← 返回 Skills 市场
Command Center 1.4.1
作者
JCDentonCore
· GitHub ↗
· v1.0.0
· MIT-0
73
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install command-center-1-4-1
功能描述
Mission control dashboard for OpenClaw - real-time session monitoring, LLM usage tracking, cost intelligence, and system vitals. View all your AI agents in o...
使用说明 (SKILL.md)
OpenClaw Command Center
Mission control for your AI workforce.
Quick Start
npx clawhub@latest install command-center
cd skills/command-center
node lib/server.js
Dashboard runs at http://localhost:3333
Features
- Session Monitoring — Real-time view of all AI sessions with live updates
- LLM Fuel Gauges — Track Claude, Codex, and other model usage
- System Vitals — CPU, Memory, Disk, Temperature
- Cron Jobs — View and manage scheduled tasks
- Cerebro Topics — Automatic conversation organization
- Cost Tracking — Per-session costs, projections, savings estimates
- Privacy Controls — Hide sensitive topics for demos
Configuration
The dashboard auto-detects your OpenClaw workspace. Set OPENCLAW_WORKSPACE to override.
Authentication
| Mode | Use Case |
|---|---|
none |
Local development |
token |
Remote access |
tailscale |
Team VPN |
cloudflare |
Public deployment |
DASHBOARD_AUTH_MODE=tailscale node lib/server.js
API
| Endpoint | Description |
|---|---|
GET /api/state |
All dashboard data (unified) |
GET /api/events |
SSE stream for live updates |
GET /api/health |
Health check |
Links
安全使用建议
This package appears to be a legitimate local dashboard for OpenClaw, but take these precautions before installing or exposing it:
- Run it locally first and keep it bound to localhost (default host: "localhost") until you've audited it. Check config/dashboard.example.json host/trustProxy settings.
- Do not enable token/cloudflare/tailscale modes or change allowed IPs to non-restricted values until you understand the auth flow and have a strong token. If you enable remote access, require authentication and use network isolation (VPN) or a reverse proxy with strict access control.
- The dashboard purposely reads your OpenClaw workspace (memory/, state/, logs/) and exposes a unified /api/state and a memory browser. If those files contain sensitive data, review lib/server.js and related code to confirm what is read and served and consider running the dashboard in an isolated VM/container.
- Optional integrations (linear, slack, discord) are present in config; do not populate API keys for these services unless you trust the code and want those integrations. Verify where and how any keys are stored.
- The repo contains helper scripts (install-system-deps.sh, setup.sh). Do not run them as root blindly — inspect them first; they may call package managers or require sudo for optional system tooling.
- Confirm the claimed 'no external calls' by grepping the code for network APIs (http/https/fetch/request, outbound webhook URLs) before assuming zero telemetry.
- If you need higher assurance, run the skill in a temporary VM or sandbox, audit lib/server.js and the API routes (public/js and src files) for data exfiltration behavior, and review package.json/package-lock.json for dependencies.
If you want, I can (1) list files/functions that read workspace memory/state, (2) search the code for outbound network calls and where integrations are invoked, or (3) summarize what /api/state and /api/events expose from the code.
功能分析
Type: OpenClaw Skill
Name: command-center-1-4-1
Version: 1.0.0
The 'command-center' skill bundle is a comprehensive monitoring dashboard for the OpenClaw ecosystem. Security analysis of the source code (src/) and operational scripts (scripts/) reveals several proactive security measures, including path traversal protection in the static file server (src/index.js), the use of a restricted environment for CLI subprocesses to prevent secret leakage (src/openclaw.js), and an explicit allow-list for administrative actions (src/actions.js). The dashboard supports multiple secure authentication modes (Tailscale, Cloudflare Access, and Token-based) and adheres to a local-first privacy model. No evidence of data exfiltration, malicious persistence, or unauthorized remote execution was detected.
能力标签
能力评估
Purpose & Capability
The codebase and SKILL.md align with a monitoring/dashboard purpose (server.js, API endpoints, workspace auto-detection, memory/browser features). However the documentation references environment variables and auth modes (DASHBOARD_AUTH_MODE, DASHBOARD_TOKEN, OPENCLAW_WORKSPACE) while the skill metadata declares no required env vars — a metadata/instruction mismatch. The repo contains optional integrations (linear, slack, discord) which are reasonable for a dashboard but worth reviewing before turning them on.
Instruction Scope
Runtime instructions simply start node lib/server.js (expected). The server and docs, however, explicitly read auto-detected OpenClaw workspace paths (memory/, state/, logs/) and expose a unified /api/state and memory browser. That is coherent for a dashboard but means the skill will read potentially sensitive agent memories and state files. The instructions and other docs also describe auth modes that can expose the service beyond localhost. The agent instructions (AGENTS.md) encourage reading repository/workspace files, which broadens the scope — confirm you want a skill that can read your workspace and memory files.
Install Mechanism
Install spec is a simple shell start command (node lib/server.js). All source is included in the skill bundle; there is no remote download/install step in the provided install spec. That lowers supply-chain risk. Optional scripts (install-system-deps.sh, setup.sh) exist but are not automatically run by the SKILL.md install step.
Credentials
The skill metadata declares no required environment variables, but the documentation and SKILL.md reference several env vars (OPENCLAW_WORKSPACE, PORT, DASHBOARD_AUTH_MODE, DASHBOARD_TOKEN, DASHBOARD_ALLOWED_IPS). Some auth modes (token, cloudflare, tailscale) will require secrets/credentials if used. The presence of optional integrations (Linear, Slack, Discord) means users could provide external API keys. The skill does not need secrets to run locally with default settings, but enabling remote access or integrations will require credentials — ensure only minimal credentials are supplied and review where they are stored.
Persistence & Privilege
The skill does not request 'always' inclusion, nor does it declare elevated privileges. It contains operational scripts and optional sysdep installers (which may use sudo) but these are not part of the default install/start step. The server can be configured to bind beyond localhost and to enable remote auth modes — that increases its privilege surface, but is a configuration decision rather than an inherent install-time privilege.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install command-center-1-4-1 - 安装完成后,直接呼叫该 Skill 的名称或使用
/command-center-1-4-1触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of OpenClaw Command Center.
- Provides real-time dashboard for monitoring AI sessions and system vitals.
- Tracks LLM usage, costs, and scheduled tasks (cron jobs).
- Supports various authentication modes: none, token, tailscale, and cloudflare.
- Includes unified API endpoints for dashboard data and live updates.
- Privacy controls available for demo scenarios.
元数据
常见问题
Command Center 1.4.1 是什么?
Mission control dashboard for OpenClaw - real-time session monitoring, LLM usage tracking, cost intelligence, and system vitals. View all your AI agents in o... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 73 次。
如何安装 Command Center 1.4.1?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install command-center-1-4-1」即可一键安装,无需额外配置。
Command Center 1.4.1 是免费的吗?
是的,Command Center 1.4.1 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Command Center 1.4.1 支持哪些平台?
Command Center 1.4.1 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Command Center 1.4.1?
由 JCDentonCore(@jcdentoncore)开发并维护,当前版本 v1.0.0。
推荐 Skills