OpenClaw Dashboard Screenshot

The skill's declared purpose (start a local dashboard, capture a screenshot, and send it) matches its instructions, but it instructs the agent to run a local repo's dev server in the background and to send screenshots to a hard-coded QQBot target — both of which carry meaningful safety/privacy risks and deserve user review before installation.

This skill will start a local dev server from ~/.openclaw/OpenClaw-bot-review, open a browser to localhost:3000, take a full-page screenshot, and send it to a QQBot channel (a hard-coded target ID is present). Before installing/using, verify: 1) the repository ~/.openclaw/OpenClaw-bot-review and its package.json/dev script are trusted (running 'npm run dev' runs arbitrary code); 2) the QQBot destination is intended and allowed to receive potentially sensitive screenshots; 3) the dashboard UI does not display secrets or API keys you don't want sent — if it does, remove/obfuscate them or restrict the screenshot area; 4) plan how to stop/clean up the background dev server after use. If you are unsure, run the dev server in a sandbox/container and inspect the code and the dev script before allowing the skill to execute it. If you can, change the destination target or require explicit user confirmation before sending any images externally.