home / skills / openclaw / skills / clawdbot-security
This skill helps secure Clawdbot/Moltbot installations by auditing gateways, tightening permissions, enabling auth, and guiding firewall and VPN setups.
npx playbooks add skill openclaw/skills --skill clawdbot-securityReview the files below or copy the command above to add this skill to your agents.
---
name: clawdbot-security
description: Security audit and hardening for Clawdbot/Moltbot installations. Detects exposed gateways, fixes permissions, enables authentication, and guides firewall/Tailscale setup.
version: 1.0.0
author: lxgicstudios
keywords: clawdbot, moltbot, security, audit, hardening, firewall, tailscale, permissions
---
# Clawdbot Security Audit
Comprehensive security scanner and hardening guide for Clawdbot/Moltbot installations.
**Why this matters**: 1,673+ Clawdbot gateways were found exposed on Shodan. If you installed Clawdbot on a server or VPS, you might be one of them.
---
## Quick Start
```bash
# Scan for issues
npx clawdbot-security-audit
# Scan and auto-fix
npx clawdbot-security-audit --fix
# Deep scan (includes network check)
npx clawdbot-security-audit --deep --fix
```
---
## What Gets Checked
### 1. Gateway Binding
- **Safe**: `bind: "loopback"` (127.0.0.1)
- **DANGER**: `bind: "lan"` or `bind: "0.0.0.0"`
### 2. File Permissions
- Config directory: 700 (owner only)
- Config file: 600 (owner read/write only)
- Credentials: 700 (owner only)
### 3. Authentication
- Token auth or password auth should be enabled
- Without auth, anyone who finds your gateway has full access
### 4. Node.js Version
- Minimum: 20.x
- Recommended: 22.12.0+
- Older versions have known vulnerabilities
### 5. mDNS Broadcasting
- Clawdbot uses Bonjour for local discovery
- On servers, this should be disabled
### 6. External Accessibility (--deep)
- Checks if your gateway port is reachable from the internet
- Uses your public IP to test
---
## Manual Hardening Steps
### Step 1: Bind to Localhost Only
```json
// ~/.clawdbot/clawdbot.json
{
"gateway": {
"bind": "loopback",
"port": 18789
}
}
```
### Step 2: Lock File Permissions
```bash
chmod 700 ~/.clawdbot
chmod 600 ~/.clawdbot/clawdbot.json
chmod 700 ~/.clawdbot/credentials
```
### Step 3: Enable Authentication
```json
{
"gateway": {
"auth": {
"mode": "token"
}
}
}
```
Then set the token:
```bash
export CLAWDBOT_GATEWAY_TOKEN=$(openssl rand -hex 32)
```
### Step 4: Disable mDNS
```bash
export CLAWDBOT_DISABLE_BONJOUR=1
```
### Step 5: Set Up Firewall (UFW)
```bash
# Default deny incoming
sudo ufw default deny incoming
sudo ufw default allow outgoing
# Allow SSH (don't lock yourself out!)
sudo ufw allow ssh
# Allow Tailscale if using
sudo ufw allow in on tailscale0
# Enable firewall
sudo ufw enable
# DO NOT allow port 18789 publicly!
```
### Step 6: Set Up Tailscale (Recommended)
```bash
# Install
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up
# Configure Clawdbot
# Add to clawdbot.json:
{
"gateway": {
"bind": "loopback",
"tailscale": {
"mode": "serve"
}
}
}
```
---
## What Gets Exposed When Vulnerable
When a Clawdbot gateway is exposed:
- ❌ Complete conversation histories (Telegram, WhatsApp, Signal, iMessage)
- ❌ API keys (Claude, OpenAI, etc.)
- ❌ OAuth tokens and bot credentials
- ❌ Full shell access to the host machine
- ❌ All files in the workspace
**Prompt injection attacks** can extract this data with a single email or message.
---
## Checklist
- [ ] Gateway bound to loopback only
- [ ] File permissions locked down (700/600)
- [ ] Authentication enabled (token or password)
- [ ] Node.js 22.12.0+
- [ ] mDNS disabled on servers
- [ ] Firewall configured (UFW)
- [ ] Tailscale for remote access (not port forwarding)
- [ ] SSH key-only auth (no passwords)
---
## Installation
```bash
# npm
npm install -g clawdbot-security-audit
# ClawdHub
clawdhub install lxgicstudios/clawdbot-security
```
---
Built by **LXGIC Studios** - [@lxgicstudios](https://x.com/lxgicstudios)
This skill performs a security audit and hardening guide for Clawdbot/Moltbot installations to identify exposed gateways and insecure configurations. It detects common risks like public gateway bindings, weak file permissions, missing authentication, outdated Node.js, mDNS broadcasting, and external accessibility. It also offers automated fixes and step-by-step remediation guidance for firewall and Tailscale setup.
The tool scans your Clawdbot configuration, filesystem permissions, environment variables, and Node.js version. It flags dangerous gateway bindings (0.0.0.0 or LAN), missing auth, incorrect file modes, and mDNS enabled on servers. With the --deep option it tests whether the gateway port is reachable from the internet using your public IP, and the --fix option can apply recommended hardening changes automatically.
Will the scanner change files when I run it?
By default it only reports issues. Use the --fix option to apply recommended permission and configuration changes automatically.
How does the deep scan check external access?
The deep scan uses your public IP to attempt a connection to the gateway port to determine if it is reachable from the internet.
Can I keep remote access without exposing the gateway publicly?
Yes. Use Tailscale or another VPN and bind the gateway to loopback; allow access via the VPN interface rather than opening the port publicly.