WebClaw

WarnAudited by ClawScan on May 10, 2026.

Overview

WebClaw appears purpose-aligned as a web dashboard, but installing it fetches unreviewed remote code and makes privileged, persistent web-server changes, so it needs careful review before use.

Use this only if you want a persistent web dashboard on a Linux host. Before installing, review the GitHub release and dependencies it fetches, back up nginx/systemd configuration, prefer a dedicated VM or container, and restrict WebClaw administration to trusted users.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

A changed or compromised GitHub tag, dependency, or fetched template could affect a privileged dashboard service on the user's host.

Why it was flagged

The packaged manifest does not include the api/, web/, or templates/ application source, so installation fetches and builds the real app plus dependencies from remote sources before starting it.

Skill content

git clone --depth 1 --branch "$RELEASE_TAG" "$REPO_URL" "$TEMP_CLONE" ... rsync -a --ignore-existing "$TEMP_CLONE/" "$INSTALL_DIR/" ... "$INSTALL_DIR/.venv/bin/pip" install --quiet -r "$INSTALL_DIR/api/requirements.txt" ... npm install

Recommendation

Review the exact Git commit/tag and dependency lockfiles before installation, or require the full application source and checksums to be included in the skill package.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

Installation can change or disrupt an existing web server and leave new services running on the machine.

Why it was flagged

The installer writes privileged nginx/systemd files, removes the default nginx site, and enables services without showing a backup or rollback path.

Skill content

sudo cp "$TEMP_CONF" /etc/nginx/sites-enabled/webclaw ... sudo rm -f /etc/nginx/sites-enabled/default ... sudo systemctl enable webclaw-api webclaw-web

Recommendation

Install only on a dedicated host or container, back up nginx/systemd configuration first, and review generated templates before granting sudo.

Low

#ASI03: Identity and Privilege Abuse

What this means

Anyone allowed to invoke this skill can affect who can access the web dashboard and can force users to re-login.

Why it was flagged

These are expected web-dashboard administration actions, but they directly manage user accounts, passwords, and active login sessions.

Skill content

`create-user`, `reset-password`, `disable-user`, `list-sessions`, `clear-sessions`

Recommendation

Restrict invocation to trusted administrators and verify RBAC settings after setup.

Info

#ASI10: Rogue Agents

What this means

The skill may perform routine maintenance without a fresh user prompt each time.

Why it was flagged

The skill declares an ongoing scheduled maintenance action. This persistence is disclosed and aligned with certificate/session maintenance.

Skill content

cron: ... expression: "0 2 * * *" ... description: "Clean expired sessions and check SSL cert renewal" ... announce: false

Recommendation

Confirm the cron behavior is desired and disable it if you do not want unattended maintenance.