← 返回 Skills 市场
Openclaw Pixel Agents Dashboard
作者
jaffer1979
· GitHub ↗
· v1.0.0
· MIT-0
391
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-pixel-agents-dashboard
功能描述
Real-time pixel art ops dashboard for OpenClaw deployments. Visualizes agent activity as character sprites in a shared office with live activity bubbles, har...
安全使用建议
This package is internally consistent with its stated purpose, but review a few things before running it: 1) Inspect skill/scripts/setup.sh (it auto-discovers agents and writes config) so you know what filesystem paths it will access and what it will write. 2) Use environment variables or SSH key auth for gateway and remote access rather than putting passwords in dashboard.config.json. 3) The dashboard tails local JSONL session files (by default under ~/.openclaw/agents) — run it only on systems where you expect that data to be available and safe to display. 4) The 'ham radio' update-checker will contact update endpoints — if you need strict network controls, run the server in an isolated environment or block outbound requests. 5) As with any npm bundle, consider running in a dedicated user account or container the first time you try it, and audit network traffic if you have concerns about exterior communication.
功能分析
Type: OpenClaw Skill
Name: openclaw-pixel-agents-dashboard
Version: 1.0.0
The skill bundle provides a legitimate-looking pixel art dashboard for OpenClaw, but it contains several high-risk implementation patterns that create a significant attack surface. Specifically, 'server/services.ts' and 'server/hardware.ts' use 'execSync' to execute shell commands (including 'systemctl' and 'ssh') constructed directly from unsanitized configuration values, which is a classic shell injection vulnerability. Furthermore, 'server/version.ts' includes functionality to perform global system modifications via 'npm update -g'. While these capabilities are aligned with the stated purpose of service management and hardware monitoring, the lack of input validation and the use of 'sshpass' for credential handling make the bundle highly risky for deployment in environments where the configuration file might be influenced by untrusted data.
能力评估
Purpose & Capability
Name/description match the code and instructions: the server tails local JSONL session files, serves a React canvas, shows hardware stats, can call the OpenClaw gateway (/tools/invoke) to spawn agents, and can optionally sync remote agents over SSH. Required resources (gateway token, agentsDir, optional SSH creds) are appropriate for those features and nothing in the repo requests unrelated cloud/provider credentials or system-wide secrets.
Instruction Scope
SKILL.md instructs a normal npm-based setup (npm install, run setup wizard or build/start server). The runtime behavior described in SKILL.md (auto-discover agents, generate config, tail JSONL session logs, call gateway API, optionally rsync remote agents) is implemented in the included server code. I did not find instructions that ask the agent to read unrelated system config, exfiltrate secrets, or contact unexpected third-party endpoints beyond the gateway/update checker; the setup wizard and config loader legitimately access config paths (~/.openclaw/agents, ~/.config/pixel-agents) and environment variables for tokens.
Install Mechanism
No opaque download/install mechanism is present: the project is intended to be installed/started via npm (package.json) and runs local Node/tsx code. Dependencies come from npm (package-lock.json) rather than arbitrary remote archives. Assets are bundled under public/assets. No suspicious extract-from-URL or unknown-host downloads were observed in the provided files.
Credentials
The repo does not require env vars in registry metadata, but the config system supports ${ENV_VAR} expansion and the code will use OPENCLAW_GATEWAY_TOKEN (or gateway.token in the config) and optional remote SSH credentials (password or keyPath). These are proportionate to the dashboard's needs (gateway auth and remote agent syncing). Caution: remoteAgents supports plaintext passwords and recommends sshpass — storing plaintext SSH passwords in config is risky. Prefer SSH key auth or environment variables and review who can read the config files.
Persistence & Privilege
The skill does not request always:true and is user-invocable. It does not appear to modify other skills or global agent configurations. It runs as a normal user-mode Node process and uses per-user config locations; nothing indicates elevated/system-wide privilege is required.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-pixel-agents-dashboard - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-pixel-agents-dashboard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of Pixel Agents Dashboard for OpenClaw deployments.
- Real-time visualization of agent activity as character sprites in a shared office interface.
- Live activity bubbles, hardware monitoring, service controls, and task spawning features.
- Includes auto-discovery setup, flexible configuration options, and remote agent monitoring.
- Troubleshooting section added for common issues.
元数据
常见问题
Openclaw Pixel Agents Dashboard 是什么?
Real-time pixel art ops dashboard for OpenClaw deployments. Visualizes agent activity as character sprites in a shared office with live activity bubbles, har... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 391 次。
如何安装 Openclaw Pixel Agents Dashboard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-pixel-agents-dashboard」即可一键安装,无需额外配置。
Openclaw Pixel Agents Dashboard 是免费的吗?
是的,Openclaw Pixel Agents Dashboard 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Openclaw Pixel Agents Dashboard 支持哪些平台?
Openclaw Pixel Agents Dashboard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Openclaw Pixel Agents Dashboard?
由 jaffer1979(@jaffer1979)开发并维护,当前版本 v1.0.0。
推荐 Skills