Free Mission Control for OpenClaw AI Agents
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a purpose-aligned documentation-only skill, but the referenced dashboard can read Claude session files, run local OpenClaw controls, and edit persistent agent identity/memory files, so it needs careful review before use.
Install only if you are comfortable auditing the referenced GitHub repository and running a local mission-control server. Keep it on localhost or behind authentication, use least-privilege API keys, verify what is read from ~/.claude/projects, and review/back up any SOUL.md, MEMORY.md, or IDENTITY.md changes.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private coding-session metadata, and possibly session-derived details, could be visible through the dashboard or stored by the app if the server or data directory is exposed.
This documents scheduled access to a local Claude Code session store. The provided artifacts do not clearly specify opt-in controls, exclusions, retention, or whether parsed session data can later be synced or exposed.
Auto-discovers `~/.claude/projects/` JSONL sessions every 60s. Shows tokens, cost estimate, model, git branch, active status per session.
Before enabling this feature, review the source code for exactly what is read, stored, and transmitted; keep the server local or behind authentication; and configure exclusions if available.
A mistaken or unauthorized edit could change how agents behave across future tasks.
These files can shape an agent's future behavior and memory. Browser-based editing is purpose-aligned, but the artifacts do not describe authentication, approval, path restrictions, or review workflow for these persistent changes.
View and edit agent `SOUL.md`, `MEMORY.md`, `IDENTITY.md` directly in the browser. Auto-backup on save.
Use this only behind strong access controls, review diffs before saving, keep backups, and verify the implementation restricts edits to intended agent files.
Anyone who can access the dashboard may be able to inspect system information or start/stop local agent gateway components.
The dashboard can trigger local OpenClaw control commands. A whitelist is mentioned, but the provided artifacts do not clearly describe authentication or per-action approval for command execution.
Run whitelisted OpenClaw commands from the dashboard — `openclaw status`, `gateway start/stop`, system info.
Keep the dashboard bound to localhost unless protected by authentication, verify the command whitelist in code, and avoid exposing command-console routes through public tunnels.
The security of the installed app depends on external code and dependencies that were not included in this skill scan.
The skill bundle contains documentation only; the runnable server and npm dependencies come from an external repository and package ecosystem.
git clone https://github.com/YOUR_USERNAME/JARVIS-Mission-Control-OpenClaw cd JARVIS-Mission-Control-OpenClaw npm install
Audit the GitHub repo, package.json, lockfile, and scripts before running; pin to a trusted commit or fork; and install in an isolated environment if possible.
A token with broad scopes could expose or affect more GitHub data than needed if mishandled by the external app.
GitHub credentials are expected for the stated integration, but they grant account/repository access and are not declared in the registry requirements.
GitHub Issues Sync (v1.4) Fetch open GitHub issues and auto-create JARVIS task cards ... Configure with `GITHUB_TOKEN` + `GITHUB_REPO`.
Use a least-privilege token limited to the intended repository and review how the app stores and logs environment variables.
The dashboard may continue operating after the initial setup session, so its exposed controls and stored data remain available.
The documentation includes an optional service setup that keeps the mission-control server running persistently, including after reboot.
pm2 start server/index.js --name mission-control pm2 save pm2 startup
Only enable service mode intentionally, document how to stop/remove it, and secure the server before configuring startup persistence.