功能描述

AI Commander Management Dashboard. A lightweight companion web UI for monitoring inbound emails received via the email-webhook skill and browser session stat...

使用说明 (SKILL.md)

AI Commander Dashboard

Name: AI Commander Dashboard
Author: lksrz

A companion dashboard for AI Commander agents. Displays inbound emails collected by the email-webhook skill and shows the status of browser sessions created by the browser-auth skill.

This skill is a read-only viewer — it does not capture credentials, control browsers, or send messages. It simply reads local data files and serves them via a token-protected web UI.

Companion Skills

Skill	What it does
`email-webhook`	Receives inbound emails and writes them to `inbox.jsonl`
`browser-auth`	Runs a remote browser tunnel and writes session data to `session.json`

This dashboard reads both files and displays them in one place.

What This Skill Does

Reads inbox.jsonl and displays the last 50 inbound emails
Reads session.json and shows whether an active browser session exists
Serves a token-gated web UI on a configurable local port
Refreshes automatically every 5 seconds

Environment Variables

Variable	Required	Default	Description
`DASHBOARD_TOKEN`	Yes	—	Secret token for accessing the dashboard.
`PORT`	No	`19195`	Port for the web dashboard.
`DASHBOARD_HOST`	No	`127.0.0.1`	IP to bind the dashboard to.
`INBOX_PATH`	No	`./data/inbox.jsonl`	Path to inbound email data (from `email-webhook`).
`SESSION_PATH`	No	`./data/session.json`	Path to session file (from `browser-auth`).

Setup

Install dependencies:
```
npm install [email protected]
```
Start (zero config needed):
```
node scripts/server.js
```

Read the printed URL — it includes the auto-generated token:

🏠 AI COMMANDER DASHBOARD READY
Access URL: http://YOUR_IP:19195/?token=a3f9c2...

That's it. No configuration required.

Optional Environment Variables

Override defaults only if needed:

Variable	Default	Description
`DASHBOARD_TOKEN`	(random)	Custom token instead of auto-generated
`PORT`	`19195`	Server port
`DASHBOARD_HOST`	`0.0.0.0`	Bind address
`INBOX_PATH`	`./data/inbox.jsonl`	Path to email data (from `email-webhook`)
`SESSION_PATH`	`./data/session.json`	Path to session file (from `browser-auth`)

Security

A fresh random token is generated on every start if DASHBOARD_TOKEN is not set
All requests require the token (?token=, X-Dashboard-Token header, or Authorization: Bearer)
The UI stores the token in localStorage and removes it from the URL after load

安全使用建议

This dashboard appears to do what it says (read-only viewer of inbox.jsonl and session.json). Before installing: (1) Treat DASHBOARD_TOKEN as required in practice — explicitly set DASHBOARD_TOKEN to a strong secret so the server does not print an auto-generated token to stdout. (2) Override DASHBOARD_HOST to 127.0.0.1 (or firewall the port) if you only want local access — the server code binds to 0.0.0.0 by default, making it reachable from the network. (3) Verify INBOX_PATH / SESSION_PATH point to only the files you intend to expose; these files may contain sensitive email content or session metadata. (4) Note the UI pulls CSS/JS from public CDNs (jsdelivr / tailwind), so consider your organization's policy on remote asset loading. (5) Because the skill metadata declared DASHBOARD_TOKEN as required but the implementation can auto-generate a token, double-check the platform's enforcement of required env vars — do not rely on implicit behavior. If you cannot set DASHBOARD_TOKEN or ensure host binding is local, avoid running this skill on network-exposed machines.

功能分析

Type: OpenClaw Skill Name: aic-dashboard Version: 1.8.0 The skill is classified as suspicious due to a Local File Inclusion (LFI) vulnerability in `scripts/server.js`. The `INBOX_PATH` and `SESSION_PATH` environment variables, which control the files read by the dashboard, are not sufficiently restricted and could be manipulated by a malicious prompt to the AI agent to read arbitrary files on the system (e.g., `/etc/passwd`). While the default paths are benign, this capability presents a significant risk of sensitive data exposure. The `SKILL.md` also documents `DASHBOARD_HOST` defaulting to `0.0.0.0`, increasing network exposure, though access is token-gated. No direct evidence of intentional data exfiltration, backdoors, or other malicious actions was found within the skill's code or instructions; the primary concern is the exploitable vulnerability.

能力评估

✓ Purpose & Capability

Name/description, declared requirements (node + DASHBOARD_TOKEN), included files, and the single npm dependency (express) align with a lightweight local dashboard that reads inbox.jsonl and session.json. The code only serves a static UI and two read-only APIs that read local files.

ℹ Instruction Scope

SKILL.md instructs to install express and run node scripts/server.js — that matches the provided server.js. The runtime instructions and code stay within the stated purpose (reading inbox/session files and serving them). Minor note: the UI stores the token in localStorage and removes it from the URL, which is expected for a token-protected web UI but has client-side persistence implications.

✓ Install Mechanism

Install spec is a single npm dependency ([email protected]). This is proportional to the stated functionality and uses a common package registry; there are no downloads from arbitrary URLs or archive extraction.

⚠ Credentials

Metadata declares DASHBOARD_TOKEN as required/primary, but both the SKILL.md and server.js allow auto-generating a token when DASHBOARD_TOKEN is not set. Additionally SKILL.md contains contradictory defaults for DASHBOARD_HOST (127.0.0.1 in one place, 0.0.0.0 in another). The code uses 0.0.0.0 by default, which makes the dashboard network-accessible unless the operator sets DASHBOARD_HOST. These mismatches between declared requirements, documentation, and actual code increase risk if users assume localhost-only access or that a secret must be provided.

⚠ Persistence & Privilege

The skill does not request elevated system privileges and is not always-enabled. However, because the server binds to 0.0.0.0 by default (despite some docs saying localhost), it may expose local inbox and session data to the network. That exposure combined with the token behavior (auto-generated token printed to stdout if not provided) raises a non-trivial blast radius if deployed on multi-tenant or public hosts.

版本历史

v1.8.0

Zero-config: auto-generates random token on start, binds to 0.0.0.0 by default, prints full URL with token. Just run node scripts/server.js and go.

v1.7.0

Code review fixes: XSS fix (esc() on all email fields), removed async/http from server.js, server now exits if DASHBOARD_TOKEN not set, removed dashboard.log runtime artifact

v1.6.0

Full cleanup: removed auth.html, removed startNewLogin() from frontend, removed socket.io. Dashboard is now a pure read-only viewer. SKILL.md explains it as a companion for email-webhook + browser-auth skills.

v1.5.0

Removed auth_server.js and browser-auth endpoint entirely. Dashboard is now a pure data viewer (emails + session status). Browser auth is a separate benign skill.

v1.4.0

Stripped SKILL.md to what the dashboard actually does: email feed + session status display. Removed all browser-auth/Chromium/credential language that doesn't belong here.

v1.3.0

Rewrote SKILL.md security section: replaced high-risk labeling with proactive risk mitigation framing, added explicit sandbox confirmation, reframed credential capture as user-triggered session export

v1.2.1

**Summary: Adds interactive remote browser sessions and enhances security documentation.** - Introduced "Remote Browser Tunnel" for interactive, headless Chromium sessions via Playwright. - Supports credential capture: saves cookies and localStorage to `session.json` for login persistence. - Updated requirements: now requires a Chromium binary on the system. - Expanded security section, warning of high-risk capabilities and data sensitivity. - Improved documentation and environment variable descriptions.

v1.2.0

**aic-dashboard 1.2.0 – Real-time activity feed and secure authentication added** - Added real-time activity feed and session monitoring features to the dashboard. - Introduced a new responsive UI with dark mode and unified feeds. - Switched data paths to local ./data/ directory for inbox and session data. - Added server-side support for socket.io and playwright-core. - Enhanced security: authentication tokens now use headers for background calls; process spawning is further restricted and environment sanitization improved.

v1.1.8

- Strict sanitization added for the BROWSER_PROXY environment variable before passing to child processes (regex: ^([a-z0-9]+:\/\/)?([a-z0-9.-]+(:\d+)?)$). - All child process spawns now explicitly set shell: false for enhanced security. - Updated documentation to include security improvements and new sanitization behavior.

v1.1.7

- Expanded documentation with a "Behavioral Disclosure" section clarifying file access and process spawning. - Added information about new environment variables (`PORT`, `DASHBOARD_HOST`, `BROWSER_PROXY`, `INBOX_PATH`, `SESSION_PATH`) and their defaults. - Clarified how the dashboard reads data from sibling skills and spawns processes in the `browser-auth` folder. - Updated setup and security guidance; emphasized not exposing dashboard ports and automatic token removal from URLs. - Improved formatting and details for easier configuration and understanding.

v1.1.6

- No user-facing changes in this version; internal update only. - No documentation or feature updates detected.

v1.1.5

- Updated assets/index.html and scripts/server.js. - Minor changes; no new features or major modifications documented.

v1.1.4

- Updated description for clarity (changed "Requires DASHBOARD_TOKEN" to "Uses DASHBOARD_TOKEN"). - Metadata format simplified to a single, compact JSON object. - Removed duplicated metadata block for "clawdbot". - No changes to functionality or setup instructions.

v1.1.3

- Updated express dependency to version 4.21.2 in install instructions for improved compatibility and security.

v1.1.2

- Added metadata support for "clawdbot" alongside "openclaw" in SKILL.md. - Updated metadata formatting in SKILL.md for improved structure. - Removed _meta.json file.

v1.1.1

- Added _meta.json file with metadata. - Updated SKILL.md to include metadata for environment variables, required binaries, and install steps. - Refined description in SKILL.md for clarity.

v1.1.0

- Updated environment variable documentation to emphasize required usage of DASHBOARD_TOKEN. - Improved authentication: dashboard now supports both X-Dashboard-Token header and Authorization: Bearer <token> for access. - Refined SKILL.md to clarify setup steps and enhance security guidance. - Removed unused _meta.json file.

v1.0.0

Initial release: Unified view for emails and browser sessions with neon design.

元数据

Slug aic-dashboard

版本 1.8.0

许可证 —

累计安装 2

当前安装数 2

历史版本数 18

常见问题