Yggbuilderz-labs/marketing-dashboard
↗ GitHubOpen-source marketing operations control center for AI agent teams (CRM, outreach, content, analytics) powered by OpenClaw + SQLite.
185
Stars
40
Forks
1
Watchers
2
Open Issues
Safety Rating A
No malicious code patterns, obfuscation, or exfiltration indicators are evident in the repository metadata and README. The project explicitly documents its security posture, warns against committing real credentials, and ships with conservative defaults (host lock enabled, writeback flags disabled). The bootstrapped credential pattern is a minor operational risk but is openly documented. The Solana donation address is benign. Overall this appears to be a legitimate open-source project with no red flags.
ℹAI-assisted review, not a professional security audit.
AI Analysis
Hermes Dashboard (marketing-dashboard) is an open-source, local-first marketing operations control center built with Next.js 16, React 19, TypeScript, and SQLite. It is designed for AI agent teams and provides a unified dashboard for CRM, outreach sequencing, content operations, analytics/KPIs, and workflow automation. It integrates natively with OpenClaw, a CLI-based agent runtime, supporting dynamic agent/squad discovery, cron job templates, and multi-instance configuration. Authentication supports session cookies, API keys, and optional Google OAuth, with role-based access controls.
Use Cases
- Managing CRM leads, pipeline funnels, and source tracking for AI-driven marketing operations
- Running outreach sequencing and suppression workflows with audit trails
- Coordinating content operations including calendaring and performance tracking
- Monitoring analytics and KPIs with optional connectors to Plausible, GA4, and social platforms
- Orchestrating and monitoring OpenClaw AI agents and squads from a single control plane
- Automating marketing workflows via cron job templates compatible with OpenClaw schedules
Tags
Security Findings (2)
The README references default seeded credentials (AUTH_USER, AUTH_PASS, API_KEY) that are bootstrapped from environment variables on first run. The README itself warns users to change these before network deployment, indicating defaults may be weak or predictable. No hardcoded production secrets were observed in the provided content, but the bootstrap pattern is a known risk if defaults are shipped in code.
A Solana wallet address (BYLu8XD8hGDUtdRBWpGWu5HKoiPrWqCxYFSh4oxXuvPg) is embedded in the README for donation purposes. This is a public address and not a secret, but it is noted for transparency.
Project Connections
CoPaw
→CoPaw provides a multi-agent AI assistant framework with scheduling, memory, and MCP client management. Hermes Dashboard could serve as an operations control plane layered on top of agents managed by CoPaw, providing CRM and outreach visibility for agent-driven marketing workflows.
Scrapling
→Scrapling's web scraping and data collection capabilities could feed lead and analytics data into Hermes Dashboard's CRM and KPI modules, forming a pipeline from data collection to marketing operations management.
zeroleaks
→ZeroLeaks is a security scanner for LLM-based systems. Given that Hermes Dashboard exposes API endpoints and integrates with AI agents, zeroleaks could be used to audit and test the dashboard's API and agent surfaces for prompt injection and extraction vulnerabilities.
claude-scientific-skills
→Claude Scientific Skills provides structured agent skill definitions compatible with AI coding agents. These skills could be adapted or referenced when building OpenClaw agent integrations for Hermes Dashboard's content and analytics automation workflows.