Frequently Asked Questions
Everything you need to know about ClawChart and OpenClaw config visualization.
General
What is ClawChart?
ClawChart is a free browser-based tool that visualizes your OpenClaw agent configuration (openclaw.json) as an interactive node graph. It shows how your channels, agents, skills, models, and tools connect — and lets you browse 5,700+ skills and run security audits, all without sending your config to any server.
Is ClawChart free?
Yes. Graph visualization, security audits, skills browsing, and shareable links are all free. A Pro tier is available for watermark-free PNG exports, SVG exports, config diff tools, and hardened config generation.
Do I need to create an account?
No. ClawChart requires no account for any free feature. Everything runs in your browser.
What is OpenClaw?
OpenClaw is an open-source AI agent framework that lets you run multi-agent setups across messaging platforms like WhatsApp, Telegram, Discord, and Slack. Agents are configured via a JSON5 file (openclaw.json) and can be extended with skills from ClawHub.
Config Visualization
How do I visualize my openclaw.json?
Paste the contents of your ~/.openclaw/openclaw.json into the input area on the ClawChart homepage, or use the "Upload file" button. The graph renders instantly. You can also click "Try with example" to see a demo multi-agent graph.
Does ClawChart support JSON5 format?
Yes. ClawChart fully supports JSON5 — the format OpenClaw uses for openclaw.json. This includes comments, trailing commas, and unquoted keys. Parse errors show the exact line number and character position.
What node types does the graph show?
Five node types: Channels (blue) — your messaging platforms; Agents (green) — your AI agents; Skills (purple) — installed capabilities; Models (orange) — LLM configurations with roles; Tools (gray) — exec, browser, file, and other tool policies.
Can I share my agent graph with others?
Yes. Click 'Copy share link' to generate a URL. ClawChart compresses your config into a URL hash fragment — entirely client-side, never sent to any server. Anyone with the link can view the same graph.
What is the maximum config size ClawChart supports?
Up to 500KB, which covers any realistic openclaw.json including very large multi-agent setups with many skills.
Security Audit
What does the security audit check?
The audit checks for: sandbox disabled with exec tool allowed (critical), skills from the ClawHavoc known-malicious list (critical), open DM policies (medium), missing fallback models (medium), skills from non-ClawHub sources (low), and more. Each issue includes a severity rating and recommended fix.
Is it safe to paste my openclaw.json for a security audit?
Yes. The entire audit runs in your browser. Your config is never transmitted to any server. The known-vulnerable skills list is pre-cached at build time as a static file.
What is the ClawHavoc vulnerability list?
ClawHavoc refers to 341 malicious OpenClaw skills identified by security researchers. Snyk research also found that 7.1% of skills contain credential leaks. ClawChart cross-references your installed skills against this list and flags matches as critical.
How is the security score calculated?
Start at 100 points. Deduct: 25 per critical issue, 15 per high, 8 per medium, 3 per low. Final score maps to: A (90–100), B (75–89), C (60–74), D (40–59), F (0–39).
Skills Directory
What is the OpenClaw skills directory?
ClawChart's skills directory lists 5,700+ OpenClaw skills from ClawHub with security grades, install counts, required environment variables, permissions, and similar skill recommendations. Skills data is fetched nightly and cached as a static file.
How do I install an OpenClaw skill?
Run 'clawhub install <skill-name>' in your terminal. For a specific agent workspace, use 'clawhub install <skill-name> --workdir ~/.openclaw/workspace-<agent>'. ClawChart generates the exact install command for you.
What do the security grades (A–F) on skills mean?
Security grades reflect the skill's permission scope, credential handling patterns, and whether it appears on the known-vulnerable list. Grade A = minimal permissions, safe credential handling. Grade F = known vulnerability or dangerous permission scope.
How are skill recommendations generated?
ClawChart uses a static rules engine that cross-references your installed skills and channels. For example: if you have gmail installed, it recommends google-drive and google-calendar. If your sandbox is OFF, it recommends agentguard.
Privacy & Data
Does ClawChart store my openclaw.json?
No. Your config is processed entirely in your browser and never transmitted to any server. Shareable links use URL hash fragments, which browsers never send to servers.
Does ClawChart use cookies or tracking?
ClawChart uses browser localStorage to persist UI preferences. We use privacy-respecting analytics (no Google Analytics, no personal data sold). We do not use tracking cookies.
What data does ClawChart collect?
We collect anonymized aggregate analytics (page views, referrers, device types) and standard server logs via Vercel. For paid JSON downloads, Stripe handles payment data — we never see your card number.