{"skill":{"slug":"webclaw","displayName":"WebClaw","summary":"Web dashboard for OpenClaw. Browser-based UI for any installed skill. Schema-driven rendering, JWT auth, RBAC, AI chat, real-time updates. Install web dashbo...","description":"---\nname: webclaw\nversion: 2.1.0\ndescription: >\n  Web dashboard for OpenClaw. Browser-based UI for any installed skill.\n  Schema-driven rendering, JWT auth, RBAC, AI chat, real-time updates.\n  Install web dashboard, manage users, configure SSL HTTPS, web admin panel.\nauthor: AvanSaber / Nikhil Jathar\nhomepage: https://www.erpclaw.ai\nsource: https://github.com/avansaber/webclaw\ntier: 0\ncategory: infrastructure\nrequires: []\ndatabase: ~/.openclaw/webclaw/webclaw.sqlite\nuser-invocable: true\ntags: [web, dashboard, ui, admin, login, ssl, https, users, roles]\nmetadata: {\"openclaw\":{\"type\":\"executable\",\"install\":{\"pre\":\"bash scripts/check_deps.sh\",\"post\":\"bash scripts/install.sh\",\"pip\":\"api/requirements.txt\"},\"requires\":{\"bins\":[\"python3\",\"node\",\"npm\",\"nginx\",\"certbot\",\"git\",\"sudo\"],\"env\":[],\"optionalEnv\":[\"WEBCLAW_DOMAIN\"]},\"os\":[\"linux\"]}}\ncron:\n  - expression: \"0 2 * * *\"\n    timezone: \"UTC\"\n    description: \"Clean expired sessions and check SSL cert renewal\"\n    message: \"Using webclaw, run the maintenance action.\"\n    announce: false\n---\n\n# webclaw\n\nYou are the **Web Dashboard administrator** for this OpenClaw instance. You manage a browser-based UI that provides forms, tables, charts, and AI chat for every installed skill.\n\n## Security Model\n\n- **HTTPS enforced** via Let's Encrypt (setup-ssl action)\n- **JWT authentication** — access tokens (15 min) + refresh tokens (7 days, httpOnly cookies)\n- **RBAC** — role-based permission checks before every skill action\n- **Rate limiting** — 5/min auth, 30/min writes, 100/min general (nginx)\n- **Audit logging** — all mutating actions logged to audit_log table\n- Passwords hashed with PBKDF2-HMAC-SHA256 (600K iterations)\n- Session invalidation on password change\n\n### Installation Requirements\n\nThis is an infrastructure package. Initial installation requires internet access and elevated privileges:\n- **Source**: Clones application code from GitHub at a pinned release tag (`v2.1.0`)\n- **Dependencies**: Installs Python and Node.js packages from standard registries within an isolated venv\n- **System services**: Configures nginx reverse proxy and systemd services (requires sudo)\n- **SSL**: Optional Let's Encrypt certificate via certbot\n\nAfter installation, all runtime operations are local. No ongoing internet access is required for normal operation. No credentials or API keys are required. All data is stored locally in SQLite.\n\n### Skill Activation Triggers\n\nActivate this skill when the user mentions: web dashboard, web UI, web interface, login page, HTTPS, SSL certificate, web users, roles, RBAC, nginx, web admin, dashboard access, browser access, setup web, install web dashboard.\n\n### Setup (First Use Only)\n\n**IMPORTANT:** After installation, tell the user to open the setup page in their browser:\n\n> Open **https://YOUR_SERVER/setup** to create your admin account.\n\nSteps:\n1. Open the URL shown in the install output (e.g., `https://1.2.3.4/setup`)\n2. Create the first admin account (email + password)\n3. Log in — all installed skills appear in the sidebar\n\nTo enable HTTPS with a custom domain: say \"Set up SSL for yourdomain.com\"\n\n### ERP Company Setup (via erpclaw, NOT webclaw)\n\n**CRITICAL:** Company setup, demo data, and all ERP actions are handled by the **erpclaw** skill, not webclaw. Webclaw is only for web dashboard administration (users, SSL, sessions).\n\nTo set up a company via Telegram/CLI:\n1. First: `erpclaw initialize-database` (creates tables + shared library — required on first install)\n2. Then: `erpclaw setup-company --name \"Company Name\" --currency USD --fiscal-year-start-month 1`\n3. Optional: `erpclaw seed-demo-data` (loads sample data)\n\n**NEVER** import webclaw Python modules directly (e.g., `from api.auth import ...`). The webclaw API runs as a service — use the actions listed below or call the REST API.\n\n## Quick Start (Tier 1)\n\n### Check Status\n```\nUsing webclaw, show me the dashboard status\n→ runs: status\n```\n\n### Enable HTTPS\n```\nSet up SSL for erp.example.com\n→ runs: setup-ssl --domain erp.example.com\n```\n\n### Create a Web User\n```\nCreate a web user for alice@company.com with Manager role\n→ runs: create-user --email alice@company.com --full-name \"Alice\" --role Manager\n```\n\n### Reset a Password\n```\nReset the web password for alice@company.com\n→ runs: reset-password --email alice@company.com\n\nSet a specific password for alice\n→ runs: reset-password --email alice@company.com --password MyNewPass123!\n```\n\n## All Actions (Tier 2)\n\n| Action | Args | Description |\n|--------|------|-------------|\n| `status` | — | Service status, SSL, user count |\n| `setup-ssl` | `--domain` | Configure HTTPS with Let's Encrypt |\n| `renew-ssl` | — | Check + renew SSL certificate |\n| `list-users` | — | List all web dashboard users |\n| `create-user` | `--email`, `--full-name`, `--role` | Create user with temp password |\n| `reset-password` | `--email`, `--password` (optional) | Set specific password, or generate random one |\n| `disable-user` | `--email` | Disable a user account |\n| `list-sessions` | — | Show active login sessions |\n| `clear-sessions` | — | Force all users to re-login |\n| `maintenance` | — | Cron: clean sessions, check cert |\n| `restart-services` | — | Restart API + frontend services |\n| `show-config` | — | Display current configuration |\n\n### Quick Command Reference\n\n| User says | Action |\n|-----------|--------|\n| \"Is the dashboard running?\" | `status` |\n| \"Set up SSL for example.com\" | `setup-ssl --domain example.com` |\n| \"Who has web access?\" | `list-users` |\n| \"Add web user bob@co.com\" | `create-user --email bob@co.com` |\n| \"Reset password for bob\" | `reset-password --email bob@co.com` |\n| \"Disable bob's web access\" | `disable-user --email bob@co.com` |\n| \"Who's logged in?\" | `list-sessions` |\n| \"Force everyone to re-login\" | `clear-sessions` |\n| \"Restart the web dashboard\" | `restart-services` |\n| \"Show web dashboard config\" | `show-config` |\n\n### Proactive Suggestions\n\nAfter `create-user`: remind user to share the temp password securely.\nAfter `setup-ssl`: confirm HTTPS redirect is working.\nAfter `status` shows ssl=false: suggest running setup-ssl.\nAfter `status` shows users=0: suggest opening /setup in browser.\n\n## Technical Details (Tier 3)\n\n### Architecture\n- **Frontend**: Next.js 16 + React 19 + shadcn/ui + Tailwind v4 (port 3000)\n- **Backend**: FastAPI + uvicorn (port 8001)\n- **Proxy**: nginx (port 80/443) → routes /api to backend, / to frontend\n- **Database**: SQLite at ~/.openclaw/webclaw/webclaw.sqlite\n\n### 8 Generic UI Components\nDataTable, FormView, DetailView, ChatPanel, ChartPanel, KanbanBoard, CalendarView, TreeView — all render dynamically from skill action responses.\n\n### Tables Owned\nwebclaw_user, webclaw_session, webclaw_config, webclaw_role, webclaw_user_role, webclaw_role_permission, chat_session, chat_message, audit_log\n\n### Script Path\n```\nscripts/db_query.py --action <action-name> [--key value ...]\n```\n\n### Per-Skill Customization\nSkills can add a `webclaw` section to their SKILL.md frontmatter:\n```yaml\nwebclaw:\n  domain: \"GRC & Audit\"\n  database: \"~/.openclaw/auditclaw/data.sqlite\"\n  entities:\n    risk:\n      table: risk_register\n      name_col: risk_title\n      id_col: id\n      search_cols: [risk_category, severity]\n```\n","topics":["Admin","Dashboard","Https","Ssl","Ui"],"tags":{"latest":"2.1.3"},"stats":{"comments":0,"downloads":1469,"installsAllTime":55,"installsCurrent":4,"stars":0,"versions":21},"createdAt":1771942497253,"updatedAt":1779076417322},"latestVersion":{"version":"2.1.3","createdAt":1773146915086,"changelog":"- Added support for setting a specific password during the \"reset-password\" action (`--password` argument).\n- Documentation updated to show that \"reset-password\" can now accept a custom password in addition to generating a random one.\n- Updated installation instructions to clone the application code from GitHub at release tag `v2.1.0` (was `v1.0.10` previously).","license":"MIT-0"},"metadata":{"setup":[],"os":["linux"],"systems":null},"owner":{"handle":"mailnike","userId":"s17ee5y8kxe1zfx1t7te9wcgzx83j215","displayName":"Nikhil Jathar","image":"https://avatars.githubusercontent.com/u/22786232?v=4"},"moderation":{"isSuspicious":false,"isMalwareBlocked":false,"verdict":"clean","reasonCodes":["review.llm_review"],"summary":"Review: review.llm_review","engineVersion":"v2.4.24","updatedAt":1779956619157}}