skills/thesethrose_clawdbot-security-check
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
thesethrose_clawdbot-securi…/README.md

169 lines
6.2 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Clawdbot Security Check
🔒 **Self-security audit framework for Clawdbot**
Inspired by the security hardening framework from [ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ](https://x.com/DanielMiessler) and integrated with [official ClawdBot security documentation](https://docs.clawd.bot/gateway/security).
This skill teaches Clawdbot to audit its own security posture using first-principles reasoning. Not a hard-coded script—it's a **knowledge framework** that Clawdbot applies dynamically to detect vulnerabilities, understand their impact, and recommend specific remediations.
## What This Is
- 🧠 **Knowledge-based** - Embeds the security framework directly in Clawdbot
- 🔍 **Dynamic detection** - Clawdbot learns to find issues, not just run a script
- 📚 **Extensible** - Add new checks by updating the skill
- 🔒 **100% Read-only** - Only audits; never modifies configuration
## The 12 Security Domains
| # | Domain | Severity | Key Question |
|---|--------|----------|--------------|
| 1 | Gateway Exposure | 🔴 Critical | Is the gateway bound to 0.0.0.0 without auth? |
| 2 | DM Policy | 🟠 High | Are DMs restricted to an allowlist? |
| 3 | Group Access Control | 🟠 High | Are group policies set to allowlist? |
| 4 | Credentials Security | 🔴 Critical | Are secrets in plaintext with loose permissions? |
| 5 | Browser Control Exposure | 🟠 High | Is remote browser control secured? |
| 6 | Gateway Bind & Network | 🟠 High | Is network exposure intentional and controlled? |
| 7 | Tool Access & Elevated | 🟡 Medium | Are tools restricted to minimum needed? |
| 8 | File Permissions & Disk | 🟡 Medium | Are file permissions properly set? |
| 9 | Plugin Trust & Model | 🟡 Medium | Are plugins allowlisted and models current? |
| 10| Logging & Redaction | 🟡 Medium | Is sensitive data redacted in logs? |
| 11| Prompt Injection | 🟡 Medium | Is untrusted content wrapped? |
| 12| Dangerous Commands | 🟡 Medium | Are destructive commands blocked? |
## Installation
```bash
# Via ClawdHub
clawdhub install clawdbot-security-check
# Or clone for manual installation
git clone https://github.com/TheSethRose/Clawdbot-Security-Check.git
cp -r Clawdbot-Security-Check ~/.clawdbot/skills/
```
## Usage
### Via Clawdbot
```
@clawdbot audit my security
@clawdbot run security check
@clawdbot what vulnerabilities do I have?
@clawdbot security audit --deep
@clawdbot security audit --fix
```
## Security Principles
Running an AI agent with shell access requires caution. Focus on:
1. **Who can talk to the bot** — DM policies, group allowlists, channel restrictions
2. **Where the bot is allowed to act** — Network exposure, gateway binding, proxy configs
3. **What the bot can touch** — Tool access, file permissions, credential storage
## Audit Functions
The `--fix` flag applies these guardrails:
- Changes `groupPolicy` from `open` to `allowlist` for common channels
- Resets `logging.redactSensitive` from `off` to `tools`
- Tightens permissions: `.clawdbot` to `700`, configs to `600`
- Secures state files including credentials and auth profiles
## High-Level Checklist
Treat findings in this priority order:
1. 🔴 Lock down DMs and groups if tools are enabled on open settings
2. 🔴 Fix public network exposure immediately
3. 🟠 Secure browser control with tokens and HTTPS
4. 🟠 Correct file permissions for credentials and config
5. 🟡 Only load trusted plugins
6. 🟡 Use modern models for bots with tool access
## Extending the Framework
Add new checks by contributing to SKILL.md:
```markdown
## 13. New Vulnerability 🟡 Medium
**What to check:** What config reveals this?
**Detection:**
```bash
command-to-check-config
```
**Vulnerability:** What can go wrong?
**Remediation:**
```json
{ "fix": "here" }
```
```
## Architecture
```
Clawdbot-Security-Check/
├── SKILL.md # Knowledge framework (the skill - source of truth)
├── skill.json # Clawdbot metadata
├── README.md # This file
└── .gitignore
```
**SKILL.md** is the source of truth—it teaches Clawdbot everything it needs to know.
## Why This Approach?
Hard-coded scripts get stale. A knowledge framework evolves:
- ✅ Add new vulnerabilities without code changes
- ✅ Customize checks for your environment
- ✅ Clawdbot understands the "why" behind each check
- ✅ Enables intelligent follow-up questions
> "The goal isn't to find vulnerabilities—it's to understand security deeply enough that vulnerabilities can't hide." — Daniel Miessler
## Output Example
```
═══════════════════════════════════════════════════════════════
🔒 CLAWDBOT SECURITY AUDIT
═══════════════════════════════════════════════════════════════
Timestamp: 2026-01-26T15:30:00.000Z
┌─ SUMMARY ───────────────────────────────────────────────
│ 🔴 Critical: 1
│ 🟠 High: 2
│ 🟡 Medium: 1
│ ✅ Passed: 8
└────────────────────────────────────────────────────────
┌─ FINDINGS ──────────────────────────────────────────────
│ 🔴 [CRITICAL] Gateway Exposure
│ Finding: Gateway bound to 0.0.0.0:18789 without auth
│ → Fix: Set gateway.auth_token environment variable
│ 🟠 [HIGH] DM Policy
│ Finding: dm_policy is "allow" (all users)
│ → Fix: Set dm_policy to "allowlist" with trusted users
└────────────────────────────────────────────────────────
This audit was performed by Clawdbot's self-security framework.
No changes were made to your configuration.
```
## Contributing
1. Fork the repo
2. Add new security knowledge to SKILL.md
3. Submit PR
## License
MIT - Security-first, open source forever.
---
**Clawdbot knows its attack surface. Do you?**
Reference in New Issue View Git Blame Copy Permalink