Skillget

clawmaster

mcp
Security Audit
Warn
Health Warn
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Low visibility — Only 9 GitHub stars
Code Warn
  • process.env — Environment variable access in .github/scripts/wsl-runtime-smoke.mjs
  • network request — Outbound network request in .github/scripts/wsl-runtime-smoke.mjs
  • fs module — File system access in .github/workflows/build.yml
Permissions Pass
  • Permissions — No dangerous permissions requested
Purpose
This tool acts as a control plane for managing OpenClaw, offering a guided setup wizard and unified interfaces for 16 LLM providers. It can be run as a desktop application, a self-hosted web console, or a CLI.

Security Assessment
The overall risk is rated as Low. The automated scan did not find any hardcoded secrets, dangerous permissions, or suspicious shell command executions. The flagged warnings are standard operational behaviors for a tool of this nature: environment variable access and outbound network requests are contained entirely within a WSL smoke-testing script, while file system access occurs strictly inside the CI/CD build workflow. There are no indications that the core application itself engages in unauthorized data collection or malicious background activity.

Quality Assessment
The project is actively maintained, with its most recent push occurring today. It is protected by the permissive and standard MIT license, features 74 passing tests, and has clear, well-structured documentation. However, community visibility and adoption are currently very low, standing at only 9 GitHub stars. Consequently, the community trust level is unproven, meaning the project has not yet undergone widespread peer review from a large user base.

Verdict
Safe to use, but exercise standard caution regarding its low community adoption and relatively early development stage (v0.3.0).
SUMMARY

Control plane for OpenClaw. Guided setup wizard, 16 LLM providers (incl. ERNIE), 6 channel types, PowerMem memory management, ClawProbe observability. Desktop app (Tauri) + self-hosted web console.

README.md

clawmaster · OpenClaw Control Plane

Desktop app · Web console · Service CLI — three ways to run OpenClaw without editing config files.

macOS Windows Linux Web

Quick Start Roadmap Contributing License

Build Version Stars Tests

📦 Releases  ·  💬 Discussions  ·  🐛 Issues  ·  Discord   |   English  ·  中文  ·  日本語

ClawMaster vs. CLI Only

OpenClaw CLI alone ClawMaster
Initial setup Hand-edit ~/.openclaw/openclaw.json Guided wizard
Provider & model config Edit JSON, restart Form UI with live validation
Channel setup Read docs, edit config Step-by-step guides per platform
Observability None built-in ClawProbe dashboard (cost, tokens, health)
Memory management powermem CLI Management UI
Multiple profiles Manual file juggling Profile switcher
Desktop app No Yes — ships as .dmg / .msi / .AppImage
Self-hosted web console No Yes — Express, runs anywhere Node.js runs

Who It Is For

"I manage OpenClaw for my team."
One place to configure channels, rotate API keys, and monitor token spend — no SSH, no JSON editing.

"I'm building agents with LangChain."
Quick observability into context usage, memory snapshots, and cost-per-session without writing monitoring code.

"I'm setting up OpenClaw for the first time."
The setup wizard walks you through provider, model, gateway, and channel in one flow. No docs required to reach a working state.

What You Can Do

  • Setup and profiles — Detect OpenClaw, install missing pieces, create or switch profiles, bootstrap a local environment.
  • Models and providers — Configure OpenAI-compatible and provider-specific endpoints, validate API keys, set runtime defaults.
  • Gateway and channels — Bring up the gateway, follow guided setup for Feishu, WeChat, Discord, Slack, Telegram, and WhatsApp.
  • Plugins, skills, and MCP — Enable or disable capabilities, install curated items, add MCP servers, import MCP definitions.
  • Sessions, memory, and observability — Inspect sessions, manage memory backends, track token usage and estimated spend.

Quick Start

Option 1: Desktop installer

Download the latest installer from GitHub Releases.

Platform Format
Linux x64 .deb, .rpm, .AppImage
macOS Intel .dmg
macOS Apple Silicon .dmg
Windows x64 .msi, .exe

[!NOTE]
CI also uploads per-platform artifacts for every push to main (7-day retention) if you need an unreleased build.

Option 2: Run from source 
git clone https://github.com/openmaster-ai/clawmaster.git
cd clawmaster
npm install
npm run dev:web     # web app + backend
npm run tauri:dev   # desktop app

Requirements: Node.js 20+. For Tauri desktop builds, also Rust — see tauri.app/start/prerequisites.

Option 3: Service CLI 
npm i -g clawmaster
clawmaster doctor
clawmaster serve --daemon
clawmaster status

Default service URL: http://127.0.0.1:3001. clawmaster serve prints a service token — enter it in the browser UI when prompted.

Common flags:

clawmaster serve --host 127.0.0.1 --port 3001 --daemon
clawmaster serve --host 127.0.0.1 --port 3001 --token your-own-token
clawmaster stop
clawmaster doctor

First Run

  1. Launch ClawMaster.
  2. Choose an existing OpenClaw profile or create a new one.
  3. Connect at least one model provider and set a default model.
  4. Enable gateway or observability if you need runtime inspection.
  5. Add channels, plugins, skills, or MCP servers as needed.

Roadmap

Six capabilities — tracked as labeled issues:

Capability Status What it covers
Setup Released Wizard, 16 providers, 6 channel types, profile management
Observe Released ClawProbe integration, cost / token / health dashboard
Save In progress PowerMem UI, seekdb integration, token-reduction workflows
Apply Planned Photo OCR, invoice processing, flashcard tools
Build Planned Conversational agent builder (LangChain DeepAgents)
Guard Planned Key encryption, spend limits, RBAC

Browse label:roadmap to pick up an item. Leave a comment before starting — core contributors who land roadmap features can claim model credits from the OpenClaw team.

📰 News

  • 2026-04-13 🏗️ Contribution workflow tightened with issue forms, a stronger PR template, PR description validation, and architecture boundary tests.

Development

npm install
npm run dev:web       # frontend + backend
npm run dev           # frontend only (port 3000)
npm run dev:backend   # backend only (port 3001)
npm run tauri:dev     # desktop app
Testing and CI 
npm test              # unit tests (Vitest)
npm run build         # type check + production build
npm run test:desktop  # desktop smoke (macOS: real Tauri build; Linux/Win: WebDriver)

[!TIP]
Run npm test && npm run build before opening a PR — the same steps run in CI.

CI covers: TypeScript check, unit tests, backend integration smoke, web smoke, desktop smoke, and multi-platform Tauri builds.

Project layout 
clawmaster/
├── packages/web/          React + Vite frontend
├── packages/backend/      Express backend for web mode
├── src-tauri/             Tauri desktop host
├── tests/ui/              YAML-based manual UI flow specs
└── bin/clawmaster.mjs     CLI entry point

Runtime model: Desktop — React calls Tauri commands via invoke(); Web — React proxies /api to Express.

Contributing

Using an AI coding agent? Point it at AGENTS.md first — it covers the full contribution workflow, module patterns, and hard rules in agent-readable form.

See CONTRIBUTING.md for setup, testing requirements, dependency policy, commit convention, and PR checklist.

[!IMPORTANT]
PRs must pass npm test locally before opening. No screenshots, test logs, or generated files in commits. Node.js is the only permitted runtime — no new language dependencies.

Community: GitHub Discussions · Discord · Feishu

Contributors

Contributors

Acknowledgments
Project Role
OpenClaw Core runtime and configuration model
ClawProbe Observability daemon
ClawHub Skill registry
PowerMem Memory backend
Tauri Desktop app framework
React Frontend UI
Vite Frontend toolchain
Playwright Browser automation and smoke testing

License

MIT. See LICENSE.

Reviews (0)

No results found