ClawTime Setup
ReviewAudited by ClawScan on May 10, 2026.
Overview
The setup is coherent, but it downloads unpinned web-app code and gives it OpenClaw gateway access through a public Cloudflare tunnel, so it should be reviewed before use.
Install only if you trust the GitHub repository and its NPM dependencies. Before running it, review the downloaded code, confirm the Cloudflare domain is yours, use the least-privileged gateway token possible, keep TTS disabled unless sanitization is verified, and unload any launchd services when you no longer want ClawTime running.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user would be trusting downloaded code and NPM dependencies with the gateway token and local UI behavior.
The installer fetches the actual ClawTime app and its dependencies from an external repository at install time, with no commit pin or reviewed app source included in these artifacts.
REPO_URL="https://github.com/youngkent/clawtime.git" ... git clone "$REPO_URL" "$INSTALL_DIR" ... npm install --legacy-peer-deps --silent
Review or pin the ClawTime repository and dependency lockfile before installation, and avoid running the setup with sensitive tokens until the downloaded code is trusted.
If the downloaded web app or its configuration is wrong or compromised, it could act with meaningful OpenClaw gateway authority.
The ClawTime gateway handshake is documented as using the user's gateway token with operator read/write scopes.
- `role` — typically `"operator"` - `scopes` — `"operator.write,operator.read"` - `token` — your `GATEWAY_TOKEN` env var value
Use the least-privileged gateway token available, review what operator.write permits, and rotate/revoke the token if you uninstall or no longer trust the app.
This can affect which web origins are allowed to connect to the gateway and may interrupt a running OpenClaw gateway.
The installer changes OpenClaw gateway configuration and restarts the gateway as part of setup.
openclaw config patch "{\"gateway\":{\"controlUi\":{\"allowedOrigins\":[\"$PUBLIC_URL\"]}}}" ... openclaw gateway restartConfirm the PUBLIC_URL is exactly the domain you intend to expose, and review the gateway config after installation.
If the downloaded server does not correctly sanitize TTS text, a chat message could become a shell-command injection path.
The optional TTS feature is configured through a shell command template that incorporates chat text; the documentation warns that the server must sanitize it.
TTS_COMMAND='python3 -m piper ... -- {{TEXT}} && ffmpeg ... {{OUTPUT}}' ... `{{TEXT}}` placeholder is substituted into a shell command.Keep TTS disabled unless you have verified the server uses safe argument handling, preferably execFile-style execution instead of shell interpolation.
The gateway token is part of the UI-to-gateway authentication flow, so mishandled logs or an untrusted server could expose sensitive access material.
The gateway authentication flow includes the gateway token in the signed WebSocket payload format.
v2|{deviceId}|{clientId}|{clientMode}|{role}|{scopes}|{signedAtMs}|{token}|{nonce}Keep the OpenClaw gateway bound to localhost, avoid logging auth payloads, and rotate the gateway token if exposure is suspected.
The service can continue running in the background and keep the public tunnel available after login.
The launchd reference shows optional user-agent persistence that starts ClawTime and the Cloudflare tunnel on login and restarts them if they crash.
<key>RunAtLoad</key> <true/> <key>KeepAlive</key> <true/>
Only load the launchd agents if you want persistent access, and use the documented launchctl unload commands when you no longer need them.