clawdbot-security
Security audit and hardening for Clawdbot/Moltbot installations. Detects exposed gateways, fixes permissions, enables authentication, and guides firewall/Tailscale setup.
Install
mkdir -p .claude/skills/clawdbot-security && curl -L -o skill.zip "https://mcp.directory/api/skills/download/3624" && unzip -o skill.zip -d .claude/skills/clawdbot-security && rm skill.zipInstalls to .claude/skills/clawdbot-security
About this skill
Clawdbot Security Audit
Comprehensive security scanner and hardening guide for Clawdbot/Moltbot installations.
Why this matters: 1,673+ Clawdbot gateways were found exposed on Shodan. If you installed Clawdbot on a server or VPS, you might be one of them.
Quick Start
# Scan for issues
npx clawdbot-security-audit
# Scan and auto-fix
npx clawdbot-security-audit --fix
# Deep scan (includes network check)
npx clawdbot-security-audit --deep --fix
What Gets Checked
1. Gateway Binding
- Safe:
bind: "loopback"(127.0.0.1) - DANGER:
bind: "lan"orbind: "0.0.0.0"
2. File Permissions
- Config directory: 700 (owner only)
- Config file: 600 (owner read/write only)
- Credentials: 700 (owner only)
3. Authentication
- Token auth or password auth should be enabled
- Without auth, anyone who finds your gateway has full access
4. Node.js Version
- Minimum: 20.x
- Recommended: 22.12.0+
- Older versions have known vulnerabilities
5. mDNS Broadcasting
- Clawdbot uses Bonjour for local discovery
- On servers, this should be disabled
6. External Accessibility (--deep)
- Checks if your gateway port is reachable from the internet
- Uses your public IP to test
Manual Hardening Steps
Step 1: Bind to Localhost Only
// ~/.clawdbot/clawdbot.json
{
"gateway": {
"bind": "loopback",
"port": 18789
}
}
Step 2: Lock File Permissions
chmod 700 ~/.clawdbot
chmod 600 ~/.clawdbot/clawdbot.json
chmod 700 ~/.clawdbot/credentials
Step 3: Enable Authentication
{
"gateway": {
"auth": {
"mode": "token"
}
}
}
Then set the token:
export CLAWDBOT_GATEWAY_TOKEN=$(openssl rand -hex 32)
Step 4: Disable mDNS
export CLAWDBOT_DISABLE_BONJOUR=1
Step 5: Set Up Firewall (UFW)
# Default deny incoming
sudo ufw default deny incoming
sudo ufw default allow outgoing
# Allow SSH (don't lock yourself out!)
sudo ufw allow ssh
# Allow Tailscale if using
sudo ufw allow in on tailscale0
# Enable firewall
sudo ufw enable
# DO NOT allow port 18789 publicly!
Step 6: Set Up Tailscale (Recommended)
# Install
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up
# Configure Clawdbot
# Add to clawdbot.json:
{
"gateway": {
"bind": "loopback",
"tailscale": {
"mode": "serve"
}
}
}
What Gets Exposed When Vulnerable
When a Clawdbot gateway is exposed:
- ❌ Complete conversation histories (Telegram, WhatsApp, Signal, iMessage)
- ❌ API keys (Claude, OpenAI, etc.)
- ❌ OAuth tokens and bot credentials
- ❌ Full shell access to the host machine
- ❌ All files in the workspace
Prompt injection attacks can extract this data with a single email or message.
Checklist
- Gateway bound to loopback only
- File permissions locked down (700/600)
- Authentication enabled (token or password)
- Node.js 22.12.0+
- mDNS disabled on servers
- Firewall configured (UFW)
- Tailscale for remote access (not port forwarding)
- SSH key-only auth (no passwords)
Installation
# npm
npm install -g clawdbot-security-audit
# ClawdHub
clawdhub install lxgicstudios/clawdbot-security
Built by LXGIC Studios - @lxgicstudios
More by openclaw
View all skills by openclaw →You might also like
flutter-development
aj-geddes
Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.
ui-ux-pro-max
nextlevelbuilder
"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."
drawio-diagrams-enhanced
jgtolentino
Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.
godot
bfollington
This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.
nano-banana-pro
garg-aayush
Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.
pdf-to-markdown
aliceisjustplaying
Convert entire PDF documents to clean, structured Markdown for full context loading. Use this skill when the user wants to extract ALL text from a PDF into context (not grep/search), when discussing or analyzing PDF content in full, when the user mentions "load the whole PDF", "bring the PDF into context", "read the entire PDF", or when partial extraction/grepping would miss important context. This is the preferred method for PDF text extraction over page-by-page or grep approaches.
Related MCP Servers
Browse all servers
Security AuditSecurity Audit analyzes Node.js dependencies for vulnerabilities using npm-audit-report, delivering actionable security
React Native Development GuideGet expert React Native software guidance with tools for component analysis, performance, debugging, and migration betwe
Java Class AnalyzerAnalyze and decompile Java class files online with our Java decompiler software, featuring JD decompiler and JD GUI inte
Houtini LMHoutini LM delivers advanced prompt engineering with 35+ functions for code analysis, generation, security audits, and d
Web AuditWeb Audit scans Node.js package.json, runs npm audit, and creates markdown reports by severity for automated security as
SSL MonitorMonitor SSL certificates and domains with WHOIS lookup for real-time validation, expiration tracking, and proactive rene