Approvals UI

A web dashboard for managing OpenClaw device pairings, channel approvals, and a live terminal — all from your browser.

Install

Place this folder at:

~/.openclaw/workspace/projects/p1

Your file structure should look like:

~/.openclaw/workspace/projects/p1/
├── SKILL.md
├── server.py
└── templates/
    ├── channel_approvals.html
    ├── dashboard.html
    ├── device_pairings.html
    ├── index.html
    ├── login.html
    └── terminal.html

Requirements

Install Python dependencies:

pip install flask flask-socketio

⚠️ Important — Change These Before Running

This skill ships with placeholder credentials that you must change before using:

Open server.py and update the following values near the top of the file:

What	Variable	Default	Action
Dashboard login username	ADMIN_USERNAME	Drinnas	Change to your own username
Dashboard login password	ADMIN_PASSWORD	admin	Change to a strong password
API auth password	AUTH_PASSWORD / env SERVER_AUTH_PASSWORD	Bb7766!server	Change to a strong password or set the env var
Flask secret key	env FLASK_SECRET_KEY	dev placeholder	Set to a random string in your environment

Example:

export FLASK_SECRET_KEY="$(python3 -c 'import secrets; print(secrets.token_hex(32))')"
export SERVER_AUTH_PASSWORD="your-strong-api-password-here"

Do not run with the defaults. Anyone who knows the defaults can log in and access your terminal and gateway token.

Credential Explanation

There are two separate auth layers:

1. Dashboard login (ADMIN_USERNAME / ADMIN_PASSWORD) — protects the web UI pages (dashboard, device pairings, channel approvals, terminal).
2. API password (AUTH_PASSWORD / env SERVER_AUTH_PASSWORD) — protects the backend API endpoints (/pair, /sync, /approve) used for programmatic access. These endpoints are not exposed in the web UI but exist for automation/scripting.

Both should be set to strong, unique values.

Usage

Start the server:

cd ~/.openclaw/workspace/projects/p1
python3 server.py

Then open http://127.0.0.1:9100 in your browser.

Features

• Dashboard — Landing page with quick navigation to all sections.
• Device Pairings — View pending and paired browser/device connections. Approve or reject pairing requests. Copy your gateway token to clipboard.
• Channel Approvals — Review and approve pending channel pairing requests (Telegram, Discord, WhatsApp, etc). Real-time updates via Socket.IO.
• Terminal — Full interactive terminal session in the browser using xterm.js.

How It Works

• Reads device pairings directly from ~/.openclaw/devices/pending.json and ~/.openclaw/devices/paired.json.
• Reads channel pairing requests from ~/.openclaw/credentials/*-pairing.json.
• Reads the gateway token from ~/.openclaw/openclaw.json → gateway.auth.token.
• Approve/reject actions use the openclaw devices approve and openclaw devices reject CLI commands.
• No external database needed — everything reads from OpenClaw's own state files.

Security Notes

• Localhost only — The server binds to 127.0.0.1 by default. Do not change this to 0.0.0.0 unless you put it behind a reverse proxy with TLS and strong auth.
• Terminal access — The terminal feature gives full shell access to your machine. If you don't need it, you can remove the /terminal route and terminal.html template.
• Sensitive files — The app reads your openclaw.json (gateway token), device pairing files, and credential pairing files. Anyone who can access the web UI can see this data.
• API endpoints — POST /pair, POST /sync, and POST /approve accept JSON with a password field. These are protected by AUTH_PASSWORD and are intended for scripting/automation, not the web UI.

Configuration

Setting	Location	Default
Server port	server.py bottom	9100
Dashboard login	server.py ADMIN_USERNAME / ADMIN_PASSWORD	Drinnas / admin
API password	server.py AUTH_PASSWORD / env SERVER_AUTH_PASSWORD	Bb7766!server
Flask secret key	env FLASK_SECRET_KEY	dev placeholder
OpenClaw state dir	env OPENCLAW_STATE_DIR	~/.openclaw

Tags

ui dashboard pairings approvals terminal web