clawdbot-security
Security audit and hardening for Clawdbot/Moltbot installations. Detects exposed gateways, fixes permissions, enables authentication, and guides firewall/Tailscale setup.
Why use this skill?
Secure your Clawdbot gateway with automated security audits, file permission hardening, and network binding checks to prevent unauthorized access to your AI bots.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/lxgicstudios/clawdbot-securityWhat This Skill Does
The clawdbot-security skill serves as a mission-critical auditing and hardening suite for your Clawdbot or Moltbot gateway installations. Designed to mitigate risks associated with publicly exposed services, this agent automatically detects dangerous network configurations, weak file permissions, and insecure node versions. It identifies whether your instance is bound to the public internet (0.0.0.0), checks if essential security protocols like token authentication are enabled, and verifies that sensitive configuration files have restrictive filesystem permissions. By automating the discovery and remediation of these vulnerabilities, it provides peace of mind for self-hosted AI deployments.
Installation
To integrate this utility, run the following command within your environment:
clawhub install openclaw/skills/skills/lxgicstudios/clawdbot-security
Use Cases
This skill is essential for users deploying Clawdbot on VPS or remote servers. It is specifically intended for:
- Security Auditing: Performing automated health checks to ensure no misconfigurations have been introduced over time.
- Hardening: Automatically applying production-grade security defaults to prevent unauthorized access to AI workspace files and API keys.
- Network Perimeter Defense: Helping users transition from public-facing gateways to secure, private connectivity through Tailscale or local-only bindings.
- Vulnerability Patching: Ensuring your Node.js runtime meets the minimum security requirements to avoid known exploits.
Example Prompts
- "Run a full security audit on my current Clawdbot installation and show me any critical vulnerabilities."
- "Perform a deep scan, fix all permission issues, and secure my network bindings automatically."
- "Help me migrate my gateway to run exclusively over Tailscale to remove external exposure."
Tips & Limitations
While the auto-fix flag (--fix) is powerful, always back up your ~/.clawdbot directory before execution. Note that deep scans perform network connectivity tests to ensure you aren't leaking ports to the internet; these tests require standard outbound internet access. This tool does not replace a comprehensive firewall (like UFW or iptables) but acts as a first line of defense for your application-specific configuration. Always remember that security is an ongoing process—run this skill periodically, especially after updating your bot configuration.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-lxgicstudios-clawdbot-security": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: network-access, file-write, file-read, code-execution
Related Skills
script-gen
Generate package.json scripts with AI. Use when setting up npm scripts.
email-template-gen
Generate responsive email templates. Use when building transactional emails.
branch-namer
Generate descriptive git branch names from plain English. Use when you need a branch name that follows conventions.
cloudflare-gen
Generate Cloudflare Workers configuration and code. Use when building on the edge.
adr-writer
Generate Architecture Decision Records with AI. Use when documenting technical decisions.