Can I customise the canvas?

Limited. Logo, colour, branding can be adjusted. Full UI customisation needs forking, which we don't recommend.

Do I need extra auth on top of Tailscale?

Tailscale ACLs are enough for most setups. For compliance-driven setups: also OAuth (Google Workspace, Microsoft 365).

Very small. Canvas server runs in the daemon process, ~50 MB extra RAM.

Guide

OpenClaw canvas & live dashboard

The OpenClaw canvas shows live what your agent is doing. Here's how to make it a team tool — safely and auditably.

Manuel Streit

/ May 11, 2026 / 3 min read

About this guide

Understand the OpenClaw canvas at 127.0.0.1:18789, expose safely via Tailscale, use live skill tracing and replay.

Open the canvas

Once the daemon is running, the canvas is reachable on http://127.0.0.1:18789. Default view: live stream of skill calls, with inputs, tool calls, outputs and tokens.

What does the canvas show?

Active channels and status
Recent skill calls per user
Tool calls (which MCP servers were invoked)
Token counter (today, this week, this month)
Errors and warnings

Expose safely via Tailscale

Never go public (CVE-2026-25253!). Instead:

tailscale serve --bg http://127.0.0.1:18789

The canvas is now reachable at https://hostname.tailnet.ts.net for Tailscale members — not the world.

Use replay

Past calls can be replayed for debugging or skill improvement. Click a skill call → "Replay with same inputs". Useful for tuning system prompts.

Export tracing

Per skill call: full trace as JSON. Export to Elastic, Datadog or Splunk for production monitoring.