Description

Web dashboard to approve OpenClaw device and channel pairings, manage connections, and access a live terminal from your browser.

README (SKILL.md)

Approvals UI\r

Name: Approve new channels, and connections to openclaw ui and terminal
Author: dr1nnas

\r A web dashboard for managing OpenClaw device pairings, channel approvals, and a live terminal — all from your browser.\r \r

Install\r

\r Place this folder at:\r \r

~/.openclaw/workspace/projects/p1\r
```\r
\r
Your file structure should look like:\r
\r
```\r
~/.openclaw/workspace/projects/p1/\r
├── SKILL.md\r
├── server.py\r
└── templates/\r
    ├── channel_approvals.html\r
    ├── dashboard.html\r
    ├── device_pairings.html\r
    ├── index.html\r
    ├── login.html\r
    └── terminal.html\r
```\r
\r
## Requirements\r
\r
Install Python dependencies:\r
\r
```bash\r
pip install flask flask-socketio\r
```\r
\r
## ⚠️ Important — Change These Before Running\r
\r
This skill ships with **placeholder credentials** that you **must** change before using:\r
\r
Open `server.py` and update the following values near the top of the file:\r
\r
| What | Variable | Default | Action |\r
|---|---|---|---|\r
| Dashboard login username | `ADMIN_USERNAME` | `Drinnas` | Change to your own username |\r
| Dashboard login password | `ADMIN_PASSWORD` | `admin` | Change to a strong password |\r
| API auth password | `AUTH_PASSWORD` / env `SERVER_AUTH_PASSWORD` | `Bb7766!server` | Change to a strong password or set the env var |\r
| Flask secret key | env `FLASK_SECRET_KEY` | dev placeholder | Set to a random string in your environment |\r
\r
**Example:**\r
\r
```bash\r
export FLASK_SECRET_KEY="$(python3 -c 'import secrets; print(secrets.token_hex(32))')"\r
export SERVER_AUTH_PASSWORD="your-strong-api-password-here"\r
```\r
\r
> **Do not run with the defaults.** Anyone who knows the defaults can log in and access your terminal and gateway token.\r
\r
### Credential Explanation\r
\r
There are **two separate auth layers**:\r
\r
1. **Dashboard login** (`ADMIN_USERNAME` / `ADMIN_PASSWORD`) — protects the web UI pages (dashboard, device pairings, channel approvals, terminal).\r
2. **API password** (`AUTH_PASSWORD` / env `SERVER_AUTH_PASSWORD`) — protects the backend API endpoints (`/pair`, `/sync`, `/approve`) used for programmatic access. These endpoints are not exposed in the web UI but exist for automation/scripting.\r
\r
Both should be set to strong, unique values.\r
\r
## Usage\r
\r
Start the server:\r
\r
```bash\r
cd ~/.openclaw/workspace/projects/p1\r
python3 server.py\r
```\r
\r
Then open **http://127.0.0.1:9100** in your browser.\r
\r
## Features\r
\r
- **Dashboard** — Landing page with quick navigation to all sections.\r
- **Device Pairings** — View pending and paired browser/device connections. Approve or reject pairing requests. Copy your gateway token to clipboard.\r
- **Channel Approvals** — Review and approve pending channel pairing requests (Telegram, Discord, WhatsApp, etc). Real-time updates via Socket.IO.\r
- **Terminal** — Full interactive terminal session in the browser using xterm.js.\r
\r
## How It Works\r
\r
- Reads device pairings directly from `~/.openclaw/devices/pending.json` and `~/.openclaw/devices/paired.json`.\r
- Reads channel pairing requests from `~/.openclaw/credentials/*-pairing.json`.\r
- Reads the gateway token from `~/.openclaw/openclaw.json` → `gateway.auth.token`.\r
- Approve/reject actions use the `openclaw devices approve` and `openclaw devices reject` CLI commands.\r
- No external database needed — everything reads from OpenClaw's own state files.\r
\r
## Security Notes\r
\r
- **Localhost only** — The server binds to `127.0.0.1` by default. Do not change this to `0.0.0.0` unless you put it behind a reverse proxy with TLS and strong auth.\r
- **Terminal access** — The terminal feature gives full shell access to your machine. If you don't need it, you can remove the `/terminal` route and `terminal.html` template.\r
- **Sensitive files** — The app reads your `openclaw.json` (gateway token), device pairing files, and credential pairing files. Anyone who can access the web UI can see this data.\r
- **API endpoints** — `POST /pair`, `POST /sync`, and `POST /approve` accept JSON with a password field. These are protected by `AUTH_PASSWORD` and are intended for scripting/automation, not the web UI.\r
\r
## Configuration\r
\r
| Setting | Location | Default |\r
|---|---|---|\r
| Server port | `server.py` bottom | `9100` |\r
| Dashboard login | `server.py` `ADMIN_USERNAME` / `ADMIN_PASSWORD` | `Drinnas` / `admin` |\r
| API password | `server.py` `AUTH_PASSWORD` / env `SERVER_AUTH_PASSWORD` | `Bb7766!server` |\r
| Flask secret key | env `FLASK_SECRET_KEY` | dev placeholder |\r
| OpenClaw state dir | env `OPENCLAW_STATE_DIR` | `~/.openclaw` |\r
\r
## Tags\r
\r
`ui` `dashboard` `pairings` `approvals` `terminal` `web`\r

Usage Guidance

This package appears to do what it says: a local dashboard that reads OpenClaw state files and provides an interactive terminal. Before installing or running it, do the following: 1) Change the defaults immediately — set a strong FLASK_SECRET_KEY (via env) and a strong SERVER_AUTH_PASSWORD; also change ADMIN_USERNAME/ADMIN_PASSWORD in server.py or make them configurable via environment variables. 2) Remember this app reads and displays sensitive files (gateway token, pairing JSONs); anyone who can access the web UI or the API endpoints can view or act on those secrets. The /pair and /sync API endpoints accept a JSON password (plaintext) for automation—only use them from trusted local scripts and keep the password strong. 3) The terminal provides a full shell; remove or disable the /terminal route if you do not need it. 4) Review server.py for how it invokes the OpenClaw CLI (subprocess usage). Ensure arguments are passed without shell=True or unsafe string concatenation to avoid command injection if you expose the server beyond localhost. 5) Do not bind to 0.0.0.0 or expose this service to untrusted networks without putting it behind HTTPS and strong access controls. 6) If you rely on external CDNs (socket.io,xterm.js), consider hosting assets locally if you require an air-gapped or stricter environment. If you want, provide the rest of server.py (the truncated portion) and I will inspect the exact subprocess/pty usage for additional concerns.

Capability Analysis

Type: OpenClaw Skill Name: approvals-ui Version: 1.0.1 This skill bundle is classified as suspicious due to several critical vulnerabilities, primarily the use of weak default credentials and a hardcoded API password in client-side code (channel_approvals.html, index.html), which could lead to unauthorized access and command execution. The `server.py` also uses a weak default Flask secret key, enables `debug=True` and `allow_unsafe_werkzeug=True` (severe RCE risk in production), and sets `cors_allowed_origins="*"` for Socket.IO. Furthermore, user-controlled inputs are passed to `subprocess.run` calls for the `openclaw` CLI, posing a potential shell injection risk. While the `SKILL.md` documentation transparently warns users about changing default credentials and the inherent risk of the full shell access provided by the terminal feature, these are significant flaws that make the system highly vulnerable if the warnings are ignored. There is no clear evidence of intentional malicious behavior like data exfiltration to unauthorized external endpoints or hidden backdoors.

Capability Assessment

✓ Purpose & Capability

Name/description (dashboard for device/channel approvals and a live terminal) match the code and SKILL.md. The server reads OpenClaw state files (~/.openclaw), exposes pairing management endpoints, and provides an in-browser terminal — all consistent with the stated purpose. There are no unrelated required env vars or binaries.

ℹ Instruction Scope

SKILL.md explicitly instructs where to place files, how to install Flask/SocketIO, and to change embedded default credentials. It also documents that the app reads sensitive OpenClaw files (pending/paired device JSON, channel pairing JSON, and gateway token) and that the terminal exposes a full shell. Those behaviors are within purpose but are high-sensitivity operations; the docs warn about them. One operational note: the web templates load Socket.IO (and likely other assets) from public CDNs; SKILL.md does not call this out but this is normal for a local UI.

✓ Install Mechanism

This is an instruction-only skill (no installer spec). The instructions tell the user to pip install flask and flask-socketio — reasonable and proportional. No remote downloads/executables are pulled by the skill itself.

ℹ Credentials

The skill requests no special environment variables in the registry metadata. The code supports optional env vars (FLASK_SECRET_KEY and SERVER_AUTH_PASSWORD) and provides defaults in server.py for ADMIN_USERNAME/ADMIN_PASSWORD/AUTH_PASSWORD which SKILL.md tells you to change. That is consistent, but embedding default admin credentials in the code is risky — the SKILL.md repeatedly warns not to run with defaults. API endpoints (/pair, /sync) accept a JSON password for automation; ensure you set a strong SERVER_AUTH_PASSWORD before use.

✓ Persistence & Privilege

The skill does not request always:true or any platform privileges. It runs as a local Flask app and does not modify other skills or system-wide OpenClaw config beyond invoking OpenClaw CLI operations (approve/reject). Autonomous model invocation settings are default and not a special privilege in this package.

Version History

v1.0.1

- Added a prominent section instructing users to change default dashboard and API credentials before first use. - Explained the difference between dashboard login and API password, clarifying their separate purposes. - Provided examples and details on setting secure environment variables for authentication and Flask secret key. - Added a dedicated Security Notes section warning about terminal access, sensitive files, and exposed API endpoints. - Updated configuration table to include API password and clarify environment variable usage.

v1.0.0

Initial release of Approvals UI — a web dashboard for OpenClaw device and channel management. - Provides a browser-based interface for device pairings, channel approvals, and terminal access. - Integrates real-time updates for channel approvals via Socket.IO. - Supports interactive terminal sessions in-browser using xterm.js. - No external database required; works directly with OpenClaw's state files. - Default login: Username: Drinnas / Password: admin

Metadata

Slug approvals-ui

Version 1.0.1

License —

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is Approve new channels, and connections to openclaw ui and terminal?

Web dashboard to approve OpenClaw device and channel pairings, manage connections, and access a live terminal from your browser. It is an AI Agent Skill for Claude Code / OpenClaw, with 675 downloads so far.

How do I install Approve new channels, and connections to openclaw ui and terminal?

Run "/install approvals-ui" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Approve new channels, and connections to openclaw ui and terminal free?

Yes, Approve new channels, and connections to openclaw ui and terminal is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Approve new channels, and connections to openclaw ui and terminal support?

Approve new channels, and connections to openclaw ui and terminal is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Approve new channels, and connections to openclaw ui and terminal?

It is built and maintained by Dr1nnas (@dr1nnas); the current version is v1.0.1.

More Skills

Approve new channels, and connections to openclaw ui and terminal