FastMCP FastMCP
Sign In

openclaw / clawdbot-security

Security audit and hardening for Clawdbot/Moltbot installations. Detects exposed gateways, fixes permissions, enables authentication, and guides firewall/Tailscale setup.

Security
0 views
0 installs
Source: https://github.com/openclaw/skills/tree/main/skills/lxgicstudios/clawdbot-security

Skill Content

---
name: clawdbot-security
description: Security audit and hardening for Clawdbot/Moltbot installations. Detects exposed gateways, fixes permissions, enables authentication, and guides firewall/Tailscale setup.
version: 1.0.0
author: lxgicstudios
keywords: clawdbot, moltbot, security, audit, hardening, firewall, tailscale, permissions
---

# Clawdbot Security Audit

Comprehensive security scanner and hardening guide for Clawdbot/Moltbot installations.

**Why this matters**: 1,673+ Clawdbot gateways were found exposed on Shodan. If you installed Clawdbot on a server or VPS, you might be one of them.

---

## Quick Start

```bash
# Scan for issues
npx clawdbot-security-audit

# Scan and auto-fix
npx clawdbot-security-audit --fix

# Deep scan (includes network check)
npx clawdbot-security-audit --deep --fix
```

---

## What Gets Checked

### 1. Gateway Binding
- **Safe**: `bind: "loopback"` (127.0.0.1)
- **DANGER**: `bind: "lan"` or `bind: "0.0.0.0"`

### 2. File Permissions
- Config directory: 700 (owner only)
- Config file: 600 (owner read/write only)
- Credentials: 700 (owner only)

### 3. Authentication
- Token auth or password auth should be enabled
- Without auth, anyone who finds your gateway has full access

### 4. Node.js Version
- Minimum: 20.x
- Recommended: 22.12.0+
- Older versions have known vulnerabilities

### 5. mDNS Broadcasting
- Clawdbot uses Bonjour for local discovery
- On servers, this should be disabled

### 6. External Accessibility (--deep)
- Checks if your gateway port is reachable from the internet
- Uses your public IP to test

---

## Manual Hardening Steps

### Step 1: Bind to Localhost Only

```json
// ~/.clawdbot/clawdbot.json
{
  "gateway": {
    "bind": "loopback",
    "port": 18789
  }
}
```

### Step 2: Lock File Permissions

```bash
chmod 700 ~/.clawdbot
chmod 600 ~/.clawdbot/clawdbot.json
chmod 700 ~/.clawdbot/credentials
```

### Step 3: Enable Authentication

```json
{
  "gateway": {
    "auth": {
      "mode": "token"
    }
  }
}
```

Then set the token:
```bash
export CLAWDBOT_GATEWAY_TOKEN=$(openssl rand -hex 32)
```

### Step 4: Disable mDNS

```bash
export CLAWDBOT_DISABLE_BONJOUR=1
```

### Step 5: Set Up Firewall (UFW)

```bash
# Default deny incoming
sudo ufw default deny incoming
sudo ufw default allow outgoing

# Allow SSH (don't lock yourself out!)
sudo ufw allow ssh

# Allow Tailscale if using
sudo ufw allow in on tailscale0

# Enable firewall
sudo ufw enable

# DO NOT allow port 18789 publicly!
```

### Step 6: Set Up Tailscale (Recommended)

```bash
# Install
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up

# Configure Clawdbot
# Add to clawdbot.json:
{
  "gateway": {
    "bind": "loopback",
    "tailscale": {
      "mode": "serve"
    }
  }
}
```

---

## What Gets Exposed When Vulnerable

When a Clawdbot gateway is exposed:

- ❌ Complete conversation histories (Telegram, WhatsApp, Signal, iMessage)
- ❌ API keys (Claude, OpenAI, etc.)
- ❌ OAuth tokens and bot credentials
- ❌ Full shell access to the host machine
- ❌ All files in the workspace

**Prompt injection attacks** can extract this data with a single email or message.

---

## Checklist

- [ ] Gateway bound to loopback only
- [ ] File permissions locked down (700/600)
- [ ] Authentication enabled (token or password)
- [ ] Node.js 22.12.0+
- [ ] mDNS disabled on servers
- [ ] Firewall configured (UFW)
- [ ] Tailscale for remote access (not port forwarding)
- [ ] SSH key-only auth (no passwords)

---

## Installation

```bash
# npm
npm install -g clawdbot-security-audit

# ClawdHub
clawdhub install lxgicstudios/clawdbot-security
```

---

Built by **LXGIC Studios** - [@lxgicstudios](https://x.com/lxgicstudios)