Awesome-openclaw-skills clawdbot-security
Security audit and hardening for Clawdbot/Moltbot installations. Detects exposed gateways, fixes permissions, enables authentication, and guides firewall/Tailscale setup.
install
source · Clone the upstream repo
git clone https://github.com/sundial-org/awesome-openclaw-skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/sundial-org/awesome-openclaw-skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/clawdbot-security" ~/.claude/skills/sundial-org-awesome-openclaw-skills-clawdbot-security && rm -rf "$T"
OpenClaw · Install into ~/.openclaw/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/sundial-org/awesome-openclaw-skills "$T" && mkdir -p ~/.openclaw/skills && cp -r "$T/skills/clawdbot-security" ~/.openclaw/skills/sundial-org-awesome-openclaw-skills-clawdbot-security && rm -rf "$T"
manifest:
skills/clawdbot-security/SKILL.mdsource content
Clawdbot Security Audit
Comprehensive security scanner and hardening guide for Clawdbot/Moltbot installations.
Why this matters: 1,673+ Clawdbot gateways were found exposed on Shodan. If you installed Clawdbot on a server or VPS, you might be one of them.
Quick Start
# Scan for issues npx clawdbot-security-audit # Scan and auto-fix npx clawdbot-security-audit --fix # Deep scan (includes network check) npx clawdbot-security-audit --deep --fix
What Gets Checked
1. Gateway Binding
- Safe:
(127.0.0.1)bind: "loopback" - DANGER:
orbind: "lan"bind: "0.0.0.0"
2. File Permissions
- Config directory: 700 (owner only)
- Config file: 600 (owner read/write only)
- Credentials: 700 (owner only)
3. Authentication
- Token auth or password auth should be enabled
- Without auth, anyone who finds your gateway has full access
4. Node.js Version
- Minimum: 20.x
- Recommended: 22.12.0+
- Older versions have known vulnerabilities
5. mDNS Broadcasting
- Clawdbot uses Bonjour for local discovery
- On servers, this should be disabled
6. External Accessibility (--deep)
- Checks if your gateway port is reachable from the internet
- Uses your public IP to test
Manual Hardening Steps
Step 1: Bind to Localhost Only
// ~/.clawdbot/clawdbot.json { "gateway": { "bind": "loopback", "port": 18789 } }
Step 2: Lock File Permissions
chmod 700 ~/.clawdbot chmod 600 ~/.clawdbot/clawdbot.json chmod 700 ~/.clawdbot/credentials
Step 3: Enable Authentication
{ "gateway": { "auth": { "mode": "token" } } }
Then set the token:
export CLAWDBOT_GATEWAY_TOKEN=$(openssl rand -hex 32)
Step 4: Disable mDNS
export CLAWDBOT_DISABLE_BONJOUR=1
Step 5: Set Up Firewall (UFW)
# Default deny incoming sudo ufw default deny incoming sudo ufw default allow outgoing # Allow SSH (don't lock yourself out!) sudo ufw allow ssh # Allow Tailscale if using sudo ufw allow in on tailscale0 # Enable firewall sudo ufw enable # DO NOT allow port 18789 publicly!
Step 6: Set Up Tailscale (Recommended)
# Install curl -fsSL https://tailscale.com/install.sh | sh sudo tailscale up # Configure Clawdbot # Add to clawdbot.json: { "gateway": { "bind": "loopback", "tailscale": { "mode": "serve" } } }
What Gets Exposed When Vulnerable
When a Clawdbot gateway is exposed:
- ❌ Complete conversation histories (Telegram, WhatsApp, Signal, iMessage)
- ❌ API keys (Claude, OpenAI, etc.)
- ❌ OAuth tokens and bot credentials
- ❌ Full shell access to the host machine
- ❌ All files in the workspace
Prompt injection attacks can extract this data with a single email or message.
Checklist
- Gateway bound to loopback only
- File permissions locked down (700/600)
- Authentication enabled (token or password)
- Node.js 22.12.0+
- mDNS disabled on servers
- Firewall configured (UFW)
- Tailscale for remote access (not port forwarding)
- SSH key-only auth (no passwords)
Installation
# npm npm install -g clawdbot-security-audit # ClawdHub clawdhub install lxgicstudios/clawdbot-security
Built by LXGIC Studios - @lxgicstudios