clawdbot-self-security-audit

✓Verified·Scanned 2/18/2026

Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.

from clawhub.ai·v9cdcbaf·25.7 KB·0 installs

Scanned from 2.2.2 at 9cdcbaf · Transparency log ↗

$ vett add clawhub.ai/thesethrose/clawdbot-self-security-audit

Clawdbot Security Check

🔒 Self-security audit framework for Clawdbot

Inspired by the security hardening framework from ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ and integrated with official ClawdBot security documentation.

This skill teaches Clawdbot to audit its own security posture using first-principles reasoning. Not a hard-coded script—it's a knowledge framework that Clawdbot applies dynamically to detect vulnerabilities, understand their impact, and recommend specific remediations.

What This Is

🧠 Knowledge-based - Embeds the security framework directly in Clawdbot
🔍 Dynamic detection - Clawdbot learns to find issues, not just run a script
📚 Extensible - Add new checks by updating the skill
🔒 100% Read-only - Only audits; never modifies configuration

The 12 Security Domains

#	Domain	Severity	Key Question
1	Gateway Exposure	🔴 Critical	Is the gateway bound to 0.0.0.0 without auth?
2	DM Policy	🟠 High	Are DMs restricted to an allowlist?
3	Group Access Control	🟠 High	Are group policies set to allowlist?
4	Credentials Security	🔴 Critical	Are secrets in plaintext with loose permissions?
5	Browser Control Exposure	🟠 High	Is remote browser control secured?
6	Gateway Bind & Network	🟠 High	Is network exposure intentional and controlled?
7	Tool Access & Elevated	🟡 Medium	Are tools restricted to minimum needed?
8	File Permissions & Disk	🟡 Medium	Are file permissions properly set?
9	Plugin Trust & Model	🟡 Medium	Are plugins allowlisted and models current?
10	Logging & Redaction	🟡 Medium	Is sensitive data redacted in logs?
11	Prompt Injection	🟡 Medium	Is untrusted content wrapped?
12	Dangerous Commands	🟡 Medium	Are destructive commands blocked?

Installation

# Via ClawdHub
clawdhub install clawdbot-security-check

# Or clone for manual installation
git clone https://github.com/TheSethRose/Clawdbot-Security-Check.git
cp -r Clawdbot-Security-Check ~/.clawdbot/skills/

Usage

Via Clawdbot

@clawdbot audit my security
@clawdbot run security check
@clawdbot what vulnerabilities do I have?
@clawdbot security audit --deep
@clawdbot security audit --fix

Security Principles

Running an AI agent with shell access requires caution. Focus on:

Who can talk to the bot — DM policies, group allowlists, channel restrictions
Where the bot is allowed to act — Network exposure, gateway binding, proxy configs
What the bot can touch — Tool access, file permissions, credential storage

Audit Functions

The --fix flag applies these guardrails:

Changes groupPolicy from open to allowlist for common channels
Resets logging.redactSensitive from off to tools
Tightens permissions: .clawdbot to 700, configs to 600
Secures state files including credentials and auth profiles

High-Level Checklist

Treat findings in this priority order:

🔴 Lock down DMs and groups if tools are enabled on open settings
🔴 Fix public network exposure immediately
🟠 Secure browser control with tokens and HTTPS
🟠 Correct file permissions for credentials and config
🟡 Only load trusted plugins
🟡 Use modern models for bots with tool access

Extending the Framework

Add new checks by contributing to SKILL.md:

## 13. New Vulnerability 🟡 Medium

**What to check:** What config reveals this?

**Detection:**
```bash
command-to-check-config

Vulnerability: What can go wrong?

Remediation:

{ "fix": "here" }


## Architecture

Clawdbot-Security-Check/ ├── SKILL.md # Knowledge framework (the skill - source of truth) ├── skill.json # Clawdbot metadata ├── README.md # This file └── .gitignore


**SKILL.md** is the source of truth—it teaches Clawdbot everything it needs to know.

## Why This Approach?

Hard-coded scripts get stale. A knowledge framework evolves:

- ✅ Add new vulnerabilities without code changes
- ✅ Customize checks for your environment
- ✅ Clawdbot understands the "why" behind each check
- ✅ Enables intelligent follow-up questions

> "The goal isn't to find vulnerabilities—it's to understand security deeply enough that vulnerabilities can't hide." — Daniel Miessler

## Output Example

═══════════════════════════════════════════════════════════════ 🔒 CLAWDBOT SECURITY AUDIT ═══════════════════════════════════════════════════════════════ Timestamp: 2026-01-26T15:30:00.000Z

┌─ SUMMARY ─────────────────────────────────────────────── │ 🔴 Critical: 1 │ 🟠 High: 2 │ 🟡 Medium: 1 │ ✅ Passed: 8 └────────────────────────────────────────────────────────

┌─ FINDINGS ────────────────────────────────────────────── │ 🔴 [CRITICAL] Gateway Exposure │ Finding: Gateway bound to 0.0.0.0:18789 without auth │ → Fix: Set gateway.auth_token environment variable │ │ 🟠 [HIGH] DM Policy │ Finding: dm_policy is "allow" (all users) │ → Fix: Set dm_policy to "allowlist" with trusted users └────────────────────────────────────────────────────────

This audit was performed by Clawdbot's self-security framework. No changes were made to your configuration.


## Contributing

1. Fork the repo
2. Add new security knowledge to SKILL.md
3. Submit PR

## License

MIT - Security-first, open source forever.

---

**Clawdbot knows its attack surface. Do you?**