74
/ 100
12 days ago
glama

dashclaw

Governance runtime for AI agents: a guard tool evaluates risky actions against policy before they execute (block / warn / require human approval), approvals route to a human queue, and every action becomes a replayable decision record with per-action spend tracking. Runs over stdio via npx @dashclaw/mcp-server; works with Claude Code, Codex, LangChain, CrewAI, or any MCP host.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 4 credentials: DASHCLAW_LOCAL_ADMIN_PASSWORD, NEXTAUTH_SECRET, STRIPE_SECRET_KEY, DASHCLAW_API_KEY
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configAGENT_ONLINE_WINDOW_MS
configDASHCLAW_API_KEY_ORG
configDASHCLAW_CLOSED_ENROLLMENT
🔐 secretDASHCLAW_LOCAL_ADMIN_PASSWORD
configDASHCLAW_NEW_CONNECT_WEBHOOK
configENFORCE_AGENT_SIGNATURES
🔐 secretNEXTAUTH_SECRET
configNEXTAUTH_URL
configNEXT_PUBLIC_APP_URL
configSTRIPE_PRICE_BUSINESS
configSTRIPE_PRICE_PRO
🔐 secretSTRIPE_SECRET_KEY
configDASHCLAW_BASE_URLbaseUrl: process.env.,
configDASHCLAW_URL"": "https://your-dashclaw.vercel.app",
🔐 secretDASHCLAW_API_KEY"": "oc_live_xxx"
configDASHCLAW_BEHAVIOR_SAMPLES_ENABLED
configDASHCLAW_BEHAVIOR_SAMPLES_DIR
configDASHCLAW_WORKSPACE
configDASHCLAW_GOVERNED_CATEGORIES
configDASHCLAW_CODE_SESSIONS_CONTENT
configDASHCLAW_DISABLE_DOTENV
configDASHCLAW_HOOK_DEBUG
configDASHCLAW_AGENT_ID
configDASHCLAW_HOOK_MODE
configDASHCLAW_PERMISSION_MODE
configDASHCLAW_GUARD_TIMEOUT
configDASHCLAW_GUARD_CONNECT_TIMEOUT
configDASHCLAW_APPROVAL_TIMEOUT
configDASHCLAW_GUARD_UNAVAILABLE_POLICY
configDASHCLAW_SUBAGENT_IDENTITY
configDASHCLAW_SKILL_SCAN
configCLAUDE_PROJECT_DIR
configDASHCLAW_DIGEST_DISABLED
configDASHCLAW_TRACK_TEXT_TURNS
configDASHCLAW_CODE_SESSIONS_ENABLED
configDASHCLAW_BEHAVIOR_INSIGHTS
configDASHCLAW_BEHAVIOR_UPLOAD
configBUG04_OUT
configTEST_AGENT_ID
configTEST_AGENT_NAME
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 2 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/ucsandman-dashclaw-1jf1xe)](https://m8ven.ai/mcp/ucsandman-dashclaw-1jf1xe)
commit: 4159b9775160b1b86e42e0b5229fcd304326c48b
code hash: a7c90a80b1eb04c8c86937b52471a42234531cfc0066a19d72da3c76e5b07134
verified: 7/6/2026, 10:31:41 AM
view raw JSON →