Guide

OpenClaw Dashboard & Control UI

Name: ClawSquire
Author: ClawSquire

The OpenClaw Dashboard (Control UI) is your browser-based command center. Chat with your AI agent, configure LLM providers, manage messaging channels, set up automations, and approve actions — all from one interface.

Quick Answer

Fastest way: Download ClawSquire (free), add your server, click Connect — Dashboard opens automatically via localhost. Or run openclaw dashboard in your terminal if OpenClaw is on your local machine. For remote access, use an SSH tunnel: ssh -NL 18789:localhost:18789 user@server.

Recommended

Access via ClawSquire Desktop App

ClawSquire is a free desktop companion that handles SSH tunneling, authentication, and Dashboard access automatically — no terminal commands needed.

1.
Add your VPS
Enter your server's IP, SSH user, and credentials. Stored securely in your OS keychain (macOS Keychain / Windows Credential Manager / Linux Secret Service).
2.
Click Connect
ClawSquire establishes an encrypted SSH tunnel, forwarding port 18789 to your local machine. No SSH commands to memorize.
3.
Dashboard opens at localhost
The Dashboard loads in your browser at localhost:18789 — a secure context — so you never encounter the "device identity" error.

Health Check

One-click diagnostics for installation, config, and backup status.

Config Backup & Restore

Versioned backups with compare and one-click restore.

ClawSquire Config Backups showing 3 timestamped backup entries with Create Backup button, and Compare/Restore actions for each backup including auto-backup before restore

Visual Configuration

Browse and edit OpenClaw config with a tree viewer. Secrets are masked.

ClawSquire Configuration viewer showing OpenClaw config tree with collapsible sections: meta (2), models (1), commands (4), gateway (2) — secrets are partially masked for security, with JSON View toggle

Safety Levels

Choose Conservative, Standard, or Full Access permissions for your agent.

Download ClawSquire — Free Get Dashboard Running — from $199

Web Dashboard (CLI)

Access the Dashboard directly in your browser using the terminal.

Open the Dashboard

Terminal

openclaw dashboard

This copies the Dashboard URL to your clipboard and opens your default browser. Default address: http://localhost:18789. You'll need your gateway token to authenticate.

If the gateway isn't running yet:

Terminal

openclaw serve
# or start only the gateway:
openclaw gateway start

What's in the Dashboard

Chat

Talk to your AI agent directly in the browser. The fastest way to test without setting up Telegram or WhatsApp. Supports full conversation context with session isolation.

Tip: Use multiple sessions to keep different conversation topics separate.

Configuration

Edit OpenClaw settings visually: default model, provider API keys, gateway auth, system prompts, and more. Changes are saved to openclaw.json.

Most changes require a gateway restart to take effect: openclaw gateway restart

Channels

View and manage connected messaging platforms (Telegram, WhatsApp, Discord, Gmail). See connection status, pairing codes, and channel-specific settings.

The Channels page shows QR codes for WhatsApp pairing — no need to use the terminal.

Cron Jobs (Automations)

Create scheduled tasks that run on a timer. Examples: daily email summaries, periodic web scraping, health report generation. Uses standard cron syntax.

Sessions

Browse conversation sessions across all channels. Each session maintains isolated context so the agent remembers conversation history within a session.

Skills

View installed skills (SKILL.md files) that extend your agent's capabilities. Skills define specialized behaviors, tool access, and knowledge domains.

Execution Approvals

When the agent wants to perform a high-risk action (like sending an email, running a destructive command, or accessing the file system), it pauses and asks for your approval here.

Set approval sensitivity in ClawSquire via Settings → Safety Level.

Remote Access (VPS / Server)

If OpenClaw runs on a VPS or remote server, you need a secure way to access the Dashboard from your local machine. Never expose port 18789 to the public internet.

Easiest: Use ClawSquire

ClawSquire handles SSH tunneling automatically. Add your VPS → Click Connect → Done. No terminal commands needed. Download free →

Option A: SSH Tunnel (most common manual method)

Terminal (your local machine)

# Open tunnel — keep this running
ssh -N -L 18789:127.0.0.1:18789 user@your-server-ip

# Now open in your browser:
# http://localhost:18789

# To run in background:
ssh -fN -L 18789:127.0.0.1:18789 user@your-server-ip

-N = no remote command, -f = background, -L = local port forwarding. The tunnel encrypts all traffic between your machine and the server.

Option B: Tailscale (zero-config VPN)

Install Tailscale on both your local machine and the server. They join the same private network.

Access via Tailscale IP

# Find your server's Tailscale IP:
tailscale ip -4   # on the server

# Access from your machine:
# http://100.x.y.z:18789

Tailscale uses WireGuard encryption. The Dashboard recognizes Tailscale IPs as trusted, so the device identity error doesn't appear. Add the Tailscale IP to allowedOrigins if needed.

Option C: Reverse Proxy with HTTPS (Caddy / Nginx)

For production setups with a custom domain, use a reverse proxy with automatic TLS. See our detailed guides:

→ HTTPS setup with Caddy / Nginx (detailed guide)

Frequently Asked Questions

"Control UI requires device identity — use HTTPS or localhost"+

The Dashboard uses the Web Crypto API which requires a "secure context" — either HTTPS or localhost. Access it via http://localhost:18789 (not an IP address). If your OpenClaw runs remotely, use an SSH tunnel or ClawSquire. See our detailed guide.

Dashboard shows a blank white page+

1) Clear browser cache (Ctrl+Shift+R). 2) Check the browser console (F12) for errors — ad blockers can break WebSocket connections. 3) Verify the gateway is running: openclaw gateway status. 4) If using a reverse proxy, ensure WebSocket upgrade headers are forwarded.

"Disconnected from gateway" — WebSocket keeps dropping+

The WebSocket connection drops when navigating away, after network changes, or when the gateway restarts. Click 'Connect' and re-enter your gateway token. If it happens repeatedly, check your reverse proxy timeout settings — Nginx defaults to 60s for WebSocket.

allowedOrigins error when accessing from a different hostname+

Add your hostname to the gateway config: openclaw config set gateway.allowedOrigins '["http://localhost:18789","https://your-domain.com"]' — then restart the gateway with: openclaw gateway restart

Config changes in the Dashboard don't take effect+

The Dashboard saves changes to openclaw.json but most settings only take effect after gateway restart. Run: openclaw gateway restart. Some settings (like chat preferences) apply immediately.

Can't access the Dashboard remotely even with SSH tunnel+

Verify: 1) Your tunnel forwards to 127.0.0.1:18789 (not 0.0.0.0). 2) The tunnel process is still running: lsof -i :18789. 3) The gateway is up on the server: curl http://localhost:18789 should return HTML. 4) Your browser uses http://localhost:18789 (not 127.0.0.1).

How do I change the Dashboard port from 18789?+

Set it in your config: openclaw config set gateway.port 9999 — then restart with: openclaw gateway restart. Update any SSH tunnels and bookmarks to use the new port.

Related Guides

→ Fix "Device Identity" Error — detailed HTTPS / secure context guide
→ Gateway Token — find and manage your authentication token
→ VPS Setup — install OpenClaw on a remote server
→ Troubleshooting — diagnose common OpenClaw issues
→ CLI Reference — all OpenClaw commands
→ Health Check — run diagnostics

Download ClawSquire — Free

Gateway token · CLI reference · VPS setup