Clawctl

This skill appears to be what it says: a local coordination CLI + optional Flask dashboard backed by SQLite. Before installing or running it, consider the following: - Install method: the registry metadata omits an install step even though a Python package (pyproject.toml) is included. You should install into a virtualenv (pip install . or pip install -e . for development) rather than running unknown files globally. - Database safety: run initial tests with a temporary DB to avoid touching your real data (example: CLAW_DB=/tmp/test.db clawctl init). The README/CLAUDE.md recommend this. - Dashboard token and exposure: the dashboard writes a persistent token to ~/.openclaw/.clawctl-token and, by default, binds to 0.0.0.0. If you run the dashboard on a multi-user or public-facing host, ensure the token file is protected (filesystem permissions) and the port is not publicly accessible, or bind to localhost instead. - Environment vars: the code reads CLAW_AGENT and CLAW_DB (with sensible defaults). The skill metadata did not declare these env vars — be aware they influence behavior and identity fallback to $USER will occur with a one-time warning. - Review the code if you need stricter guarantees: SQL is parameterized and DB access patterns look race-aware; there are no obvious network calls to external services or obfuscated code. If you require tighter isolation, run inside a container or VM and use a temp DB. If you want, I can extract the full list of CLI commands or point out exact lines where the dashboard writes the token and binds to the network so you can audit or modify them before use.