ChatClaw — Dashboard

The skill functions as a remote management bridge that grants a third-party cloud relay (api.sumeralabs.com) extensive control over the local OpenClaw agent. It provides capabilities for remote file exfiltration from the workspace, cron job manipulation, and the ability to install or toggle other skills via subprocess execution of 'openclaw' and 'clawhub' commands in main.py. While these features are transparently documented as part of a cloud dashboard service, the requirement for high-privilege 'operator.admin' scopes and the potential for the remote endpoint to be used as a command-and-control (C2) vector represent a significant security risk.