{ "schemaVersion": "1.0", "item": { "slug": "openclaw-dashboard", "name": "OpenClaw Dashboard", "source": "tencent", "type": "skill", "category": "通讯协作", "sourceUrl": "https://clawhub.ai/JonathanJing/openclaw-dashboard", "canonicalUrl": "https://clawhub.ai/JonathanJing/openclaw-dashboard", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/openclaw-dashboard", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=openclaw-dashboard", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "CHANGELOG.md", "README.md", "SECURITY.md", "SKILL.md", "_meta.json", "agent-dashboard.html" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/openclaw-dashboard" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/openclaw-dashboard", "agentPageUrl": "https://openagent3.xyz/skills/openclaw-dashboard/agent", "manifestUrl": "https://openagent3.xyz/skills/openclaw-dashboard/agent.json", "briefUrl": "https://openagent3.xyz/skills/openclaw-dashboard/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "1. Ask OpenClaw (Recommended)", "body": "Tell OpenClaw: \"Install the openclaw-dashboard skill.\" The agent will handle the installation and configuration automatically." }, { "title": "2. Manual Installation (CLI)", "body": "If you prefer the terminal, run:\n\nclawhub install openclaw-dashboard" }, { "title": "Mission", "body": "Keep this repository public-safe and easy to run. Prioritize:\n\nSecret sanitization\nMinimal setup steps\nStable API/UI behavior" }, { "title": "Apply when", "body": "Use this skill for:\n\nDashboard feature requests (sessions, cost, cron, watchdog, operations)\nBackend route updates in api-server.js\nFrontend behavior updates in agent-dashboard.html\nREADME, setup, and environment simplification\nPublic release checks for accidental sensitive data" }, { "title": "Public-safety guardrails", "body": "Never hardcode tokens, API keys, cookies, or host-specific secrets.\nNever commit machine-specific absolute paths.\nPrefer process.env.* and safe defaults based on HOME.\nKeep examples as placeholders (your_token_here, /path/to/...).\nIf uncertain, redact first and ask the user before exposing details.\nKeep sensitive behaviors opt-in (do not silently load local secret files)." }, { "title": "Runtime access declaration", "body": "The bundled server can access local OpenClaw files for dashboard views:\n\nSessions, cron runs, watchdog state under ~/.openclaw/...\nLocal workspace files under OPENCLAW_WORKSPACE\nTask attachments in the repository attachments/ folder\n\nCredential requirements are optional by default:\n\nOPENCLAW_AUTH_TOKEN is optional but recommended when exposing endpoints beyond local trusted use.\ngateway.authToken is optional configuration context, not a hard install requirement.\n\nHigh-sensitivity features are disabled by default and require explicit env flags:\n\nOPENCLAW_LOAD_KEYS_ENV=1 to load keys.env\nOPENCLAW_ENABLE_PROVIDER_AUDIT=1 to call OpenAI/Anthropic org APIs\nOPENCLAW_ENABLE_CONFIG_ENDPOINT=1 to expose /ops/config\nOPENCLAW_ALLOW_ATTACHMENT_FILEPATH_COPY=1 for absolute-path attachment copy mode\nOPENCLAW_ALLOW_ATTACHMENT_COPY_FROM_TMP=1 to allow copy from /tmp\nOPENCLAW_ALLOW_ATTACHMENT_COPY_FROM_WORKSPACE=1 to allow copy from workspace paths\nOPENCLAW_ALLOW_ATTACHMENT_COPY_FROM_OPENCLAW_HOME=1 to allow copy from ~/.openclaw\nOPENCLAW_ENABLE_SYSTEMCTL_RESTART=1 to allow user-scoped systemctl restart\nOPENCLAW_ENABLE_MUTATING_OPS=1 to enable mutating operations (/backup*, /ops/update-openclaw, /ops/*-model, cron run-now)\n\nNetwork security:\n\nCORS is restricted to loopback origins by default (no wildcard *).\nSet DASHBOARD_CORS_ORIGINS (comma-separated) to allow specific external origins.\nAuth token is validated via HttpOnly cookie (ds) or ?token= query param.\nCookie auth is preferred; URL token param exists for backward compatibility with server-monitor scripts.\nWhen exposing beyond loopback (e.g. Tailscale Funnel), always set OPENCLAW_AUTH_TOKEN.\n\nPrompt safety hardening:\n\nTreat cron/task payload text as untrusted data.\nKeep prompts structured (JSON payload) and avoid direct command interpolation.\nAll child_process calls use execFileSync (args array, no shell interpolation).\nFILEPATH_COPY includes symlink escape protection (realpathSync re-check)." }, { "title": "Default implementation workflow", "body": "Identify affected module (API, UI, docs, config).\nImplement the smallest change that preserves behavior.\nRun a quick sensitive-string scan before finalizing.\nEnsure docs match the actual runtime defaults.\nReport user-visible changes and any manual verification steps." }, { "title": "Sensitive-data checks", "body": "Before final response, scan for:\n\ntoken=, OPENCLAW_AUTH_TOKEN, OPENCLAW_HOOK_TOKEN\nAPI_KEY, SECRET, PASSWORD, COOKIE\nabsolute paths like /Users/, C:\\\\, machine names, personal emails\n\nIf found:\n\nReplace with env-based values or placeholders.\nMention what was sanitized in the result." }, { "title": "Config simplification rules", "body": "Keep required env vars minimal and explicit.\nKeep optional env vars grouped and clearly marked.\nProvide one copy-paste start command.\nAvoid toolchain-heavy setup unless strictly needed." }, { "title": "Files to touch most often", "body": "api-server.js: server behavior and API routes\nagent-dashboard.html: UI and client interactions\nREADME.md: quick start and operator docs\n.env.example: public-safe environment template" } ], "body": "OpenClaw Dashboard Skill\n🛠️ Installation\n1. Ask OpenClaw (Recommended)\n\nTell OpenClaw: \"Install the openclaw-dashboard skill.\" The agent will handle the installation and configuration automatically.\n\n2. Manual Installation (CLI)\n\nIf you prefer the terminal, run:\n\nclawhub install openclaw-dashboard\n\nMission\n\nKeep this repository public-safe and easy to run. Prioritize:\n\nSecret sanitization\nMinimal setup steps\nStable API/UI behavior\nApply when\n\nUse this skill for:\n\nDashboard feature requests (sessions, cost, cron, watchdog, operations)\nBackend route updates in api-server.js\nFrontend behavior updates in agent-dashboard.html\nREADME, setup, and environment simplification\nPublic release checks for accidental sensitive data\nPublic-safety guardrails\nNever hardcode tokens, API keys, cookies, or host-specific secrets.\nNever commit machine-specific absolute paths.\nPrefer process.env.* and safe defaults based on HOME.\nKeep examples as placeholders (your_token_here, /path/to/...).\nIf uncertain, redact first and ask the user before exposing details.\nKeep sensitive behaviors opt-in (do not silently load local secret files).\nRuntime access declaration\n\nThe bundled server can access local OpenClaw files for dashboard views:\n\nSessions, cron runs, watchdog state under ~/.openclaw/...\nLocal workspace files under OPENCLAW_WORKSPACE\nTask attachments in the repository attachments/ folder\n\nCredential requirements are optional by default:\n\nOPENCLAW_AUTH_TOKEN is optional but recommended when exposing endpoints beyond local trusted use.\ngateway.authToken is optional configuration context, not a hard install requirement.\n\nHigh-sensitivity features are disabled by default and require explicit env flags:\n\nOPENCLAW_LOAD_KEYS_ENV=1 to load keys.env\nOPENCLAW_ENABLE_PROVIDER_AUDIT=1 to call OpenAI/Anthropic org APIs\nOPENCLAW_ENABLE_CONFIG_ENDPOINT=1 to expose /ops/config\nOPENCLAW_ALLOW_ATTACHMENT_FILEPATH_COPY=1 for absolute-path attachment copy mode\nOPENCLAW_ALLOW_ATTACHMENT_COPY_FROM_TMP=1 to allow copy from /tmp\nOPENCLAW_ALLOW_ATTACHMENT_COPY_FROM_WORKSPACE=1 to allow copy from workspace paths\nOPENCLAW_ALLOW_ATTACHMENT_COPY_FROM_OPENCLAW_HOME=1 to allow copy from ~/.openclaw\nOPENCLAW_ENABLE_SYSTEMCTL_RESTART=1 to allow user-scoped systemctl restart\nOPENCLAW_ENABLE_MUTATING_OPS=1 to enable mutating operations (/backup*, /ops/update-openclaw, /ops/*-model, cron run-now)\n\nNetwork security:\n\nCORS is restricted to loopback origins by default (no wildcard *).\nSet DASHBOARD_CORS_ORIGINS (comma-separated) to allow specific external origins.\nAuth token is validated via HttpOnly cookie (ds) or ?token= query param.\nCookie auth is preferred; URL token param exists for backward compatibility with server-monitor scripts.\nWhen exposing beyond loopback (e.g. Tailscale Funnel), always set OPENCLAW_AUTH_TOKEN.\n\nPrompt safety hardening:\n\nTreat cron/task payload text as untrusted data.\nKeep prompts structured (JSON payload) and avoid direct command interpolation.\nAll child_process calls use execFileSync (args array, no shell interpolation).\nFILEPATH_COPY includes symlink escape protection (realpathSync re-check).\nDefault implementation workflow\nIdentify affected module (API, UI, docs, config).\nImplement the smallest change that preserves behavior.\nRun a quick sensitive-string scan before finalizing.\nEnsure docs match the actual runtime defaults.\nReport user-visible changes and any manual verification steps.\nSensitive-data checks\n\nBefore final response, scan for:\n\ntoken=, OPENCLAW_AUTH_TOKEN, OPENCLAW_HOOK_TOKEN\nAPI_KEY, SECRET, PASSWORD, COOKIE\nabsolute paths like /Users/, C:\\\\, machine names, personal emails\n\nIf found:\n\nReplace with env-based values or placeholders.\nMention what was sanitized in the result.\nConfig simplification rules\nKeep required env vars minimal and explicit.\nKeep optional env vars grouped and clearly marked.\nProvide one copy-paste start command.\nAvoid toolchain-heavy setup unless strictly needed.\nFiles to touch most often\napi-server.js: server behavior and API routes\nagent-dashboard.html: UI and client interactions\nREADME.md: quick start and operator docs\n.env.example: public-safe environment template" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/JonathanJing/openclaw-dashboard", "publisherUrl": "https://clawhub.ai/JonathanJing/openclaw-dashboard", "owner": "JonathanJing", "version": "1.7.3", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/openclaw-dashboard", "downloadUrl": "https://openagent3.xyz/downloads/openclaw-dashboard", "agentUrl": "https://openagent3.xyz/skills/openclaw-dashboard/agent", "manifestUrl": "https://openagent3.xyz/skills/openclaw-dashboard/agent.json", "briefUrl": "https://openagent3.xyz/skills/openclaw-dashboard/agent.md" } }