# Clawdbot Security Check πŸ”’ **Self-security audit framework for Clawdbot** Inspired by the security hardening framework from [α΄…α΄€Ι΄Ιͺα΄‡ΚŸ ᴍΙͺᴇssΚŸα΄‡Κ€](https://x.com/DanielMiessler) and integrated with [official ClawdBot security documentation](https://docs.clawd.bot/gateway/security). This skill teaches Clawdbot to audit its own security posture using first-principles reasoning. Not a hard-coded scriptβ€”it's a **knowledge framework** that Clawdbot applies dynamically to detect vulnerabilities, understand their impact, and recommend specific remediations. ## What This Is - 🧠 **Knowledge-based** - Embeds the security framework directly in Clawdbot - πŸ” **Dynamic detection** - Clawdbot learns to find issues, not just run a script - πŸ“š **Extensible** - Add new checks by updating the skill - πŸ”’ **100% Read-only** - Only audits; never modifies configuration ## The 12 Security Domains | # | Domain | Severity | Key Question | |---|--------|----------|--------------| | 1 | Gateway Exposure | πŸ”΄ Critical | Is the gateway bound to 0.0.0.0 without auth? | | 2 | DM Policy | 🟠 High | Are DMs restricted to an allowlist? | | 3 | Group Access Control | 🟠 High | Are group policies set to allowlist? | | 4 | Credentials Security | πŸ”΄ Critical | Are secrets in plaintext with loose permissions? | | 5 | Browser Control Exposure | 🟠 High | Is remote browser control secured? | | 6 | Gateway Bind & Network | 🟠 High | Is network exposure intentional and controlled? | | 7 | Tool Access & Elevated | 🟑 Medium | Are tools restricted to minimum needed? | | 8 | File Permissions & Disk | 🟑 Medium | Are file permissions properly set? | | 9 | Plugin Trust & Model | 🟑 Medium | Are plugins allowlisted and models current? | | 10| Logging & Redaction | 🟑 Medium | Is sensitive data redacted in logs? | | 11| Prompt Injection | 🟑 Medium | Is untrusted content wrapped? | | 12| Dangerous Commands | 🟑 Medium | Are destructive commands blocked? | ## Installation ```bash # Via ClawdHub clawdhub install clawdbot-security-check # Or clone for manual installation git clone https://github.com/TheSethRose/Clawdbot-Security-Check.git cp -r Clawdbot-Security-Check ~/.clawdbot/skills/ ``` ## Usage ### Via Clawdbot ``` @clawdbot audit my security @clawdbot run security check @clawdbot what vulnerabilities do I have? @clawdbot security audit --deep @clawdbot security audit --fix ``` ## Security Principles Running an AI agent with shell access requires caution. Focus on: 1. **Who can talk to the bot** β€” DM policies, group allowlists, channel restrictions 2. **Where the bot is allowed to act** β€” Network exposure, gateway binding, proxy configs 3. **What the bot can touch** β€” Tool access, file permissions, credential storage ## Audit Functions The `--fix` flag applies these guardrails: - Changes `groupPolicy` from `open` to `allowlist` for common channels - Resets `logging.redactSensitive` from `off` to `tools` - Tightens permissions: `.clawdbot` to `700`, configs to `600` - Secures state files including credentials and auth profiles ## High-Level Checklist Treat findings in this priority order: 1. πŸ”΄ Lock down DMs and groups if tools are enabled on open settings 2. πŸ”΄ Fix public network exposure immediately 3. 🟠 Secure browser control with tokens and HTTPS 4. 🟠 Correct file permissions for credentials and config 5. 🟑 Only load trusted plugins 6. 🟑 Use modern models for bots with tool access ## Extending the Framework Add new checks by contributing to SKILL.md: ```markdown ## 13. New Vulnerability 🟑 Medium **What to check:** What config reveals this? **Detection:** ```bash command-to-check-config ``` **Vulnerability:** What can go wrong? **Remediation:** ```json { "fix": "here" } ``` ``` ## Architecture ``` Clawdbot-Security-Check/ β”œβ”€β”€ SKILL.md # Knowledge framework (the skill - source of truth) β”œβ”€β”€ skill.json # Clawdbot metadata β”œβ”€β”€ README.md # This file └── .gitignore ``` **SKILL.md** is the source of truthβ€”it teaches Clawdbot everything it needs to know. ## Why This Approach? Hard-coded scripts get stale. A knowledge framework evolves: - βœ… Add new vulnerabilities without code changes - βœ… Customize checks for your environment - βœ… Clawdbot understands the "why" behind each check - βœ… Enables intelligent follow-up questions > "The goal isn't to find vulnerabilitiesβ€”it's to understand security deeply enough that vulnerabilities can't hide." β€” Daniel Miessler ## Output Example ``` ═══════════════════════════════════════════════════════════════ πŸ”’ CLAWDBOT SECURITY AUDIT ═══════════════════════════════════════════════════════════════ Timestamp: 2026-01-26T15:30:00.000Z β”Œβ”€ SUMMARY ─────────────────────────────────────────────── β”‚ πŸ”΄ Critical: 1 β”‚ 🟠 High: 2 β”‚ 🟑 Medium: 1 β”‚ βœ… Passed: 8 └──────────────────────────────────────────────────────── β”Œβ”€ FINDINGS ────────────────────────────────────────────── β”‚ πŸ”΄ [CRITICAL] Gateway Exposure β”‚ Finding: Gateway bound to 0.0.0.0:18789 without auth β”‚ β†’ Fix: Set gateway.auth_token environment variable β”‚ β”‚ 🟠 [HIGH] DM Policy β”‚ Finding: dm_policy is "allow" (all users) β”‚ β†’ Fix: Set dm_policy to "allowlist" with trusted users └──────────────────────────────────────────────────────── This audit was performed by Clawdbot's self-security framework. No changes were made to your configuration. ``` ## Contributing 1. Fork the repo 2. Add new security knowledge to SKILL.md 3. Submit PR ## License MIT - Security-first, open source forever. --- **Clawdbot knows its attack surface. Do you?**