ClawHub

Agent Dashboard Sync

v0.1.0

Sync OpenClaw fleet runtime/heartbeat/cron status to Cloudflare KV and serve dashboard-ready data via Worker API. Use when setting up or operating the Agent...

0· 256·1 current·1 all-time
byReed@reed1898
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (sync fleet runtime/heartbeat/cron to Cloudflare KV and provide a Worker API) align with the instructions (deploy Worker, create KV, set secrets, run a collector via cron that POSTs to a Worker endpoint). However the skill metadata declares no required env vars/credentials while the runtime docs clearly require several tokens (INGEST_TOKEN, READ_TOKEN, REPORT_TOKEN, DASHBOARD_READ_TOKEN) and AGENT_ID on nodes — a transparency mismatch.
!
Instruction Scope
SKILL.md + references specify running a node-side collector via an npm script (collectors/openclaw-state-collector collect) on a cron schedule and posting telemetry to a Worker. The repository does not include the collector code here, so there is no way to verify the collector only sends the minimal telemetry described. The docs forbid LLM calls and PII/secret leakage, but those are policy statements you must verify by reviewing the actual collector implementation before trusting it in production.
Install Mechanism
Instruction-only skill with no install spec and no downloaded artifacts. This minimizes installation-side risk; nothing will be written or executed by the platform beyond following the textual operational steps. The higher risk is absent code to audit outside the skill bundle.
Credentials
The required secrets (INGEST_TOKEN, READ_TOKEN, REPORT_TOKEN, DASHBOARD_READ_TOKEN) and AGENT_ID are appropriate for the stated Cloudflare Worker + collector architecture. But the skill metadata lists no required env vars or primary credential — the docs expect secrets and per-node envs that should have been declared. Lack of declared required env vars reduces visibility and increases the chance of accidental misconfiguration or secret misuse.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent platform privileges or claim to modify other skills or global agent settings. No autonomously forced inclusion is present.
What to consider before installing
This skill conceptually fits its description, but you should not install or deploy it without doing the following first: - Obtain and review the collector code (collectors/openclaw-state-collector) that the cron runs. Confirm it only collects the minimal telemetry described and does not read or send files, shell history, chat content, or credentials. - Ensure the Worker is deployed to an account you control; verify the wrangler.json bindings and that KV namespace IDs map to your resources. - Create least-privilege tokens for INGEST_TOKEN/READ_TOKEN and verify Worker enforces Bearer auth, rate limits, and schema validation as documented. - Add automated secret scans to your CI and verify example snippets use placeholders (they do in these docs). Rotate secrets if anything is exposed. - Test in an isolated staging environment (with synthetic agent IDs) to confirm payload contents, ring-buffer size, and that no PII or command outputs are transmitted. Because the runtime behaviour of the collector is not included here, you should treat this skill as untrusted until you can audit the collector implementation. If you cannot review that code, do not deploy in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk9769b0pq8y7nhj4hm6510228x82fwfa
256downloads
0stars
1versions
Updated 1mo ago
v0.1.0
MIT-0
Reed@reed1898
latest
Download

Agent Dashboard Sync

Operate dashboard data sync as a no-LLM pipeline.

Hard Rules

  1. Keep high-frequency state out of Git commits.
  2. Use Cloudflare Worker + KV for runtime sync.
  3. Run collector from local cron (*/2 * * * *) and do not call LLM in collector path.
  4. Never commit or print production tokens/secrets in files, logs, or screenshots.
  5. Do not publish absolute paths in skill docs; use relative paths or placeholders (<PROJECTS_ROOT>, <SHARED_ROOT>).

Scope Boundary

  • This skill owns: collector, Worker ingest/read API, KV schema, cron deployment, dashboard data source wiring.
  • This skill does not own: cross-agent protocol, constitution governance, Discord routing rules.

KV Data Contract (v1)

  • fleet:registry
  • fleet:heartbeat:<agent_id>
  • fleet:cron:<agent_id>
  • fleet:runtime:<agent_id>
  • fleet:events:recent
  • fleet:updated_at

See references/schema.md for payload shape.

Minimal Rollout

  1. Deploy Worker + KV namespace.
  2. Configure dashboard env to cloudflare mode.
  3. Install collector cron on each node with unique AGENT_ID.
  4. Verify /health, then /fleet, then dashboard UI.

Security Checklist

  • Store INGEST_TOKEN and READ_TOKEN as worker secrets.
  • Keep dashboard read token server-side (DASHBOARD_READ_TOKEN), never client-exposed.
  • Keep NEXT_PUBLIC_* vars non-sensitive only.
  • Redact tokens before sharing commands/logs.

Runbook Links

  • Worker setup and command sequence: references/worker-setup.md
  • Collector and crontab setup: references/collector-cron.md
  • Env variable matrix: references/env-matrix.md
  • Data schema reference: references/schema.md
  • Security policy for all agents: references/security-rules.md

Comments

Loading comments...