Subagent Dashboard
WarnAudited by ClawScan on May 10, 2026.
Overview
The dashboard is purpose-aligned, but it exposes local agent transcripts and restart controls through a local API configured for broad cross-origin access.
Install only if you need a local subagent dashboard. Run it only while actively using it, do not expose the port to a network, and prefer a version that restricts CORS and adds authentication or a local access token for transcript and restart APIs.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
While the dashboard is running, a malicious website opened in the same browser could potentially read local dashboard API responses, including agent session details or transcripts.
The dashboard serves sensitive local session/transcript information through API routes and explicitly allows any browser origin to access /api/* responses.
"Provides real-time monitoring, transcript viewing, and agent management."; "SESSIONS_PATH = OPENCLAW_HOME / \"agents\" / \"main\" / \"sessions\""; "CORS(app, resources={r\"/api/*\": {\"origins\": \"*\"}})"Restrict CORS to the dashboard origin, bind only to localhost, add authentication or a random local token, and avoid running it while browsing untrusted sites.
If the local API is reachable, another local process or browser page may be able to disrupt or alter running subagent work by calling the restart/refresh endpoint.
The documented API can trigger subagent refresh/restart actions, but the artifacts do not describe authentication, confirmation, or scoping for that management endpoint.
- `POST /api/subagent/<session_id>/refresh` - Request refresh/restart; - **⚡ Restart** - Restart stalled agents (requires gateway access)
Require explicit user confirmation for restart actions, add access control to management endpoints, and document exactly what gateway access is required.
Anyone who can access the dashboard may see sensitive agent conversation history and task details.
The skill intentionally reads persistent agent session and transcript files, including main and cron sessions, which may contain private prompts, outputs, or operational context.
The dashboard shows: - **All sessions** from sessions.json: main (orchestrator), subagents, and optionally cron jobs ... - `~/.openclaw/agents/main/sessions/*.jsonl` - Transcript files
Run the dashboard only when needed, limit who can access it, and avoid exposing it beyond the local machine.
Starting the dashboard will install and execute local Python code on the user's machine, which is expected for this type of tool but should still be understood.
The user-directed startup script creates a local Python environment, installs dependencies, and runs the bundled dashboard code.
python3 -m venv venv ... pip install -q -r "$(dirname "$SCRIPT_DIR")/requirements.txt" ... PORT=$PORT python3 dashboard.py
Review the script and requirements before running, and keep the virtual environment scoped to this skill.