Openclaw Command Center
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a disclosed local OpenClaw monitoring dashboard, but it can read sensitive agent workspace data and run local OpenClaw/system commands.
Install this only if you want a local dashboard with visibility into OpenClaw sessions, memory/state files, usage, costs, and system vitals. Keep it on localhost for personal use, enable authentication before remote or team access, and treat the dashboard as sensitive because it can reveal agent memory and operational details.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the dashboard is exposed to untrusted users, local OpenClaw commands or job-management features could affect agent operations.
The server invokes the local OpenClaw CLI. That is coherent with a Command Center dashboard, but it means the web service may exercise local agent-management tooling.
const result = execFileSync("openclaw", buildArgs(args2), {Keep the dashboard bound to localhost unless you configure token, Tailscale, Cloudflare, or allowlist authentication, and review any job-management actions before enabling remote access.
Anyone who can access the dashboard may be able to view sensitive OpenClaw memory, session, operator, cost, or topic information.
The dashboard is designed to read and display agent memory data, which may include private context, decisions, or conversation history.
📝 **Memory Browser** | View agent memory files
Use the default localhost-only deployment for personal use, enable authentication for team or remote access, and avoid displaying the dashboard in public demos unless privacy controls are enabled.
Running the skill starts a local web service that continues operating until stopped.
The skill starts a local Node.js server as its normal operation. This is clearly disclosed in the install metadata and Quick Start instructions.
command: "node lib/server.js"
Start it only in a trusted workspace, stop it when not needed, and configure authentication before using it for remote or team access.