# Send Security Dashboard to your agent Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually. ## Fast path - Download the package from Yavira. - Extract it into a folder your agent can access. - Paste one of the prompts below and point your agent at the extracted folder. ## Suggested prompts ### New install ```text I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete. ``` ### Upgrade existing ```text I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run. ``` ## Machine-readable fields ```json { "schemaVersion": "1.0", "item": { "slug": "security-dashboard", "name": "Security Dashboard", "source": "tencent", "type": "skill", "category": "其他", "sourceUrl": "https://clawhub.ai/vegasbrianc/security-dashboard", "canonicalUrl": "https://clawhub.ai/vegasbrianc/security-dashboard", "targetPlatform": "OpenClaw" }, "install": { "downloadUrl": "/downloads/security-dashboard", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=security-dashboard", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "packageFormat": "ZIP package", "primaryDoc": "SKILL.md", "includedAssets": [ "README.md", "SKILL.md", "public/index.html", "scripts/check-security.sh", "scripts/install.sh", "scripts/publish.sh" ], "downloadMode": "redirect", "sourceHealth": { "source": "tencent", "slug": "security-dashboard", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-29T12:14:39.153Z", "expiresAt": "2026-05-06T12:14:39.153Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=security-dashboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=security-dashboard", "contentDisposition": "attachment; filename=\"security-dashboard-1.2.1.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "security-dashboard" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/security-dashboard" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] } }, "links": { "detailUrl": "https://openagent3.xyz/skills/security-dashboard", "downloadUrl": "https://openagent3.xyz/downloads/security-dashboard", "agentUrl": "https://openagent3.xyz/skills/security-dashboard/agent", "manifestUrl": "https://openagent3.xyz/skills/security-dashboard/agent.json", "briefUrl": "https://openagent3.xyz/skills/security-dashboard/agent.md" } } ``` ## Documentation ### Security Dashboard Skill Real-time security monitoring dashboard for OpenClaw and Linux server infrastructure. ### Features OpenClaw Security: Gateway status, binding, authentication, sessions, version tracking Network Security: Tailscale status, public ports, firewall, active connections Public Exposure: Port binding analysis, dashboard security, exposure level assessment System Security: Updates, uptime, load, failed login attempts SSH & Access: Password auth status, fail2ban, banned IPs, active sessions Certificates & TLS: Caddy status, TLS configuration, WireGuard encryption Resource Security: CPU/memory/disk usage, config file permissions ### 1. Install the Skill cd /root/clawd/skills/security-dashboard sudo ./scripts/install.sh This will: Ask user preference: Run as dedicated user (recommended) or root Create openclaw-dashboard user with limited sudo privileges (if non-root) Create systemd service with security hardening Configure localhost binding (127.0.0.1 only) Start the dashboard on port 18791 Enable auto-start on boot Security Note: Running as a dedicated user with limited sudo is recommended. The dashboard only needs sudo for security checks (fail2ban, firewall, systemctl status) - not full root access. ### 2. Access the Dashboard Localhost only (secure by default): Via SSH port forwarding: ssh -L 18791:localhost:18791 root@YOUR_SERVER_IP Then visit: http://localhost:18791 ### Start/Stop/Restart sudo systemctl start security-dashboard sudo systemctl stop security-dashboard sudo systemctl restart security-dashboard ### Check Status sudo systemctl status security-dashboard ### View Logs sudo journalctl -u security-dashboard -f ### API Endpoint Get raw security metrics: curl http://localhost:18791/api/security | jq ### Security Hardening The dashboard follows security best practices to minimize attack surface: ### Dedicated User (Recommended) The install script creates a openclaw-dashboard user with limited sudo privileges: ✅ No shell access (/bin/false) ✅ No home directory ✅ Only specific sudo commands allowed (fail2ban, firewall, systemctl status) ✅ Cannot execute arbitrary commands ### Systemd Hardening Service runs with security restrictions: NoNewPrivileges=true # Cannot escalate privileges PrivateTmp=true # Isolated tmp directory ProtectSystem=strict # Read-only filesystem except skill dir ProtectHome=true # No access to /home ReadWritePaths=... # Only skill directory is writable Restart=on-failure # Restart only on crashes (not always) ### Network Binding Default: 127.0.0.1 (localhost only) Not accessible from network without SSH tunnel or VPN No public exposure risk ### Running as Root (Not Recommended) If you choose root during install: ⚠️ Full system access if compromised ⚠️ No privilege separation ⚠️ Only suitable for trusted, isolated environments Use the dedicated user option for production deployments. ### Change Port Edit /root/clawd/skills/security-dashboard/server.js: const PORT = 18791; // Change this Then restart: sudo systemctl restart security-dashboard ### Change Binding Default: 127.0.0.1 (localhost only - secure) Alternative: 0.0.0.0 (all interfaces - only with Tailscale!) Edit server.js line 445: server.listen(PORT, '127.0.0.1', () => { // Change '127.0.0.1' to '0.0.0.0' if needed }); ⚠️ Security Warning: Only bind to 0.0.0.0 if behind Tailscale or firewall! ### Customize Metrics Add custom checks in server.js: getOpenClawMetrics() - OpenClaw-specific metrics getNetworkMetrics() - Network security getSystemMetrics() - System-level checks getPublicExposure() - Port/binding analysis ### 🦞 OpenClaw Security Gateway running/stopped status Binding configuration (loopback/public) Auth token length and mode Active sessions + subagents Skills count Current version + update availability ### 🌐 Network Security Tailscale connection status + IP Public ports count Firewall status (UFW/firewalld) Active TCP connections ### 🌍 Public Exposure Exposure level (Excellent/Minimal/Warning/High) Public port details (service names) Kanban board binding Security dashboard binding OpenClaw gateway binding Tailscale active/inactive Security recommendations ### 🖥️ System Security Updates available Server uptime Load average Failed SSH logins (24h) Root processes count ### 🔑 SSH & Access Control SSH service status Password authentication (enabled/disabled) fail2ban status Banned IPs count Active SSH sessions ### 📜 Certificates & TLS Caddy status Public TLS enabled/disabled Tailscale WireGuard encryption ### 📊 Resource Security CPU usage percentage Memory usage percentage Disk usage percentage Config file permissions (should be 600) ### Security Alerts Dashboard generates real-time alerts: Critical (Red): Weak gateway token (< 32 chars) SSH password authentication enabled Insecure config permissions (not 600) Firewall inactive (UFW/firewalld not running) fail2ban inactive (SSH brute-force protection disabled) Warning (Yellow): Tailscale disconnected 20+ system updates available 10+ failed login attempts in 24h Disk > 80% full Info (Blue): Gateway exposed without Tailscale Non-standard configurations ### Morning Briefing Add security status to morning report: curl -s http://localhost:18791/api/security | jq '.status' ### Heartbeat Checks Monitor for critical alerts: curl -s http://localhost:18791/api/security | \\ jq '.alerts[] | select(.level == "critical")' ### Alerting Integration Pipe alerts to notification systems: ./scripts/check-alerts.sh | xargs -I {} notify-send "Security Alert" "{}" ### Architecture Backend: Node.js HTTP server Frontend: Vanilla JavaScript (no frameworks) Port: 18791 (configurable) Binding: 127.0.0.1 (localhost only) Service: systemd unit Files: server.js - Main backend (metrics collection + API) public/index.html - Dashboard UI lib/ - Shared utilities (if needed) ### Dependencies Node.js (v18+) systemctl - Service management ss - Socket statistics ufw or firewalld - Firewall check tailscale - VPN status (optional) fail2ban - Ban tracking (optional) openclaw - Gateway monitoring All dependencies are standard Linux utilities except OpenClaw. ### Dashboard not loading Check service status: sudo systemctl status security-dashboard Check logs: sudo journalctl -u security-dashboard -n 50 Verify port is listening: ss -tlnp | grep 18791 Test API directly: curl http://localhost:18791/api/security ### Gateway Status "Unknown" Verify OpenClaw gateway is running: pgrep -f openclaw-gateway Check OpenClaw config exists: cat ~/.openclaw/openclaw.json ### Metrics showing "Unknown" Commands may require sudo permissions Check script execution permissions Verify paths exist (sessions, skills, etc.) ### Uninstall sudo systemctl stop security-dashboard sudo systemctl disable security-dashboard sudo rm /etc/systemd/system/security-dashboard.service sudo systemctl daemon-reload Then remove skill directory: rm -rf /root/clawd/skills/security-dashboard ### Publishing To publish to ClawdHub: clawdhub publish security-dashboard ### License MIT ### Author Created by Erdma for Brian Christner's infrastructure monitoring. ## Trust - Source: tencent - Verification: Indexed source record - Publisher: vegasbrianc - Version: 1.2.1 ## Source health - Status: healthy - Item download looks usable. - Yavira can redirect you to the upstream package for this item. - Health scope: item - Reason: direct_download_ok - Checked at: 2026-04-29T12:14:39.153Z - Expires at: 2026-05-06T12:14:39.153Z - Recommended action: Download for OpenClaw ## Links - [Detail page](https://openagent3.xyz/skills/security-dashboard) - [Send to Agent page](https://openagent3.xyz/skills/security-dashboard/agent) - [JSON manifest](https://openagent3.xyz/skills/security-dashboard/agent.json) - [Markdown brief](https://openagent3.xyz/skills/security-dashboard/agent.md) - [Download page](https://openagent3.xyz/downloads/security-dashboard)