WebClaw
v2.1.3Web dashboard for OpenClaw. Browser-based UI for any installed skill. Schema-driven rendering, JWT auth, RBAC, AI chat, real-time updates. Install web dashbo...
⭐ 0· 865·4 current·4 all-time
byNikhil Jathar@mailnike
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (web dashboard, JWT, RBAC, SSL) match the code and scripts: install.sh, db_query.py, and check_deps.sh all implement installing a web app, building frontend/backend, configuring nginx, systemd, and SSL. Required binaries (python3, node, npm, nginx, certbot, git, sudo) are reasonable and expected for this functionality.
Instruction Scope
SKILL.md and scripts instruct the agent to clone the project from GitHub, create a venv, pip/npm install and build, initialize a local SQLite DB, write nginx configs, and create systemd services. These steps read/write system paths (e.g., /etc/nginx, /etc/systemd, ~/.openclaw/webclaw) and run commands via sudo — expected for an installer, but they grant the skill the ability to modify system network and service configuration. The db init path may execute an init_webclaw_db.py module from the cloned source (importlib.exec_module), so code pulled from GitHub runs during initialization; this is coherent but worth reviewing before install.
Install Mechanism
This is an instruction-only skill (no formal install spec), but scripts perform network operations: git clone from GitHub (pinned tag v2.1.0), pip install (requirements.txt), and npm build. Using GitHub releases/tag is reasonable and traceable; no obscure download URLs or extract-from-arbitrary-URL patterns were observed. The script runs system-level changes (nginx/sites-enabled, /etc/ssl, systemd) which is expected for a web-service installer.
Credentials
No required environment variables or credentials are declared; only an optional WEBCLAW_DOMAIN is referenced. The binary and privilege requirements (sudo, certbot) align with the need to manage TLS and system services. No unrelated cloud credentials or secrets are requested.
Persistence & Privilege
The installer creates persistent systemd services and nginx configs and writes a local SQLite DB — behavior consistent with installing a long-running web dashboard. always:false (not force-installed) and normal model invocation mean the skill is not automatically forced into every agent run. However, the skill requires sudo during install and uses sudo in runtime actions (certbot, nginx reload, systemctl), so installing or invoking its actions will perform privileged changes.
Assessment
This skill appears to do what it says: install and manage a local web dashboard. Before installing, consider: 1) It requires sudo and will modify /etc/nginx, systemd services, and create files under your home directory — run on a server or VM you control, not a sensitive host. 2) The installer clones and executes code from GitHub at tag v2.1.0 (pip/npm install and an optional init_webclaw_db.py imported at runtime) — verify the GitHub repo and release tag if you need stronger assurance. 3) The skill will run certbot and expects a domain pointing to the server for Let's Encrypt; otherwise it installs a self-signed cert. 4) No external API keys or secrets are requested by the skill, but its actions run privileged system commands via sudo; review templates (nginx/systemd) and init scripts if you require stricter auditing. Recommended: test installation in an isolated environment (VM/container), inspect the referenced release tag on GitHub, and back up any existing nginx/systemd configs before proceeding.Like a lobster shell, security has layers — review code before you run it.
latestvk976k7d5d5ktwpjf1wn9avqvhs82nyav
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
OSLinux
Binspython3, node, npm, nginx, certbot, git, sudo