ChatClaw — Dashboard
WarnAudited by ClawScan on May 18, 2026.
Overview
ChatClaw is a transparent remote-dashboard bridge, but it gives the cloud connection persistent power to read workspace files and change or reinstall local skills using broad OpenClaw operator credentials.
Install only if you trust SumeraLabs/ChatClaw, the cloud dashboard, and anyone with access to the API key. Treat it as granting persistent remote access to chat with your agent, view workspace files on request, and manage or reinstall local skills; disable it when not needed and review logs for unexpected actions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can control the ChatClaw relay session or API key could change which local skills run or force reinstall them, affecting future agent behavior.
Cloud-triggered skill management can persistently alter the local agent/skill set. The artifacts mention API-key auth and logging, but do not show local confirmation, skill allowlisting, version pinning, or rollback for reinstall.
Enable/disable skill ... Runs `openclaw config set skills.entries.<name>.enabled true/false`; ... Reinstall skill ... Runs `clawhub install <name> --force`; replaces skill files from ClawHub registry
Only enable this if you trust the ChatClaw dashboard, relay, and API-key controls. Prefer per-action local approval, an allowlist of manageable skills, and pinned versions for reinstall actions.
If abused, the bridge has local operator-level access rather than a narrow chat-only permission.
The skill uses the local OpenClaw operator token/device identity and requests broad operator permissions. The prose explains operator admin/approvals/pairing, but the code also includes read/write scopes.
DEVICE_AUTH_PATH = OPENCLAW_DATA_DIR / "identity" / "device-auth.json" SCOPES = ["operator.admin", "operator.approvals", "operator.pairing", "operator.read", "operator.write"]
Use a least-privilege gateway mode if one becomes available, disclose the exact scopes requested, and protect the local OpenClaw identity files and ChatClaw API key.
Dashboard users and the ChatClaw cloud service can receive agent chat output and any workspace files requested through the dashboard.
Chat content and requested workspace file contents leave the local machine through the ChatClaw cloud relay. This matches the dashboard purpose and is disclosed, but it is sensitive data sharing.
Messages flow bidirectionally in real time... each token of the agent's response is relayed back to the dashboard... File read ... returns content of a named workspace file
Use this only for workspaces whose contents you are comfortable exposing to the ChatClaw cloud/dashboard, and rotate the API key if it may have been shared.
The remote dashboard connection remains available after setup until the skill is disabled.
The skill is designed to maintain a long-running cloud connection. This is disclosed and purpose-aligned, but it extends the time window in which the remote dashboard can act.
ChatClaw is a persistent background bridge... Once installed and enabled, it runs automatically with OpenClaw... auto-starts with OpenClaw on every subsequent boot.
Disable the skill when remote dashboard access is not needed, and monitor its logs for unexpected file or skill-management requests.