CLAW Agent 智控驾驶舱
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the port is reachable from outside the machine or container, other users may be able to browse or download files from the workspace.
The frontend server is configured to bind to all network interfaces and serve the whole workspace directory, not just the dashboard assets.
const WORKSPACE = process.env.OPENCLAW_WORKSPACE || process.cwd(); ... args: `-m http.server 8888 --bind 0.0.0.0 --directory ${WORKSPACE}`Serve only a dedicated dashboard directory, bind to 127.0.0.1 by default, and add firewall/authentication before any remote exposure.
Reachable users or web pages could read dashboard data, and network clients could alter local quota tracking or queue cron-change requests.
The dashboard API binds to all interfaces, allows any web origin for reads, and has POST endpoints that update local quota/cron-pending data without authentication.
res.setHeader('Access-Control-Allow-Origin', '*'); ... } else if (urlPath === '/api/quota' && req.method === 'POST') ... } else if (urlPath === '/api/cron-update' && req.method === 'POST') ... server.listen(PORT, '0.0.0.0', ...)Bind the API to localhost, restrict CORS to the dashboard origin, add an access token or other authentication, and validate/limit request bodies.
The dashboard and updater may keep running, consuming resources and updating local JSON files until stopped.
The skill intentionally configures persistent PM2-managed background services. This is purpose-aligned, but users should know it continues running.
name: 'dashboard-updater', script: `${WORKSPACE}/update-agent-data.js`, ... autorestart: true, max_restarts: 50Document and use PM2 stop/delete commands when the dashboard is no longer needed, and avoid exposing the services while they are running.
A background task can observe recent agent-session metadata and write status data on a schedule.
The recommended cron uses the user's primary agent authority to enumerate recent sessions in the background. It is scoped to metadata, but it is still delegated account/session access.
Agent: Your primary agent ID ... Delivery: none (silent background task) ... Call sessions_list (limit=20, messageLimit=0)
Use the least-privileged agent/cron configuration available, keep messageLimit at 0, and review the generated agent-data.json output.
Installing a global package can change the user/system environment and depends on the npm package source being trustworthy.
The setup asks for a global npm package install. That is normal for PM2-based deployment, but it relies on external package provenance and no version is pinned.
npm install -g pm2
Install PM2 from a trusted source, consider pinning a known-good version, and avoid running the install with unnecessary elevated privileges.