ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified

security-dashboard

Real-time security monitoring dashboard for OpenClaw and Linux server infrastructure. Monitors gateway status, network security, public exposure, system updates, SSH access, TLS certificates, and resource usage.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/vegasbrianc/security-dashboard
Or

Security Dashboard Skill

Real-time security monitoring dashboard for OpenClaw and Linux server infrastructure.

Features

  • OpenClaw Security: Gateway status, binding, authentication, sessions, version tracking
  • Network Security: Tailscale status, public ports, firewall, active connections
  • Public Exposure: Port binding analysis, dashboard security, exposure level assessment
  • System Security: Updates, uptime, load, failed login attempts
  • SSH & Access: Password auth status, fail2ban, banned IPs, active sessions
  • Certificates & TLS: Caddy status, TLS configuration, WireGuard encryption
  • Resource Security: CPU/memory/disk usage, config file permissions

Installation

1. Install the Skill

cd /root/clawd/skills/security-dashboard
sudo ./scripts/install.sh

This will:

  • Ask user preference: Run as dedicated user (recommended) or root
  • Create openclaw-dashboard user with limited sudo privileges (if non-root)
  • Create systemd service with security hardening
  • Configure localhost binding (127.0.0.1 only)
  • Start the dashboard on port 18791
  • Enable auto-start on boot

Security Note: Running as a dedicated user with limited sudo is recommended. The dashboard only needs sudo for security checks (fail2ban, firewall, systemctl status) - not full root access.

2. Access the Dashboard

Localhost only (secure by default):

Via SSH port forwarding:

ssh -L 18791:localhost:18791 root@YOUR_SERVER_IP

Then visit: http://localhost:18791

Usage

Start/Stop/Restart

sudo systemctl start security-dashboard
sudo systemctl stop security-dashboard
sudo systemctl restart security-dashboard

Check Status

sudo systemctl status security-dashboard

View Logs

sudo journalctl -u security-dashboard -f

API Endpoint

Get raw security metrics:

curl http://localhost:18791/api/security | jq

Security Hardening

The dashboard follows security best practices to minimize attack surface:

Dedicated User (Recommended)

The install script creates a openclaw-dashboard user with limited sudo privileges:

  • ✅ No shell access (/bin/false)
  • ✅ No home directory
  • ✅ Only specific sudo commands allowed (fail2ban, firewall, systemctl status)
  • ✅ Cannot execute arbitrary commands

Systemd Hardening

Service runs with security restrictions:

NoNewPrivileges=true      # Cannot escalate privileges
PrivateTmp=true          # Isolated tmp directory
ProtectSystem=strict     # Read-only filesystem except skill dir
ProtectHome=true         # No access to /home
ReadWritePaths=...       # Only skill directory is writable
Restart=on-failure       # Restart only on crashes (not always)

Network Binding

  • Default: 127.0.0.1 (localhost only)
  • Not accessible from network without SSH tunnel or VPN
  • No public exposure risk
Read Full Documentation on GitHub

Metadata

Author@vegasbrianc
Stars919
Views1
Updated2026-02-12
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-vegasbrianc-security-dashboard": {
      "enabled": true,
      "auto_update": true
    }
  }
}
Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.