Crabwalk
WarnAudited by ClawScan on May 10, 2026.
Overview
Crabwalk appears purpose-aligned as a monitor, but it installs an unreviewed remote executable and can expose OpenClaw tokens, agent activity, and workspace files over a network link.
Install only if you trust the Crabwalk GitHub release and are comfortable giving it access to your OpenClaw gateway token and workspace data. Prefer pinning/verifying the release, running it on localhost or behind a firewall/VPN, confirming authentication is enabled, and stopping the daemon when finished.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing this could run code from a changing remote release that was not included in the reviewed artifact set.
The required install dynamically resolves the latest remote release, extracts it, places an executable on PATH, and may run privileged package installation, while no code files or install spec are provided for review.
VERSION=$(curl -s https://api.github.com/repos/luccast/crabwalk/releases/latest ... curl -sL "https://github.com/luccast/crabwalk/releases/download/${VERSION}/crabwalk-${VERSION}.tar.gz" | tar -xz -C ~/.crabwalk && cp ~/.crabwalk/bin/crabwalk ~/.local/bin/ && chmod +x ~/.local/bin/crabwalk ... sudo apt install -y qrencodeVerify the GitHub repository and release, prefer a pinned version with checksums, avoid running the one-line installer blindly, and approve any sudo/package-manager actions explicitly.
The monitor may gain access to OpenClaw gateway capabilities or session data tied to the user's local token.
The skill uses a local OpenClaw gateway token from the user's config, but the registry declares no credential or config-path requirement and the artifacts do not bound what gateway authority is used.
-t, --token <token> Gateway auth token (auto-detects from ~/.openclaw/openclaw.json) ... - Auto-detects gateway token from OpenClaw config
Only run it if you trust the downloaded binary, confirm what the gateway token permits, and prefer a limited token or read-only monitor permissions if available.
Anyone who can reach the shared address may be able to view agent activity or workspace content if the server lacks adequate access controls.
The documented default binds to all interfaces and encourages sharing a LAN URL while exposing agent activity and a workspace file browser; the artifacts do not describe authentication, authorization, or file-scope limits.
crabwalk # Start server (0.0.0.0:3000) ... Share the `http://192.x.x.x:3000` (network IP) link with your human, not localhost ... - `/monitor` — Real-time agent activity graph - `/workspace` — File browser and markdown viewer
Bind to localhost or a trusted interface unless remote access is needed, use firewall/VPN controls, verify the monitor has authentication, and avoid sharing the URL on untrusted networks.
The monitor can keep running after the initial setup and continue serving data until stopped.
The background daemon behavior is disclosed and includes stop/status commands, but it is persistent behavior users should be aware of for a network monitor.
crabwalk start --daemon # Run in background crabwalk stop # Stop background server crabwalk status # Check if running
Use daemon mode only when needed, check status after use, and run `crabwalk stop` when monitoring is no longer required.