Private Web App (PWA)
WarnAudited by ClawScan on May 10, 2026.
Overview
This appears to be a coherent private dashboard, but it can expose a persistent web file browser for the user's home directory without clearly documented access controls.
Install only if you are comfortable running a persistent private web server. Before starting it, bind it to localhost or a trusted VPN interface, add authentication or a reverse proxy, restrict the file browser to a dedicated safe folder, verify whether system action endpoints are enabled, and inspect the installer/service files from a pinned trusted source.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can reach the dashboard may be able to browse, preview, or download many personal files available to the service user.
The backend defaults the file-browser root to the service user's home directory and exposes APIs to read and download files. The code does constrain paths to the configured root, but the default root is still broad and sensitive.
_root: Path = Path.home() ... @router.get("/read") ... content = resolved.read_text(errors="replace") ... @router.get("/download") ... FileResponse(path=str(resolved)Set file_browser.root to a narrow non-sensitive folder, add strong authentication or VPN-only access, and avoid exposing the service to untrusted networks.
If installed with the example settings on a LAN or public interface, the dashboard's powerful APIs could be reachable by unintended users.
The documentation shows the server binding to all interfaces and treats Tailscale as optional. The provided artifacts do not clearly show built-in authentication or approval checks around the file API.
[Tailscale](https://tailscale.com/download) (optional, for remote HTTPS access) ... "host": "0.0.0.0" ... "file_browser": { "root": "~" }Bind to 127.0.0.1 unless using a trusted VPN, enforce authentication, firewall the port, and document the required access-control model.
Opening a malicious Markdown file in the dashboard could potentially let that content act in the web app's context and call local dashboard APIs.
The Markdown preview renderer intentionally passes raw HTML from file contents into rendered output. In a same-origin file dashboard, untrusted Markdown content could become active browser content if inserted into the DOM.
// Raw HTML passthrough ... if (/^\s*<[a-zA-Z]/.test(line)) { out.push(line); i++; continue }Disable raw HTML in Markdown previews, sanitize rendered HTML, add a restrictive Content Security Policy, and treat downloaded/untrusted files as unsafe to preview.
The app will keep running in the background and continue serving its APIs after setup.
Persistent background operation is clearly disclosed and expected for a PWA server, but it means exposed endpoints remain available until the service is stopped.
Runs as systemd user service or launchd plist ... systemctl --user start privateapp ... launchctl load ~/Library/LaunchAgents/com.privateapp.server.plist
Review the service file, know how to stop/unload it, and only enable persistence after network and file-access boundaries are configured.
A changed upstream repository or unreviewed installer could affect what is installed as a persistent local service.
The documented setup fetches code from a mutable remote repository and runs an installer script. This is normal for this kind of app, but users should verify the exact source they run.
git clone https://github.com/camopel/PrivateApp.git ~/Workspace/PrivateApp ... bash scripts/install.sh [--port 8800]
Install from a reviewed release or pinned commit, inspect scripts/install.sh before running it, and avoid running installer commands automatically.