概述

Approvals UI

A web dashboard for managing OpenClaw device pairings, channel approvals, and a live terminal — all from your browser.

Install

Place this folder at:

~/.openclaw/workspace/projects/p1

Your file structure should look like:

~/.openclaw/workspace/projects/p1/
├── SKILL.md
├── server.py
└── templates/
    ├── channel_approvals.html
    ├── dashboard.html
    ├── device_pairings.html
    ├── index.html
    ├── login.html
    └── terminal.html

Requirements

Install Python dependencies:

pip install flask flask-socketio

⚠️ Important — Change These Before Running

This skill ships with placeholder credentials that you must change before using:

Open server.py and update the following values near the top of the file:

|---|---|---|---|

Example:

export FLASK_SECRET_KEY="$(python3 -c 'import secrets; print(secrets.token_hex(32))')"
export SERVER_AUTH_PASSWORD="your-strong-api-password-here"

> Do not run with the defaults. Anyone who knows the defaults can log in and access your terminal and gateway token.

Credential Explanation

There are two separate auth layers:

Dashboard login (ADMIN_USERNAME / ADMIN_PASSWORD) — protects the web UI pages (dashboard, device pairings, channel approvals, terminal).
API password (AUTH_PASSWORD / env SERVER_AUTH_PASSWORD) — protects the backend API endpoints (/pair, /sync, /approve) used for programmatic access. These endpoints are not exposed in the web UI but exist for automation/scripting.

Both should be set to strong, unique values.

Usage

Start the server:

cd ~/.openclaw/workspace/projects/p1
python3 server.py

Then open http://127.0.0.1:9100 in your browser.

Features

Dashboard — Landing page with quick navigation to all sections.
Device Pairings — View pending and paired browser/device connections. Approve or reject pairing requests. Copy your gateway token to clipboard.
Channel Approvals — Review and approve pending channel pairing requests (Telegram, Discord, WhatsApp, etc). Real-time updates via Socket.IO.
Terminal — Full interactive terminal session in the browser using xterm.js.

How It Works

Reads device pairings directly from ~/.openclaw/devices/pending.json and ~/.openclaw/devices/paired.json.
Reads channel pairing requests from ~/.openclaw/credentials/*-pairing.json.
Reads the gateway token from ~/.openclaw/openclaw.json → gateway.auth.token.
Approve/reject actions use the openclaw devices approve and openclaw devices reject CLI commands.
No external database needed — everything reads from OpenClaw's own state files.

Security Notes

Localhost only — The server binds to 127.0.0.1 by default. Do not change this to 0.0.0.0 unless you put it behind a reverse proxy with TLS and strong auth.
Terminal access — The terminal feature gives full shell access to your machine. If you don't need it, you can remove the /terminal route and terminal.html template.
Sensitive files — The app reads your openclaw.json (gateway token), device pairing files, and credential pairing files. Anyone who can access the web UI can see this data.
API endpoints — POST /pair, POST /sync, and POST /approve accept JSON with a password field. These are protected by AUTH_PASSWORD and are intended for scripting/automation, not the web UI.

Configuration

| Setting | Location | Default |

|---|---|---|

| Server port | server.py bottom | 9100 |

| Dashboard login | server.py ADMIN_USERNAME / ADMIN_PASSWORD | Drinnas / admin |

| API password | server.py AUTH_PASSWORD / env SERVER_AUTH_PASSWORD | Bb7766!server |

| Flask secret key | env FLASK_SECRET_KEY | dev placeholder |

| OpenClaw state dir | env OPENCLAW_STATE_DIR | ~/.openclaw |

版本历史

共 1 个版本

v1.0.1 当前

2026-03-29 09:59 安全安全

安全检测

腾讯云安全 (Keen)

安全，无风险

查看报告

腾讯云安全 (Sanbu)