ChatClaw — Dashboard

Connect your OpenClaw bot to the ChatClaw cloud dashboard for real-time remote chat, token tracking, and task management

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 1 · 129 · 0 current installs · 0 all-time installs

by@sumeralabs

MIT-0

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

The name/description (cloud dashboard, remote chat, token tracking) match the code: the relay opens an outbound cloud WebSocket and authenticates to the local OpenClaw gateway, streams chat via the local /v1/chat/completions endpoint, and reads sessions.json for token counts. Required binaries (python3) and Python deps are appropriate for the task. The skill needs access to OpenClaw identity and gateway auth token in order to perform the Ed25519 handshake and post SSE chat requests — this is consistent with a remote dashboard broker.

ℹ

Instruction Scope

SKILL.md and code explicitly instruct reading/writing openclaw.json (to enable chatCompletions), reading identity files (device.json, device-auth.json) for private keys and operator token, and reading sessions.json for token counts. Those behaviors are in-scope for a persistent relay, but they mean the skill will read private identity material and local session state and will forward chat content to api.sumeralabs.com. The README and SKILL.md mention these actions, so they are not hidden, but users should understand the data flow (local private keys used only for gateway auth; chat content and token counts are relayed to the cloud).

ℹ

Install Mechanism

There is no registry install script; the package includes Python source and a requirements.txt listing standard PyPI libs (websockets, aiohttp, cryptography). This is a typical, moderate-risk install path (pip installation required). The SKILL.md contains an odd 'install: uv' metadata field — likely a minor typo — but otherwise there are no downloads from untrusted URLs or archive extraction steps.

ℹ

Credentials

The declared primary credential is CHATCLAW_API_KEY (expected). The skill also reads OpenClaw local files: openclaw.json gateway.auth.token, device identity files (private/public keys and operator token), and sessions.json. Those local artifacts are sensitive (private keys, operator token) but are required for authenticating to the local gateway and correlating sessions; their use is justified by the skill's purpose. Registry metadata lists gateway.http.endpoints.chatCompletions and gateway.auth.token but does not explicitly list the identity file paths — SKILL.md and code do document identity usage, so this is an inconsistency in metadata completeness rather than a covert access request.

✓

Persistence & Privilege

always:false (default) — the skill is not force-included. It patches openclaw.json to enable the chatCompletions endpoint on enable and reverts on disable; this change is within the skill's scope. The skill auto-starting with OpenClaw and running a persistent outbound relay is expected behavior for a dashboard bridge. It does not attempt to modify other skills or system-wide settings beyond the described openclaw.json patch.

Assessment

This skill appears to do what it claims, but installing it grants it access to sensitive local OpenClaw artifacts and forwards chat content to a cloud relay. Before installing: 1) Confirm you trust chatclaw.com / sumeralabs.com and review their privacy/security policy (all chat messages, token counts, and task IDs will be sent to the relay). 2) Understand it will read your OpenClaw identity private key and operator token (device.json/device-auth.json) to authenticate to the gateway — rotate keys if necessary and only install if you accept that. 3) The skill will patch openclaw.json to enable the /v1/chat/completions endpoint and auto-start on enable; check the change and ensure you are comfortable with automatic edits. 4) If you prefer more control, consider self-hosting by setting CHATCLAW_CLOUD_URL to a trusted relay, review the source files (they are included), and run the skill in an isolated environment first. 5) Note minor metadata inconsistencies (identity file paths not declared in registry metadata; a small 'install: uv' typo), which are likely documentation issues but worth verifying. If you need higher assurance, request an official release signed by the vendor or run the code in a sandboxed instance before enabling against a production agent.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.2.9

Download zip

bridge dashboard cloud remote websocketvk97cvjsmhe3zv7c77ay4d7gxxx834kvklatestvk9732bc1sp64xfptkmaewttmxs83hphx

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

OSmacOS · Linux

Binspython3

EnvCHATCLAW_API_KEY

Configgateway.http.endpoints.chatCompletions, gateway.auth.token

Primary envCHATCLAW_API_KEY

SKILL.md

ChatClaw

ChatClaw is a persistent background bridge that connects your local OpenClaw agent to the ChatClaw cloud dashboard. Once installed and enabled, it runs automatically with OpenClaw and allows you to chat with your agent, monitor token usage, and manage tasks from any browser or mobile device — without exposing any ports or configuring a firewall.

What it does

Transparency note: The cloud relay endpoint (api.sumeralabs.com) is operated by SumeraLabs, the company behind ChatClaw. chatclaw.com is the product domain; sumeralabs.com is the infrastructure domain. Both are owned and operated by the same team.

ChatClaw opens two connections when enabled:

Cloud relay — an outbound WebSocket to wss://api.sumeralabs.com/ws/agent/{api_key}. This is how your dashboard communicates with the skill. It is a purely outbound connection and requires no inbound port forwarding.
Local gateway — a WebSocket connection to ws://localhost:18789 for Ed25519 authentication only, plus HTTP SSE calls to http://localhost:18789/v1/chat/completions for all chat traffic. The HTTP endpoint is auto-enabled in openclaw.json on first start.

Messages flow bidirectionally in real time. User messages sent from the dashboard are forwarded to the OpenClaw agent via HTTP SSE streaming. Each token of the agent's response is relayed back to the dashboard as it is generated, producing a live typewriter effect.

Architecture

ChatClaw Dashboard (browser / mobile)
        ↕  wss://api.sumeralabs.com
  ChatClaw Cloud Relay (FastAPI)
        ↕  wss://api.sumeralabs.com/ws/agent/{api_key}
  ChatClaw Skill  ←── this package
        ↕  ws://localhost:18789 (auth handshake, Ed25519)
        ↕  http://localhost:18789/v1/chat/completions (SSE streaming)
  OpenClaw Gateway
        ↕
  OpenClaw Agent (LLM)

Requirements

OpenClaw v2026.1.0 or later
Python 3.10 or later
python3 available on PATH
Packages: websockets>=12.0, cryptography>=41.0, aiohttp>=3.9
A ChatClaw API key from app.chatclaw.com

Installation

Via OpenClaw Control UI (recommended)

Open the Control UI at http://localhost:18789
Go to Skills → Marketplace
Search for ChatClaw
Click Install, enter your API key, click Enable

Note: On first enable, the skill automatically sets gateway.http.endpoints.chatCompletions.enabled = true in your openclaw.json. If the skill made that change, disabling it will revert it automatically. If chatCompletions was already enabled before install, the skill leaves your config unchanged on disable.

The skill starts immediately and auto-starts with OpenClaw on every subsequent boot.

Via OpenClaw CLI

npx clawhub install chatclaw
openclaw skills enable chatclaw
openclaw skills logs chatclaw

Before enabling, add your API key to openclaw.json under skills.entries.chatclaw.config:

"skills": {
  "entries": {
    "chatclaw": {
      "enabled": true,
      "config": {
        "api_key": "ck_your_key_here",
        "cloud_url": "wss://api.sumeralabs.com"
      }
    }
  }
}

Agent-assisted setup

Your OpenClaw agent can install and configure ChatClaw for you without any manual steps.

Get the one-click setup prompt from app.chatclaw.com/setup — it includes your API key pre-filled and full instructions to paste directly into chat.

Configuration

Key	Required	Default	Description
`api_key`	Yes	—	ChatClaw API key from app.chatclaw.com
`cloud_url`	No	`wss://api.sumeralabs.com`	WebSocket relay URL (leave default unless self-hosting)

Environment variables

Variable	Description
`OPENCLAW_DATA_DIR`	Override the OpenClaw data directory. Defaults to `/data/.openclaw` on Docker/VPS or `~/.openclaw` on standard installs.
`CHATCLAW_CLOUD_URL`	Override the cloud relay URL. Defaults to `wss://api.sumeralabs.com`. Leave unset unless self-hosting the relay.

Lifecycle hooks

Hook	Behaviour
`on_enable`	Patches `openclaw.json` to enable the `/v1/chat/completions` endpoint, then starts the cloud ↔ gateway relay loop
`on_disable`	Closes both WebSocket connections, stops the relay loop, and reverts the `chatCompletions` patch in `openclaw.json` if the skill was the one that enabled it

Reconnection behaviour

Both the cloud relay and the local gateway implement automatic reconnection with exponential backoff (5 s → 10 s → 20 s … up to 60 s). The skill never exits on a connection drop.

Verify it is working

openclaw skills logs chatclaw

Expected output:

Connected to cloud relay ✓
Gateway authenticated ✓
Both connections established — relaying messages ✓

Troubleshooting

Symptom	Cause	Fix
`Cloud connection failed`	Wrong API key or relay unreachable	Verify key at app.chatclaw.com; check network connectivity
`OpenClaw identity files not found`	OpenClaw not initialised or non-default install path	Run `openclaw wizard` or set `OPENCLAW_DATA_DIR`
`Gateway HTTP 403`	`chatCompletions` endpoint not enabled	Restart skill — `on_enable` auto-patches `openclaw.json`
`Gateway auth rejected`	Operator token expired	Re-pair device via `openclaw devices approve`
Streaming works but token count shows 0	`sessions.json` not yet written	Send one message first; counts appear after the first completion

File access

This skill reads and writes the following local files:

Path	Access	Purpose
`$OPENCLAW_DATA_DIR/openclaw.json`	Read + Write	Reads gateway auth token; enables `chatCompletions` HTTP endpoint on first start
`$OPENCLAW_DATA_DIR/identity/device.json`	Read	Ed25519 device identity for gateway authentication
`$OPENCLAW_DATA_DIR/identity/device-auth.json`	Read	Operator token for gateway authentication
`$OPENCLAW_DATA_DIR/agents/main/sessions/sessions.json`	Read	Token usage counts (input/output/context) per session

$OPENCLAW_DATA_DIR defaults to /data/.openclaw on Docker/VPS installs and ~/.openclaw on standard installs. It can be overridden via the OPENCLAW_DATA_DIR environment variable. No files outside this directory are accessed.

External connections

This skill makes the following outbound network connections:

wss://api.sumeralabs.com — ChatClaw cloud relay (authentication and message relay)
ws://localhost:18789 — OpenClaw gateway WebSocket (Ed25519 auth handshake only)
http://localhost:18789/v1/chat/completions — OpenClaw gateway HTTP (SSE streaming chat)

No inbound ports are opened. No user data is stored by the skill itself — messages are persisted by the ChatClaw backend (Supabase) for chat history.

License

MIT-0 (No Attribution Required)

Files

6 total

Select a file

Select a file to preview.

Comments

Loading comments…