openclaw-server-secure-skill
Comprehensive security hardening and installation guide for OpenClaw (formerly Clawdbot/Moltbot). Use this skill when the user wants to secure a server, install the OpenClaw agent, or configure Tailscale/Firewall for the agent.
Why use this skill?
Learn how to secure your OpenClaw instance with our automated server hardening skill. Includes SSH configuration, firewall setup, and Tailscale VPN integration.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/kime541200/openclaw-server-secure-skillWhat This Skill Does
The openclaw-server-secure-skill provides an automated, opinionated workflow for hardening Linux server infrastructure specifically tailored for hosting OpenClaw agents. It transitions a server from a standard public-facing configuration to a zero-trust, private-mesh architecture. The skill manages critical security layers: SSH hardening (enforcing public key authentication and disabling root login), UFW firewall management with default-deny policies, brute-force mitigation via Fail2ban, and secure network encapsulation using Tailscale. By leveraging this skill, you reduce the manual effort of configuring complex network rules and kernel-level security parameters, ensuring your OpenClaw agent operates within a protected perimeter.
Installation
To install this skill, use the ClawHub interface from your command line terminal. Execute the following command in your shell:
clawhub install openclaw/skills/skills/kime541200/openclaw-server-secure-skill
Once installed, you can trigger the security workflow by initiating a conversation with the agent regarding server setup or hardening.
Use Cases
- Production Deployment: Preparing a fresh cloud VPS for hosting an OpenClaw instance safely.
- Security Audit & Cleanup: Retroactively hardening an existing server that has been exposed to the public internet.
- VPN Integration: Migrating remote administration from insecure public SSH access to a private Tailscale mesh network.
- Automated Compliance: Quickly applying standardized security baselines across a fleet of infrastructure nodes.
Example Prompts
- "I'm setting up a new VPS for OpenClaw. Please run the server hardening workflow and install Tailscale for me."
- "My server is exposed to the internet. Can you restrict my SSH and web traffic to only be accessible via my Tailscale subnet?"
- "Install OpenClaw on this machine, but make sure the firewall is set to default-deny and fail2ban is active first."
Tips & Limitations
Critical Warning: Always ensure you have out-of-band console access (such as a cloud provider's VNC console) before enabling the firewall, as misconfiguring UFW can lock you out of your server. This skill automates sensitive operations; ensure your SSH keys are correctly added to ~/.ssh/authorized_keys before disabling password authentication. While this skill provides a robust baseline, it does not replace the need for regular OS package updates or monitoring logs for unusual behavior. IPv6 disabling is optional and should only be performed if your local network environment does not strictly rely on it.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-kime541200-openclaw-server-secure-skill": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: network-access, file-write, code-execution