Private Web App (PWA)

Personal PWA dashboard server with plugin apps. Use when: (1) installing or setting up PrivateApp, (2) starting/stopping/restarting the service, (3) building...

This package appears to be a legitimate personal dashboard, but several things should be checked before installing: - Do not blindly run scripts/install.sh that you cloned from the network. Inspect the contents of scripts/install.sh and scripts/install.py in the bundle (they are included) and confirm they do what you expect. Prefer installing from the bundled files rather than re-cloning the remote repo unless you trust that remote source. - Review the systemd/launchd service file the installer creates. Make sure the server is bound to localhost or your intended interface and not exposed publicly unless you intend it and have firewall/Tailscale configured securely. - The default file browser root is the user's home directory (~). If you plan to use the file browser, set file_browser.root to a restrictive folder to avoid exposing sensitive files (e.g., point it at a dedicated directory). The file browser allows reading and downloading files under that root. - The system monitor runs system commands (systemctl, pgrep, lspci, nvidia-smi) and reads sysfs to enumerate services and hardware. That's expected, but it also discloses local hostnames, running services, and other metadata — treat that data as sensitive and limit network exposure. - The app generates and stores VAPID keys and push subscription data in ~/.local/share/privateapp. Ensure file permissions are appropriate and that you understand where keys are kept. - Investigate scripts/commons/openclaw_client.py and any networking code to verify whether the app will call external services or endpoints you don't expect. If you do not want outbound network calls, block them during install or run in an isolated environment (VM/container) first. If anything in the install script or service files looks surprising (creating global system services, changing firewall, registering with third-party services), do not enable the service until you understand and approve those actions.

Type: OpenClaw Skill Name: privateapp Version: 1.0.3 The skill bundle is classified as suspicious due to several critical vulnerabilities. The `scripts/server.py` and `scripts/app_loader.py` allow for Remote Code Execution (RCE) by enabling users to add arbitrary directories as app discovery paths via the `/api/settings/paths` API, from which Python backend code (`backend/routes.py`) can be dynamically loaded and executed. Additionally, the `apps/system-monitor/backend/routes.py` exposes unauthenticated API endpoints (`/api/app/sysmon/action/restart`, `/api/app/sysmon/action/shutdown`) that execute `sudo reboot` or `sudo shutdown`, allowing any network-accessible client to control system power. The `scripts/install.sh` also presents a supply chain risk by using `curl -fsSL ... | sh` to install Tailscale, a pattern vulnerable to remote code execution if the source script is compromised. Finally, the custom markdown renderer in `apps/file-browser/frontend/src/App.tsx` uses `dangerouslySetInnerHTML`, posing a potential Cross-Site Scripting (XSS) vulnerability.