agent-kanban Security Report — Low Risk | ClawSafe

20 /100

agent-kanban

OpenClaw Agent Dashboard - Bloomberg Terminal-style web interface for real-time monitoring of all Agent status, session history, and session file sizes.

Skill implements a legitimate local agent dashboard but contains a hardcoded Gateway token in config.js and misleading documentation claiming auto-token loading.

Skill Nameagent-kanban

Duration40.1s

Enginepi

✓

Safe to install

Remove the hardcoded token from config.js, ensure it defaults to empty string, and fix SKILL.md to accurately reflect that config.local.js must be manually configured.

Findings 4 items

Severity	Finding	Location
Medium	Hardcoded Gateway token in config.js A Gateway authentication token is hardcoded in assets/agent-kanban/config.js line 24. This credential should not be committed to source control. If this config file is distributed as part of the skill package, the token will be exposed to all recipients. `token: 'c80aa67f773b3045792ba7afbf2e22fc09cb7b37c63019e3'` → Set token to empty string '' as default, and document clearly that users must fill in their own token via config.local.js.	`assets/agent-kanban/config.js:24`
Low	SKILL.md misleading claim about auto-token loading SKILL.md states 'Gateway Token is auto-loaded from ~/.openclaw/openclaw.json — no manual configuration required!' This is misleading. While the code does read openclaw.json for heartbeat config, the Gateway token in config.gateway.token must still be manually configured or overridden via config.local.js. Gateway Token is auto-loaded from `~/.openclaw/openclaw.json` - no manual configuration required! → Update SKILL.md to clarify that config.local.js must be created with a valid token, and that token auto-loading is for heartbeat config only.	`SKILL.md:37`
Low	config.local.js not gitignored config.local.js (the intended user override file) is not listed in a .gitignore, increasing the risk of accidentally committing user credentials. `# Edit config.local.js if needed` → Add .gitignore with 'config.local.js' to prevent credential leaks.	`references/README.md:66`
Info	CORS allows wildcard origin server.js sets Access-Control-Allow-Origin to '', which is overly permissive. However, since the server only binds to localhost and the Gateway API is also localhost-only, the practical risk is minimal. `res.header('Access-Control-Allow-Origin', '');` → Consider restricting CORS to 'http://localhost:3100' for defense in depth.	`assets/agent-kanban/server.js:48`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`READ`	✓ Aligned	server.js reads openclaw.json and workspace-* directories for agent metadata and…
Network	`NONE`	`READ`	✓ Aligned	server.js makes outbound POST requests to Gateway HTTP API at 127.0.0.1:18789 on…
Shell	`NONE`	`NONE`	—	No child_process or shell invocation in server.js or index.html
Environment	`NONE`	`READ`	✓ Aligned	server.js reads HOME env var to resolve openclaw home directory

6 findings

🔗

Medium External URL 外部 URL

http://127.0.0.1:18789

SKILL.md:72

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/react/18/files/umd/react.production.min.js

assets/agent-kanban/public/index.html:411

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/react-dom/18/files/umd/react-dom.production.min.js

assets/agent-kanban/public/index.html:412

🔗

Medium External URL 外部 URL

https://api.dicebear.com/7.x/pixel-art/svg?seed=$

assets/agent-kanban/public/index.html:434

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/style-Bloomberg%20Terminal-orange

references/README.md:5

🔗

Medium External URL 外部 URL

http://127.0.0.1:18789/tools/invoke

references/README.md:139

File Tree

6 files · 56.5 KB · 1863 lines

HTML 1f · 1098L Markdown 2f · 403L JavaScript 2f · 350L JSON 1f · 12L

├─ ▾ 📁 assets

│ └─ ▾ 📁 agent-kanban

│ ├─ ▾ 📁 public

│ │ └─ 📄 index.html HTML 1098L · 36.2 KB

│ ├─ 📜 config.js JavaScript 51L · 1.2 KB

│ ├─ 📋 package.json JSON 12L · 271 B

│ └─ 📜 server.js JavaScript 299L · 8.8 KB

├─ ▾ 📁 references

│ └─ 📝 README.md Markdown 198L · 4.3 KB

└─ 📝 SKILL.md Markdown 205L · 5.7 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`express`	`^4.18.2`	npm	No	Express 4.x with no specific version pinning

Security Positives

✓ No shell execution or child_process usage anywhere in the codebase

✓ No base64 encoding, eval(), or dynamic code execution patterns detected

✓ No remote script download patterns (curl|bash, wget|sh) found

✓ No credential enumeration (no iteration over os.environ for sensitive keys)

✓ No access to ~/.ssh, ~/.aws, or other high-value sensitive paths

✓ No data exfiltration or external IP communication (all network traffic is local to 127.0.0.1)

✓ Frontend assets served locally; external CDN URLs are only for React libraries and avatar generation

✓ Express server binds to localhost by default, not exposed externally

Scan Report

Findings 4 items

File Tree

Dependencies 1 items

Security Positives