ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Approve new channels, and connections to openclaw ui and terminal

v1.0.1

Web dashboard to approve OpenClaw device and channel pairings, manage connections, and access a live terminal from your browser.

2· 611·0 current·0 all-time
by@dr1nnas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (dashboard for device/channel approvals and a live terminal) match the code and SKILL.md. The server reads OpenClaw state files (~/.openclaw), exposes pairing management endpoints, and provides an in-browser terminal — all consistent with the stated purpose. There are no unrelated required env vars or binaries.
Instruction Scope
SKILL.md explicitly instructs where to place files, how to install Flask/SocketIO, and to change embedded default credentials. It also documents that the app reads sensitive OpenClaw files (pending/paired device JSON, channel pairing JSON, and gateway token) and that the terminal exposes a full shell. Those behaviors are within purpose but are high-sensitivity operations; the docs warn about them. One operational note: the web templates load Socket.IO (and likely other assets) from public CDNs; SKILL.md does not call this out but this is normal for a local UI.
Install Mechanism
This is an instruction-only skill (no installer spec). The instructions tell the user to pip install flask and flask-socketio — reasonable and proportional. No remote downloads/executables are pulled by the skill itself.
Credentials
The skill requests no special environment variables in the registry metadata. The code supports optional env vars (FLASK_SECRET_KEY and SERVER_AUTH_PASSWORD) and provides defaults in server.py for ADMIN_USERNAME/ADMIN_PASSWORD/AUTH_PASSWORD which SKILL.md tells you to change. That is consistent, but embedding default admin credentials in the code is risky — the SKILL.md repeatedly warns not to run with defaults. API endpoints (/pair, /sync) accept a JSON password for automation; ensure you set a strong SERVER_AUTH_PASSWORD before use.
Persistence & Privilege
The skill does not request always:true or any platform privileges. It runs as a local Flask app and does not modify other skills or system-wide OpenClaw config beyond invoking OpenClaw CLI operations (approve/reject). Autonomous model invocation settings are default and not a special privilege in this package.
Assessment
This package appears to do what it says: a local dashboard that reads OpenClaw state files and provides an interactive terminal. Before installing or running it, do the following: 1) Change the defaults immediately — set a strong FLASK_SECRET_KEY (via env) and a strong SERVER_AUTH_PASSWORD; also change ADMIN_USERNAME/ADMIN_PASSWORD in server.py or make them configurable via environment variables. 2) Remember this app reads and displays sensitive files (gateway token, pairing JSONs); anyone who can access the web UI or the API endpoints can view or act on those secrets. The /pair and /sync API endpoints accept a JSON password (plaintext) for automation—only use them from trusted local scripts and keep the password strong. 3) The terminal provides a full shell; remove or disable the /terminal route if you do not need it. 4) Review server.py for how it invokes the OpenClaw CLI (subprocess usage). Ensure arguments are passed without shell=True or unsafe string concatenation to avoid command injection if you expose the server beyond localhost. 5) Do not bind to 0.0.0.0 or expose this service to untrusted networks without putting it behind HTTPS and strong access controls. 6) If you rely on external CDNs (socket.io,xterm.js), consider hosting assets locally if you require an air-gapped or stricter environment. If you want, provide the rest of server.py (the truncated portion) and I will inspect the exact subprocess/pty usage for additional concerns.

Like a lobster shell, security has layers — review code before you run it.

latestvk971kf3rdepapf547pxpq8gjcn81kf7v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments