ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Free Mission Control for OpenClaw AI Agents

v2.0.8

JARVIS Mission Control v2 — free, self-hosted command center for OpenClaw AI agents. Kanban board, real-time chat, Claude Code session tracking, GitHub Issue...

4· 1.6k·8 current·8 all-time
byAsif@asif2bd

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for asif2bd/jarvis-mission-control.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Free Mission Control for OpenClaw AI Agents" (asif2bd/jarvis-mission-control) from ClawHub.
Skill page: https://clawhub.ai/asif2bd/jarvis-mission-control
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: node, git
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install asif2bd/jarvis-mission-control

ClawHub CLI

Package manager switcher

npx clawhub@latest install jarvis-mission-control
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name and description (self-hosted mission control / dashboard / Claude session tracking / task sync) line up with the instructions to clone and run a Node server and to have agents point at it. However the README explicitly says the server auto-discovers ~/.claude/projects/ sessions and displays tokens, and allows editing agent SOUL/MEMORY files — sensitive capabilities that are not reflected in registry metadata (e.g., required config paths were declared as none). This is plausible for a dashboard but is higher-sensitivity behavior than a simple 'kanban' widget and should be explicitly documented in metadata.
!
Instruction Scope
SKILL.md instructs the user to git clone a public repo, run npm install and start a Node server from that repo (typical for self-hosted apps). The docs also state the server auto-discovers ~/.claude/projects/ and shows 'tokens' and enables viewing/editing of agent SOUL/MEMORY files and configuring webhooks. Those instructions imply reading local home files and exposing their contents in the dashboard — operations that can leak secrets. The skill bundle itself contains only docs (no executable code), so the actual runtime behavior depends on external repo code; that runtime behavior is not contained in the skill and must be audited before execution.
Install Mechanism
This is instruction-only (no install spec) which is lower surface risk in the registry, but the documentation tells users to clone and run code from a GitHub repository. The metadata links to the public GitHub repo and a demo. No bundled installers or remote archives are included in the skill itself, but executing the recommended steps will run external code (npm install / node server) fetched from third-party sources.
!
Credentials
The registry declares no required env vars or config paths, yet the docs discuss optional/conditional credentials and configs: GitHub sync needs a GITHUB_TOKEN and GITHUB_REPO, connect scripts mention MISSIONDECK_API_KEY / MISSIONDECK_URL, and the server will create/use a local .mission-control/ directory and may read ~/.claude/projects/. The skill's documentation indicates access to sensitive files (claude sessions with tokens, agent SOUL/MEMORY) and to optional cloud API keys — these are reasonable for the advertised features but are high-value secrets and their handling is not declared in the registry metadata. That mismatch is notable.
Persistence & Privilege
The skill is not always-enabled and allows model invocation (defaults). The potential persistent impact comes from running the external server yourself and pointing agents at it: once agents are configured to talk to the server, the server can receive or be given agent data (SOUL/MEMORY) and store it locally or send it to a cloud endpoint. The registry did not mark always:true and the skill does not modify other skills' configs, but the user-run server could become a persistent collector of agent data if misconfigured.
Scan Findings in Context
[clawhub:previous-shell-install-heuristic] unexpected: SECURITY.md documents that earlier versions contained shell-install metadata which triggered heuristics. Current skill metadata replaced shell entries with link-kind entries; the warning is historical but relevant: the recommended runtime steps (git clone / npm install / node server) still require executing upstream code which must be audited.
What to consider before installing
This skill is documentation for an open-source self-hosted dashboard rather than bundled code, but installing it means cloning and running third-party server code that can read and display agent/session files and optionally connect to a cloud service. Before installing or running: 1) Review the referenced GitHub repository (server/index.js, package.json, any scripts) to confirm which local paths it reads and what it exposes (especially ~/.claude/projects/, SOUL.md, MEMORY.md, and any logged tokens). 2) Run the server in an isolated environment (VM/container) bound to localhost and behind a firewall or reverse-proxy if you need remote access. 3) Do not run any connect script or provide cloud API keys until you trust missiondeck.ai and have inspected the script; prefer a fork you control. 4) If you enable GitHub sync, create a least-privilege token and rotate it after testing. 5) Avoid running this on machines holding high-value secrets unless you have audited the code; if you must test, use throwaway accounts/data. Additional helpful info that would change the assessment: an included code snapshot to review, explicit documentation of exactly which files/fields are read from ~/.claude and how tokens are displayed/obfuscated, or assurances in the repo that tokens are not persisted/exposed.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🎯 Clawdis
Binsnode, git
agentsvk976c9artp71x004hmmkdc9wrd82xtmbcoordinationvk976c9artp71x004hmmkdc9wrd82xtmbdashboardvk976c9artp71x004hmmkdc9wrd82xtmbfreevk976c9artp71x004hmmkdc9wrd82xtmbinstruction-onlyvk976c9artp71x004hmmkdc9wrd82xtmbkanbanvk976c9artp71x004hmmkdc9wrd82xtmblatestvk9770dzm2mfybdn1td80en6gyx845jjhmission-controlvk976c9artp71x004hmmkdc9wrd82xtmbmissiondeckvk976c9artp71x004hmmkdc9wrd82xtmbmulti-agentvk976c9artp71x004hmmkdc9wrd82xtmbopenClawvk976c9artp71x004hmmkdc9wrd82xtmborchestrationvk976c9artp71x004hmmkdc9wrd82xtmbsecurity-auditedvk976c9artp71x004hmmkdc9wrd82xtmbtask-managementvk976c9artp71x004hmmkdc9wrd82xtmbtasksvk97dnq5mk74scx240ycjq9krcn81zfv2webhookvk976c9artp71x004hmmkdc9wrd82xtmbwebsocketvk976c9artp71x004hmmkdc9wrd82xtmb
1.6kdownloads
4stars
15versions
Updated 1h ago
v2.0.8
MIT-0
Asif@asif2bd
agentscoordinationdashboardfreeinstruction-onlykanbanlatestmission-controlmissiondeckmulti-agentopenClaworchestrationsecurity-auditedtask-managementtaskswebhookwebsocket
Download

JARVIS Mission Control v2 for OpenClaw

Version License

Built by MissionDeck.ai · GitHub · Live Demo

Security notice: Instruction-only skill. All commands reference open-source code on GitHub. Review before running. Nothing executes automatically.

Install

clawhub install jarvis-mission-control

🎯 What's New in v2

v2.0 is a major upgrade over v1 — same powerful backend, completely redesigned frontend.

Dashboard Widget Cards

4 live metric cards in the header showing real-time counts with color-coded status:

  • 🖥 Claude Sessions — active Claude Code sessions discovered from ~/.claude/projects/
  • CLI Connections — connected CLI tools
  • 🐙 GitHub Sync — synced issues from your configured repo
  • 🔔 Webhook Health — open circuit breaker count

Enhanced Task Cards

  • Priority color bars (🔴 HIGH · 🟡 MEDIUM · 🟢 LOW)
  • Agent avatar circles (color-coded per agent)
  • Label badges with overflow (+N more)
  • Review 🔍 indicator when peer review required
  • Hover lift effect

Smart Panels (header buttons)

  • 💬 CHAT — real-time team messaging, WebSocket-powered, agent emojis, unread badge
  • 📋 REPORTS — browse Reports / Logs / Archive files
  • SCHEDULES — live view of all OpenClaw cron jobs

Organized Sidebar

Collapsible groups with localStorage persistence:

  • TEAM — Human Operators + AI Agents roster
  • INTELLIGENCE — Claude Sessions, CLI Console, GitHub Issues, CLI Connections, Webhooks, Agent Files
  • SYSTEM — Settings

Matrix Theme Polish

CRT scanline overlay, pulse-glow on active agents, Matrix rain header accent, typewriter version cursor

🎯 Setup Modes

ModeSetup TimeDashboard
👁️ Demo0 minmissiondeck.ai/mission-control/demo
☁️ MissionDeck Cloud5 minmissiondeck.ai
🖥️ Self-Hosted10 minlocalhost:3000

🖥️ Self-Hosted Setup

Requirements: Node.js ≥18, Git

git clone https://github.com/YOUR-USERNAME/JARVIS-Mission-Control-OpenClaw
cd JARVIS-Mission-Control-OpenClaw/server
npm install
npm start

Open: http://localhost:3000

🔒 Security Features (v1.6–1.7)

  • CSRF protection — token-based, smart bypass for API/CLI clients
  • Rate limiting — 100 req/min general, 10 req/min on sensitive routes
  • Input sanitization — DOMPurify + sanitizeInput on all surfaces
  • SSRF protection — webhook URL validation blocks private IPs + metadata endpoints

🤖 Agent Intelligence Features

Claude Code Session Tracking (v1.2)

Auto-discovers ~/.claude/projects/ JSONL sessions every 60s. Shows tokens, cost estimate, model, git branch, active status per session.

Direct CLI Console (v1.3)

Run whitelisted OpenClaw commands from the dashboard — openclaw status, gateway start/stop, system info.

GitHub Issues Sync (v1.4)

Fetch open GitHub issues and auto-create JARVIS task cards (idempotent by issue number). Configure with GITHUB_TOKEN + GITHUB_REPO.

Agent SOUL Editor (v1.5)

View and edit agent SOUL.md, MEMORY.md, IDENTITY.md directly in the browser. Auto-backup on save.

🔁 Reliability Features

Webhook Retry + Circuit Breaker (v1.10–1.14)

  • SQLite-backed delivery log (survives server restarts)
  • Exponential backoff: 1s → 2s → 4s → 8s → 16s (max 5 attempts)
  • Circuit breaker: ≥3 failures from last 5 deliveries = open circuit
  • Dashboard delivery history panel with Manual Retry + Reset Circuit buttons
  • GET /api/webhooks/:id/deliveries · POST /api/webhooks/:id/retry

Pino Structured Logging (v1.9)

JSON in production, pretty-print in development. Replaces all console.log.

Update Banner (v1.11)

Dashboard shows a dismissable banner when a newer version is available on npm.

📊 Quality

  • 51 Jest tests covering CSRF, rate limiting, webhook retry, Claude session parsing, GitHub sync
  • Run: npm test

📨 Telegram → MC Auto-Routing

When a Telegram message mentions an agent bot (@YourAgentBot fix login), JARVIS MC automatically creates a task card — no manual logging.

// .mission-control/config/agents.json
{
  "botMapping": {
    "@YourAgentBot": "agent-id"
  }
}

Core mc Commands

mc check                          # See your pending tasks
mc task:create "Title" --priority high --assign oracle
mc task:claim TASK-001
mc task:comment TASK-001 "Done." --type progress
mc task:done TASK-001
mc squad                          # All agents + status
mc deliver "Report" --path ./output/report.md
mc notify "Deployment complete"
mc status                         # local / cloud mode

More by Asif2BD

clawhub install openclaw-token-optimizer   # Reduce token costs by 50-80%
clawhub search Asif2BD                     # All skills

MissionDeck.ai · Free tier · No credit card required

Comments

Loading comments...