Canvas
PassAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is coherent for displaying and controlling HTML on connected OpenClaw nodes, but users should notice its remote canvas controls, JavaScript eval, network-hosted files, and live reload behavior.
This skill appears benign and coherent for showing HTML on connected devices. Before using it, confirm which node you are targeting, keep the canvas directory free of private files, use trusted URLs and JavaScript, and hide the canvas or disable live reload when you no longer want connected nodes to update.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using the skill could display or change content on a connected device and capture a screenshot of the canvas view.
The skill exposes remote actions that affect a connected node's canvas. This is the stated purpose, but users should be aware that it can change what a node displays and capture the canvas contents.
| `present` | Show canvas with optional target URL | ... | `navigate` | Navigate to a new URL | ... | `snapshot` | Capture screenshot of canvas |
Use it only with intended nodes and trusted URLs, and avoid showing sensitive information in the canvas unless snapshot behavior is acceptable.
JavaScript run through this action can alter the page shown in the connected node's canvas.
The skill documents a JavaScript eval action inside the canvas WebView. This is purpose-aligned for interactive HTML control, but it is still code execution within the rendered page context.
| `eval` | Execute JavaScript in the canvas |
Run eval only against trusted canvas content and confirm the intended node and page before executing scripts.
Files placed in the canvas root may be made available to connected nodes through the chosen bind mode.
The canvas host can serve files from the configured root directory over local network or Tailscale addresses so connected nodes can load them. This data flow is disclosed and aligned with the skill's purpose.
Serves static HTML/CSS/JS files from `canvasHost.root` directory ... `lan` ... LAN IP address ... `tailnet` ... Tailscale hostname ... `auto` ... Tailscale > LAN > loopback
Keep the canvas root limited to files intended for display and choose loopback, LAN, or Tailscale binding according to the desired exposure.
A mistaken or unwanted file change in the canvas root could immediately update what connected nodes display.
Live reload can propagate local file changes to connected canvases automatically. This is useful for development and is disclosed, but users should notice the automatic update behavior.
When `liveReload: true` (default), the canvas host ... Automatically reloads connected canvases when files change
Disable live reload or hide the canvas when working with unfinished or sensitive content.