v1.1.0

Activity Control Ui

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:36 AM.

Analysis

The dashboard is purpose-aligned, but its local web server lacks safe file-path and access controls, so it could expose agent activity and local files if run.

GuidanceReview carefully before installing. If you use it, run it only on a trusted machine, do not expose port 8080 to a network, and prefer a fixed version that binds to localhost, adds access control, and restricts file serving to the dashboard assets.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

scripts/start-server.js

let filePath = req.url; ... const fullPath = path.join(skillDir, filePath); ... fs.readFile(fullPath, (err, data) => {

The HTTP request URL is joined directly into a filesystem path and read without an allowlist or check that the result stays inside the skill directory.

User impactA crafted request could potentially read files outside the dashboard assets using path traversal.

RecommendationNormalize and decode paths, reject '..' traversal, and verify the final path remains under an explicit static-assets directory before reading any file.

Unexpected Code Execution

SeverityMediumConfidenceHighStatusConcern

scripts/start-server.js

module.exports = { broadcastStatus, broadcastActivity, broadcastTasks }; ... server.listen(port, () => { console.log(`Activity Control UI running at http://localhost:${port}`); });

The module both exports broadcast functions and starts the HTTP/WebSocket server at top level, so importing it for helper use can also start a listener.

User impactA command meant only to broadcast an activity may unexpectedly start or keep open the web server.

RecommendationMove server startup behind `if (require.main === module)` and make the broadcast helper connect to an already running server or use a clearly scoped IPC/API mechanism.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

package-lock.json

"dependencies": { "ws": "^8.20.0" } ... "resolved": "https://registry.npmmirror.com/ws/-/ws-8.20.0.tgz"

The WebSocket dependency is expected for this dashboard, but installation depends on an external npm mirror and is not represented in the registry install requirements.

User impactUsers need to trust the npm dependency source used during setup.

RecommendationInstall from a trusted registry, keep the lockfile integrity checks, and declare Node/npm requirements in the skill metadata.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

scripts/start-server.js

const wss = new WebSocketServer({ server }); ... ws.send(JSON.stringify({ type: 'status', ...currentStatus })); ... activityHistory.forEach(activity => { ws.send(...); }); ... server.listen(port, () => {

Any WebSocket client reaching the server receives status, task, and activity history, and the listener does not show authentication, origin checks, or an explicit localhost-only bind.

User impactOther local or network-accessible clients could view agent status, task names, or activity messages that may contain sensitive project context.

RecommendationBind to 127.0.0.1 by default, add a local access token or authentication, validate WebSocket origins/paths, and avoid exposing sensitive task text unnecessarily.