Frequently Asked Questions
Everything you need to know about ClawChart and OpenClaw config visualization.
General
What is ClawChart?
ClawChart is a free browser-based tool that visualizes your OpenClaw agent configuration (openclaw.json) as an interactive node graph. It shows how your channels, agents, skills, models, and tools connect — and lets you browse 5,700+ skills and run security audits, all without sending your config to any server.
Is ClawChart free?
Yes. Visualization, security auditing, skills browsing, and shareable links are completely free. VPS deployment through 1-Click Launch is a paid service with transparent pricing based on your selected server tier. Downloading your config as a JSON file has a small one-time cost per download.
Do I need to create an account?
No. ClawChart requires no account for any free feature. Everything runs in your browser.
What is OpenClaw?
OpenClaw is an open-source AI agent framework that lets you run multi-agent setups across messaging platforms like WhatsApp, Telegram, Discord, and Slack. Agents are configured via a JSON5 file (openclaw.json) and can be extended with skills from ClawHub.
Config Visualization
How do I visualize my openclaw.json?
Paste the contents of your ~/.openclaw/openclaw.json into the input area on the ClawChart homepage, or use the "Upload file" button. The graph renders instantly. You can also click "Try with example" to see a demo multi-agent graph. ⚠️ Security reminder: Always remove API keys and tokens before pasting your config — use a .env file for sensitive credentials.
Does ClawChart support JSON5 format?
Yes. ClawChart fully supports JSON5 — the format OpenClaw uses for openclaw.json. This includes comments, trailing commas, and unquoted keys. Parse errors show the exact line number and character position.
What node types does the graph show?
Five node types: Channels (blue) — your messaging platforms; Agents (green) — your AI agents; Skills (purple) — installed capabilities; Models (orange) — LLM configurations with roles; Tools (gray) — exec, browser, file, and other tool policies.
Can I share my agent graph with others?
Yes. Click 'Copy share link' to generate a URL. ClawChart compresses your config into a URL hash fragment — entirely client-side, never sent to any server. Anyone with the link can view the same graph.
What is the maximum config size ClawChart supports?
Up to 500KB, which covers any realistic openclaw.json including very large multi-agent setups with many skills.
Security Audit
What does the security audit check?
The audit checks for: sandbox disabled with exec tool allowed (critical), skills from the ClawHavoc known-malicious list (critical), open DM policies (medium), missing fallback models (medium), skills from non-ClawHub sources (low), and more. Each issue includes a severity rating and recommended fix.
Is it safe to paste my openclaw.json for a security audit?
Yes. The entire audit runs in your browser. Your config is never transmitted to any server. The known-vulnerable skills list is pre-cached at build time as a static file.
What is the ClawHavoc vulnerability list?
ClawHavoc refers to 341 malicious OpenClaw skills identified by security researchers. Snyk research also found that 7.1% of skills contain credential leaks. ClawChart cross-references your installed skills against this list and flags matches as critical.
How is the security score calculated?
Start at 100 points. Deduct: 25 per critical issue, 15 per high, 8 per medium, 3 per low. Final score maps to: A (90–100), B (75–89), C (60–74), D (40–59), F (0–39).
Skills Directory
What is the OpenClaw skills directory?
ClawChart's skills directory lists 5,700+ OpenClaw skills from ClawHub with security grades, install counts, required environment variables, permissions, and similar skill recommendations. Skills data is fetched nightly and cached as a static file.
How do I install an OpenClaw skill?
Run 'clawhub install <skill-name>' in your terminal. For a specific agent workspace, use 'clawhub install <skill-name> --workdir ~/.openclaw/workspace-<agent>'. ClawChart generates the exact install command for you.
What do the security grades (A–F) on skills mean?
Security grades reflect the skill's permission scope, credential handling patterns, and whether it appears on the known-vulnerable list. Grade A = minimal permissions, safe credential handling. Grade F = known vulnerability or dangerous permission scope.
How are skill recommendations generated?
ClawChart uses a static rules engine that cross-references your installed skills and channels. For example: if you have gmail installed, it recommends google-drive and google-calendar. If your sandbox is OFF, it recommends agentguard.
1-Click Launch to VPS
What is 1-Click Launch?
1-Click Launch lets you deploy your OpenClaw agent configuration directly to a dedicated cloud VPS (Virtual Private Server) with automated setup. Your agent goes live on a custom subdomain with auto-SSL, backups, and security hardening — all within minutes.
What server tiers are available?
Three tiers on Hetzner Cloud: Starter ($9.99/mo) — up to 2 agents on 1 channel, 2 vCPU, 4GB RAM; Pro ($19.99/mo) — up to 5 agents across 3 channels, 4 vCPU, 8GB RAM, daily backups; Power ($39.99/mo) — up to 10 agents across 5 channels, 8 vCPU, 16GB RAM, priority support.
How does the tier recommendation work?
ClawChart analyzes your openclaw.json and recommends the appropriate tier based on: number of channels connected, number of agents configured, and browser automation requirements. If your config exceeds a tier's limits, that tier will be locked and the next tier up will be recommended.
Is it safe to enter API keys during checkout?
Yes. API keys and tokens you enter are encrypted with AES-256-GCM and only decrypted at deployment time on your provisioned server. They are never logged, stored in plain text, or accessible to ClawChart staff. Keys are transmitted securely via HTTPS and injected directly into your server's environment.
What happens to my API keys after deployment?
Your keys are stored securely in your VPS environment variables. You can manage or rotate them anytime through your OpenClaw Dashboard. If you cancel your server, all data including environment variables is permanently deleted from the VPS.
What's included in every deployment?
Every deployment includes: dedicated Hetzner VPS (ARM64 architecture), Ubuntu LTS with Docker, OpenClaw runtime pre-installed, Caddy reverse proxy with auto-SSL/HTTPS, custom subdomain (your-agent.clawchart.app), automatic security updates, and OpenClaw Web UI access.
Can I upgrade or downgrade my tier later?
Yes. You can migrate to a different tier by launching a new server with your updated config. Contact support for assistance with migrating existing agent data between tiers.
How do I manage my deployed agent?
Once deployed, access your OpenClaw Dashboard at your custom subdomain. From there you can: monitor agent status, view logs, update environment variables, add new agents or skills, and configure channel integrations.
Privacy & Data
Does ClawChart store my openclaw.json?
No. Your config is processed entirely in your browser and never transmitted to any server. Shareable links use URL hash fragments, which browsers never send to servers.
Does ClawChart use cookies or tracking?
ClawChart uses browser localStorage to persist UI preferences. We use privacy-respecting analytics (no Google Analytics, no personal data sold). We do not use tracking cookies.
What data does ClawChart collect?
We collect anonymized aggregate analytics (page views, referrers, device types) and standard server logs via Vercel. For paid JSON downloads, Stripe handles payment data — we never see your card number.
Still have questions?
Reach us at hello@clawchart.xyz and we'll get back to you.