Approvals UI
A web dashboard for managing OpenClaw device pairings, channel approvals, and a live terminal — all from your browser.
Install
Place this folder at:
~/.openclaw/workspace/projects/p1
Your file structure should look like:
~/.openclaw/workspace/projects/p1/
├── SKILL.md
├── server.py
└── templates/
├── channel_approvals.html
├── dashboard.html
├── device_pairings.html
├── index.html
├── login.html
└── terminal.html
Requirements
Install Python dependencies:
pip install flask flask-socketio
⚠️ Important — Change These Before Running
This skill ships with placeholder credentials that you must change before using:
Open server.py and update the following values near the top of the file:
| What | Variable | Default | Action |
|---|---|---|---|
| Dashboard login username | ADMIN_USERNAME | Drinnas | Change to your own username |
| Dashboard login password | ADMIN_PASSWORD | admin | Change to a strong password |
| API auth password | AUTH_PASSWORD / env SERVER_AUTH_PASSWORD | Bb7766!server | Change to a strong password or set the env var |
| Flask secret key | env FLASK_SECRET_KEY | dev placeholder | Set to a random string in your environment |
Example:
export FLASK_SECRET_KEY="$(python3 -c 'import secrets; print(secrets.token_hex(32))')"
export SERVER_AUTH_PASSWORD="your-strong-api-password-here"
Do not run with the defaults. Anyone who knows the defaults can log in and access your terminal and gateway token.
Credential Explanation
There are two separate auth layers:
- Dashboard login (
ADMIN_USERNAME/ADMIN_PASSWORD) — protects the web UI pages (dashboard, device pairings, channel approvals, terminal). - API password (
AUTH_PASSWORD/ envSERVER_AUTH_PASSWORD) — protects the backend API endpoints (/pair,/sync,/approve) used for programmatic access. These endpoints are not exposed in the web UI but exist for automation/scripting.
Both should be set to strong, unique values.
Usage
Start the server:
cd ~/.openclaw/workspace/projects/p1
python3 server.py
Then open http://127.0.0.1:9100 in your browser.
Features
- Dashboard — Landing page with quick navigation to all sections.
- Device Pairings — View pending and paired browser/device connections. Approve or reject pairing requests. Copy your gateway token to clipboard.
- Channel Approvals — Review and approve pending channel pairing requests (Telegram, Discord, WhatsApp, etc). Real-time updates via Socket.IO.
- Terminal — Full interactive terminal session in the browser using xterm.js.
How It Works
- Reads device pairings directly from
~/.openclaw/devices/pending.jsonand~/.openclaw/devices/paired.json. - Reads channel pairing requests from
~/.openclaw/credentials/*-pairing.json. - Reads the gateway token from
~/.openclaw/openclaw.json→gateway.auth.token. - Approve/reject actions use the
openclaw devices approveandopenclaw devices rejectCLI commands. - No external database needed — everything reads from OpenClaw's own state files.
Security Notes
- Localhost only — The server binds to
127.0.0.1by default. Do not change this to0.0.0.0unless you put it behind a reverse proxy with TLS and strong auth. - Terminal access — The terminal feature gives full shell access to your machine. If you don't need it, you can remove the
/terminalroute andterminal.htmltemplate. - Sensitive files — The app reads your
openclaw.json(gateway token), device pairing files, and credential pairing files. Anyone who can access the web UI can see this data. - API endpoints —
POST /pair,POST /sync, andPOST /approveaccept JSON with a password field. These are protected byAUTH_PASSWORDand are intended for scripting/automation, not the web UI.
Configuration
| Setting | Location | Default |
|---|---|---|
| Server port | server.py bottom | 9100 |
| Dashboard login | server.py ADMIN_USERNAME / ADMIN_PASSWORD | Drinnas / admin |
| API password | server.py AUTH_PASSWORD / env SERVER_AUTH_PASSWORD | Bb7766!server |
| Flask secret key | env FLASK_SECRET_KEY | dev placeholder |
| OpenClaw state dir | env OPENCLAW_STATE_DIR | ~/.openclaw |
Tags
ui dashboard pairings approvals terminal web