clawdbot-security

Security audit and hardening for Clawdbot/Moltbot installations. Detects exposed gateways, fixes permissions, enables authentication, and guides firewall/Tailscale setup.

533 stars

bysundial-org

View on GitHub Installation ↓

Best use case

clawdbot-security is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Security audit and hardening for Clawdbot/Moltbot installations. Detects exposed gateways, fixes permissions, enables authentication, and guides firewall/Tailscale setup.

Teams using clawdbot-security should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

You only need a quick one-off answer and do not need a reusable workflow.
You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/clawdbot-security/SKILL.md --create-dirs "https://raw.githubusercontent.com/sundial-org/awesome-openclaw-skills/main/skills/clawdbot-security/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/clawdbot-security/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How clawdbot-security Compares

Feature / Agent	clawdbot-security	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

Security audit and hardening for Clawdbot/Moltbot installations. Detects exposed gateways, fixes permissions, enables authentication, and guides firewall/Tailscale setup.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Clawdbot Security Audit

Comprehensive security scanner and hardening guide for Clawdbot/Moltbot installations.

**Why this matters**: 1,673+ Clawdbot gateways were found exposed on Shodan. If you installed Clawdbot on a server or VPS, you might be one of them.

---

## Quick Start

```bash
# Scan for issues
npx clawdbot-security-audit

# Scan and auto-fix
npx clawdbot-security-audit --fix

# Deep scan (includes network check)
npx clawdbot-security-audit --deep --fix
```

---

## What Gets Checked

### 1. Gateway Binding
- **Safe**: `bind: "loopback"` (127.0.0.1)
- **DANGER**: `bind: "lan"` or `bind: "0.0.0.0"`

### 2. File Permissions
- Config directory: 700 (owner only)
- Config file: 600 (owner read/write only)
- Credentials: 700 (owner only)

### 3. Authentication
- Token auth or password auth should be enabled
- Without auth, anyone who finds your gateway has full access

### 4. Node.js Version
- Minimum: 20.x
- Recommended: 22.12.0+
- Older versions have known vulnerabilities

### 5. mDNS Broadcasting
- Clawdbot uses Bonjour for local discovery
- On servers, this should be disabled

### 6. External Accessibility (--deep)
- Checks if your gateway port is reachable from the internet
- Uses your public IP to test

---

## Manual Hardening Steps

### Step 1: Bind to Localhost Only

```json
// ~/.clawdbot/clawdbot.json
{
  "gateway": {
    "bind": "loopback",
    "port": 18789
  }
}
```

### Step 2: Lock File Permissions

```bash
chmod 700 ~/.clawdbot
chmod 600 ~/.clawdbot/clawdbot.json
chmod 700 ~/.clawdbot/credentials
```

### Step 3: Enable Authentication

```json
{
  "gateway": {
    "auth": {
      "mode": "token"
    }
  }
}
```

Then set the token:
```bash
export CLAWDBOT_GATEWAY_TOKEN=$(openssl rand -hex 32)
```

### Step 4: Disable mDNS

```bash
export CLAWDBOT_DISABLE_BONJOUR=1
```

### Step 5: Set Up Firewall (UFW)

```bash
# Default deny incoming
sudo ufw default deny incoming
sudo ufw default allow outgoing

# Allow SSH (don't lock yourself out!)
sudo ufw allow ssh

# Allow Tailscale if using
sudo ufw allow in on tailscale0

# Enable firewall
sudo ufw enable

# DO NOT allow port 18789 publicly!
```

### Step 6: Set Up Tailscale (Recommended)

```bash
# Install
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up

# Configure Clawdbot
# Add to clawdbot.json:
{
  "gateway": {
    "bind": "loopback",
    "tailscale": {
      "mode": "serve"
    }
  }
}
```

---

## What Gets Exposed When Vulnerable

When a Clawdbot gateway is exposed:

- ❌ Complete conversation histories (Telegram, WhatsApp, Signal, iMessage)
- ❌ API keys (Claude, OpenAI, etc.)
- ❌ OAuth tokens and bot credentials
- ❌ Full shell access to the host machine
- ❌ All files in the workspace

**Prompt injection attacks** can extract this data with a single email or message.

---

## Checklist

- [ ] Gateway bound to loopback only
- [ ] File permissions locked down (700/600)
- [ ] Authentication enabled (token or password)
- [ ] Node.js 22.12.0+
- [ ] mDNS disabled on servers
- [ ] Firewall configured (UFW)
- [ ] Tailscale for remote access (not port forwarding)
- [ ] SSH key-only auth (no passwords)

---

## Installation

```bash
# npm
npm install -g clawdbot-security-audit

# ClawdHub
clawdhub install lxgicstudios/clawdbot-security
```

---

Built by **LXGIC Studios** - [@lxgicstudios](https://x.com/lxgicstudios)

Related Skills

moltbot-security

533

from sundial-org/awesome-openclaw-skills

Security hardening guide for Moltbot/Clawdbot. Lock down your gateway, fix file permissions, set up auth, configure firewalls. Based on real vulnerability research.

clawdbot-workspace-template-review

533

from sundial-org/awesome-openclaw-skills

Compare a Clawdbot workspace against the official templates installed with Clawdbot (npm or source) and list missing sections to pull in, especially after upgrades.

clawdbot-skill-update

533

from sundial-org/awesome-openclaw-skills

Comprehensive backup, update, and restore workflow with dynamic workspace detection

clawdbot-self-security-audit

533

from sundial-org/awesome-openclaw-skills

Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.

clawdbot-release-check

533

from sundial-org/awesome-openclaw-skills

Check for new clawdbot releases and notify once per new version.

clawdbot-logs

533

from sundial-org/awesome-openclaw-skills

Analyze Clawdbot logs and diagnostics. Use when the user asks about bot performance, response times, errors, session stats, token usage, API costs, or wants to debug slow responses.

clawdbot-documentation-expert

533

from sundial-org/awesome-openclaw-skills

No description provided.

clawdbot-cost-tracker

533

from sundial-org/awesome-openclaw-skills

Track Clawdbot AI model usage and estimate costs. Use when reporting daily/weekly costs, analyzing token usage across sessions, or monitoring AI spending. Supports Claude (opus/sonnet), GPT, and Codex models.

clawdbot-backup

533

from sundial-org/awesome-openclaw-skills

Backup and restore ClawdBot configuration, skills, commands, and settings. Sync across devices, version control with git, automate backups, and migrate to new machines.

portfolio-watcher

533

from sundial-org/awesome-openclaw-skills

Monitor stock/crypto holdings, get price alerts, track portfolio performance

portainer

533

from sundial-org/awesome-openclaw-skills

Control Docker containers and stacks via Portainer API. List containers, start/stop/restart, view logs, and redeploy stacks from git.

portable-tools

533

from sundial-org/awesome-openclaw-skills

Build cross-device tools without hardcoding paths or account names