v1.0.0

Pixel Office

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:35 AM.

Analysis

This skill is presented as a pixel-office UI, but its artifacts direct the agent to download, update, install, and run an unreviewed OpenClaw dashboard that can read local OpenClaw configuration and session data.

GuidanceOnly install this if you trust the remote GitHub project and are comfortable with it reading OpenClaw config/session data, installing npm dependencies, starting a background server, and stopping anything on port 3000. Prefer reviewing and pinning the remote code first, running it in an isolated environment, and protecting any LAN-accessible dashboard URL.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

README.md

# OpenClaw Bot Dashboard Skill

🚀 Launch and manage the OpenClaw Dashboard web UI for monitoring all your bots, agents, models, and sessions.

This describes a full monitoring dashboard, which is materially broader than the Pixel Office name and pixel-art-only description shown to users.

User impactA user may believe they are only opening a visual pixel-office feature while actually launching a broader dashboard over local agent data.

RecommendationPresent the skill as an OpenClaw dashboard, not only Pixel Office, and clearly disclose the dashboard scope before any setup or launch actions.

Agentic Supply Chain Vulnerabilities

SeverityHighConfidenceHighStatusConcern

SKILL.md

git clone https://github.com/xmanrui/OpenClaw-bot-review.git ... curl -L https://github.com/xmanrui/OpenClaw-bot-review/archive/refs/heads/main.zip ... npm install

The skill fetches a mutable GitHub branch and installs dependencies at runtime, while the reviewed artifact set contains no code for that downloaded project.

User impactCode or dependencies changed in the remote repository could run on the user's machine the next time the skill is invoked.

RecommendationPin the download to a reviewed commit or release, include provenance and lockfiles, and let users inspect the repository and package scripts before installing.

Unexpected Code Execution

SeverityHighConfidenceHighStatusConcern

SKILL.md

cd ~/projects/OpenClaw-bot-review
npm run dev > /dev/null 2>&1 &

The workflow runs the downloaded Node project as a background development server, with output suppressed and no reviewed local code in the skill package.

User impactThe skill can execute downloaded project code under the user's account and leave a server running after the initial request.

RecommendationRequire explicit user confirmation before running downloaded code, show the package scripts being executed, and provide a clear stop command and lifecycle boundary.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

lsof -ti:3000 | xargs kill -9 2>/dev/null ... Get-Process -Id (Get-NetTCPConnection -LocalPort 3000).OwningProcess | Stop-Process -Force

The commands terminate whatever process is using port 3000, without verifying that it belongs to this skill or prompting the user about the specific process.

User impactThe skill could unexpectedly stop an unrelated local service or development server running on port 3000.

RecommendationTrack the dashboard process ID, use a dedicated port, and ask the user before terminating any process not known to have been started by this skill.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

SKILL.md

- OpenClaw config at `~/.openclaw/openclaw.json` (or `%USERPROFILE%\.openclaw\openclaw.json` on Windows)

The skill requires access to local OpenClaw configuration, but the registry metadata declares no required config paths and the pixel-office description does not make this privilege clear.

User impactThe launched dashboard may access local OpenClaw account, bot, model, or workspace configuration that the user did not expect a pixel-office skill to read.

RecommendationDeclare the required config path in metadata and explain exactly which OpenClaw configuration fields are read and why.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

README.md

- 💬 **Session Management** - Browse all sessions with token usage
- 🧩 **Skill Inventory** - View all installed skills
- **Live Config** - Reads directly from OpenClaw config, no database needed

The dashboard is documented as reading persistent session and configuration context, but the skill does not clearly bound which sessions or skill data are exposed.

User impactPrivate agent/session information and local skill inventory details may become visible through the dashboard.

RecommendationLimit the data read to what Pixel Office needs, disclose session/config access prominently, and add access controls or local-only protections for the dashboard.