Clawctl
ReviewAudited by ClawScan on May 10, 2026.
Overview
Clawctl mostly does what it says, but its shared agent task queue and LAN-exposed dashboard can change what agents work on, so it should be reviewed before use.
Install only if you want a trusted shared coordination database for your agents. Keep the database and dashboard token private, prefer localhost-only dashboard access, verify the clawctl binary/package source, and avoid letting untrusted agents or users add tasks or messages.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A leaked or shared dashboard link could let someone mark work complete or cancel/delete tasks for the agent fleet.
The dashboard can force-complete tasks and is served on all interfaces, so anyone who obtains the dashboard token can mutate fleet task state over the network.
db.complete_task(conn, task_id, agent, note, force=True) ... app.run(host="0.0.0.0", port=args.port, threaded=True)
Run the dashboard only on localhost unless LAN access is required, protect the token, and consider disabling force-complete/delete actions or adding per-agent authorization.
If the CDN script or connection were compromised, it could potentially read dashboard data or the URL token from the page.
The dashboard loads executable JavaScript from an external CDN without pinning or integrity controls; that script runs in the same page that uses the dashboard token and views fleet data.
<script src="https://cdn.tailwindcss.com"></script>
Bundle or pin dashboard assets locally, add subresource integrity where possible, and avoid placing long-lived tokens in URLs.
Actions in the shared task system can be attributed to arbitrary agent names, weakening auditability and allowing impersonation within the fleet if access is shared.
Dashboard mutation endpoints accept the acting agent name from request JSON rather than verifying an authenticated agent identity.
agent = data.get("agent", "dashboard")Treat the database and dashboard token as trusted-fleet-only, and add authenticated agent identities or fixed server-side attribution for dashboard actions.
Stale, mistaken, or untrusted task/message content may influence later agent behavior.
The skill persists tasks, messages, and activity history in a shared SQLite database that agents are instructed to consult across sessions.
CREATE TABLE IF NOT EXISTS tasks ... CREATE TABLE IF NOT EXISTS messages ... CREATE TABLE IF NOT EXISTS activity
Use this only with trusted agents and periodically review or clean the shared task/message database.
If the shared queue contains untrusted or inappropriate tasks, agents may treat them as work to perform.
The skill intentionally makes shared messages and queued tasks part of the agent's work-selection loop.
Follow this pattern every session: ... `clawctl inbox --unread` ... `clawctl next` ... `clawctl claim <id>` then `clawctl start <id>`
Keep task sources trusted, review tasks before broad automation, and avoid letting untrusted parties write to the shared database.