rather than bundled code, but installing it means cloning and running third-party server code that can read and display agent/session files and optionally connect to a cloud service. Before installing or running: 1) Review the referenced GitHub repository (server/index.js, package.json, any scripts) to confirm which local paths it reads and what it exposes (especially ~/.claude/projects/, SOUL.md, MEMORY.md, and any logged tokens). 2) Run the server in an isolated environment (VM/container) bound to localhost and behind a firewall or reverse-proxy if you need remote access. 3) Do not run any connect script or provide cloud API keys until you trust missiondeck.ai and have inspected the script; prefer a fork you control. 4) If you enable GitHub sync, create a least-privilege token and rotate it after testing. 5) Avoid running this on machines holding high-value secrets unless you have audited the code; if you must test, use throwaway accounts/data. Additional helpful info that would change the assessment: an included code snapshot to review, explicit documentation of exactly which files/fields are read from ~/.claude and how tokens are displayed/obfuscated, or assurances in the repo that tokens are not persisted/exposed.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
🎯 Clawdis
Binsnode, git
agentscoordinationdashboardfreeinstruction-onlykanbanlatestmission-controlmissiondeckmulti-agentopenClaworchestrationsecurity-auditedtask-managementtaskswebhookwebsocket
JARVIS Mission Control v2 for OpenClaw
Built by MissionDeck.ai · GitHub · Live Demo
Security notice: Instruction-only skill. All commands reference open-source code on GitHub. Review before running. Nothing executes automatically.
Install
clawhub install jarvis-mission-control
🎯 What's New in v2
v2.0 is a major upgrade over v1 — same powerful backend, completely redesigned frontend.
Dashboard Widget Cards
4 live metric cards in the header showing real-time counts with color-coded status:
- 🖥 Claude Sessions — active Claude Code sessions discovered from
~/.claude/projects/ - ⚡ CLI Connections — connected CLI tools
- 🐙 GitHub Sync — synced issues from your configured repo
- 🔔 Webhook Health — open circuit breaker count
Enhanced Task Cards
- Priority color bars (🔴 HIGH · 🟡 MEDIUM · 🟢 LOW)
- Agent avatar circles (color-coded per agent)
- Label badges with overflow (+N more)
- Review 🔍 indicator when peer review required
- Hover lift effect
Smart Panels (header buttons)
- 💬 CHAT — real-time team messaging, WebSocket-powered, agent emojis, unread badge
- 📋 REPORTS — browse Reports / Logs / Archive files
- ⏰ SCHEDULES — live view of all OpenClaw cron jobs
Organized Sidebar
Collapsible groups with localStorage persistence:
- TEAM — Human Operators + AI Agents roster
- INTELLIGENCE — Claude Sessions, CLI Console, GitHub Issues, CLI Connections, Webhooks, Agent Files
- SYSTEM — Settings
Matrix Theme Polish
CRT scanline overlay, pulse-glow on active agents, Matrix rain header accent, typewriter version cursor
🎯 Setup Modes
| Mode | Setup Time | Dashboard |
|---|---|---|
| 👁️ Demo | 0 min | missiondeck.ai/mission-control/demo |
| ☁️ MissionDeck Cloud | 5 min | missiondeck.ai |
| 🖥️ Self-Hosted | 10 min | localhost:3000 |
🖥️ Self-Hosted Setup
Requirements: Node.js ≥18, Git
git clone https://github.com/YOUR-USERNAME/JARVIS-Mission-Control-OpenClaw
cd JARVIS-Mission-Control-OpenClaw/server
npm install
npm start
Open: http://localhost:3000
🔒 Security Features (v1.6–1.7)
- CSRF protection — token-based, smart bypass for API/CLI clients
- Rate limiting — 100 req/min general, 10 req/min on sensitive routes
- Input sanitization — DOMPurify + sanitizeInput on all surfaces
- SSRF protection — webhook URL validation blocks private IPs + metadata endpoints
🤖 Agent Intelligence Features
Claude Code Session Tracking (v1.2)
Auto-discovers ~/.claude/projects/ JSONL sessions every 60s. Shows tokens, cost estimate, model, git branch, active status per session.
Direct CLI Console (v1.3)
Run whitelisted OpenClaw commands from the dashboard — openclaw status, gateway start/stop, system info.
GitHub Issues Sync (v1.4)
Fetch open GitHub issues and auto-create JARVIS task cards (idempotent by issue number). Configure with GITHUB_TOKEN + GITHUB_REPO.
Agent SOUL Editor (v1.5)
View and edit agent SOUL.md, MEMORY.md, IDENTITY.md directly in the browser. Auto-backup on save.
🔁 Reliability Features
Webhook Retry + Circuit Breaker (v1.10–1.14)
- SQLite-backed delivery log (survives server restarts)
- Exponential backoff: 1s → 2s → 4s → 8s → 16s (max 5 attempts)
- Circuit breaker: ≥3 failures from last 5 deliveries = open circuit
- Dashboard delivery history panel with Manual Retry + Reset Circuit buttons
GET /api/webhooks/:id/deliveries·POST /api/webhooks/:id/retry
Pino Structured Logging (v1.9)
JSON in production, pretty-print in development. Replaces all console.log.
Update Banner (v1.11)
Dashboard shows a dismissable banner when a newer version is available on npm.
📊 Quality
- 51 Jest tests covering CSRF, rate limiting, webhook retry, Claude session parsing, GitHub sync
- Run:
npm test
📨 Telegram → MC Auto-Routing
When a Telegram message mentions an agent bot (@YourAgentBot fix login), JARVIS MC automatically creates a task card — no manual logging.
// .mission-control/config/agents.json
{
"botMapping": {
"@YourAgentBot": "agent-id"
}
}
Core mc Commands
mc check # See your pending tasks
mc task:create "Title" --priority high --assign oracle
mc task:claim TASK-001
mc task:comment TASK-001 "Done." --type progress
mc task:done TASK-001
mc squad # All agents + status
mc deliver "Report" --path ./output/report.md
mc notify "Deployment complete"
mc status # local / cloud mode
More by Asif2BD
clawhub install openclaw-token-optimizer # Reduce token costs by 50-80%
clawhub search Asif2BD # All skills
MissionDeck.ai · Free tier · No credit card required
Comments
Loading comments...