skills$openclaw/moltbot, openclaw-security

1.4k★

moltbot, openclaw-security – OpenClaw Skill

Name: moltbot, openclaw-security
Author: nextfrontierbuilds

moltbot, openclaw-security is an OpenClaw Skills integration for security workflows. Security hardening guide for AI agents (OpenClaw/Moltbot/OpenClaw). Lock down gateway, fix permissions, set up auth. Based on real vulnerability research.

1.4k stars2.4k forksSecurity L1

Updated Feb 7, 2026Created Feb 7, 2026security

Skill Snapshot

name	moltbot, openclaw-security
description	Security hardening guide for AI agents (OpenClaw/Moltbot/OpenClaw). Lock down gateway, fix permissions, set up auth. Based on real vulnerability research. OpenClaw Skills integration.
owner	nextfrontierbuilds
repository	nextfrontierbuilds/moltbot-security
language	Markdown
license	MIT
topics
security	L1
install	openclaw add @nextfrontierbuilds/moltbot-security
last updated	Feb 7, 2026

Maintainer

nextfrontierbuilds

Maintains moltbot, openclaw-security in the OpenClaw Skills directory.

View GitHub profile

File Explorer

4 files

_meta.json

474 B

package.json

712 B

README.md

1.3 KB

SKILL.md

6.0 KB

SKILL.md

name: moltbot, openclaw-security description: Security hardening guide for AI agents (OpenClaw/Moltbot/OpenClaw). Lock down gateway, fix permissions, set up auth. Based on real vulnerability research. version: 1.0.1 author: NextFrontierBuilds keywords: moltbot, openclaw, openclaw, security, hardening, gateway, firewall, tailscale, ssh, authentication, ai-agent, ai-coding, claude, cursor, devops, infosec, vibe-coding

Moltbot Security Guide

Your Moltbot gateway was designed for local use. When exposed to the internet without proper security, attackers can access your API keys, private messages, and full system access.

Based on: Real vulnerability research that found 1,673+ exposed OpenClaw/Moltbot gateways on Shodan.

TL;DR - The 5 Essentials

Bind to loopback — Never expose gateway to public internet
Set auth token — Require authentication for all requests
Fix file permissions — Only you should read config files
Update Node.js — Use v22.12.0+ to avoid known vulnerabilities
Use Tailscale — Secure remote access without public exposure

What Gets Exposed (The Real Risk)

When your gateway is publicly accessible:

Complete conversation histories (Telegram, WhatsApp, Signal, iMessage)
API keys for Claude, OpenAI, and other providers
OAuth tokens and bot credentials
Full shell access to host machine

Prompt injection attack example: An attacker sends you an email with hidden instructions. Your AI reads it, extracts your recent emails, and forwards summaries to the attacker. No hacking required.

Quick Security Audit

Run this to check your current security posture:

openclaw security audit --deep

Auto-fix issues:

openclaw security audit --deep --fix

Step 1: Bind Gateway to Loopback Only

What this does: Prevents the gateway from accepting connections from other machines.

Check your ~/.openclaw/openclaw.json:

{
  "gateway": {
    "bind": "loopback"
  }
}

Options:

loopback — Only accessible from localhost (most secure)
lan — Accessible from local network only
auto — Binds to all interfaces (dangerous if exposed)

Step 2: Set Up Authentication

Option A: Token Authentication (Recommended)

Generate a secure token:

openssl rand -hex 32

Add to your config:

{
  "gateway": {
    "auth": {
      "mode": "token",
      "token": "your-64-char-hex-token-here"
    }
  }
}

Or set via environment:

export CLAWDBOT_GATEWAY_TOKEN="your-secure-random-token-here"

Option B: Password Authentication

{
  "gateway": {
    "auth": {
      "mode": "password"
    }
  }
}

Then:

export CLAWDBOT_GATEWAY_PASSWORD="your-secure-password-here"

Step 3: Lock Down File Permissions

What this does: Ensures only you can read sensitive config files.

chmod 700 ~/.openclaw
chmod 600 ~/.openclaw/openclaw.json
chmod 700 ~/.openclaw/credentials

Permission meanings:

700 = Only owner can access folder
600 = Only owner can read/write file

Or let OpenClaw fix it:

openclaw security audit --fix

Step 4: Disable Network Broadcasting

What this does: Stops OpenClaw from announcing itself via mDNS/Bonjour.

Add to your shell config (~/.zshrc or ~/.bashrc):

export CLAWDBOT_DISABLE_BONJOUR=1

Reload:

source ~/.zshrc

Step 5: Update Node.js

Older Node.js versions have security vulnerabilities. You need v22.12.0+.

Check version:

node --version

Mac (Homebrew):

brew update && brew upgrade node

Ubuntu/Debian:

curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
sudo apt-get install -y nodejs

Windows: Download from nodejs.org

Step 6: Set Up Tailscale (Remote Access)

What this does: Creates encrypted tunnel between your devices. Access OpenClaw from anywhere without public exposure.

Install Tailscale:

# Linux
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up

# Mac
brew install tailscale

Configure OpenClaw for Tailscale:

{
  "gateway": {
    "bind": "loopback",
    "tailscale": {
      "mode": "serve"
    }
  }
}

Now access via your Tailscale network only.

Step 7: Firewall Setup (UFW)

For cloud servers (AWS, DigitalOcean, Hetzner, etc.)

Install UFW:

sudo apt update && sudo apt install ufw -y

Set defaults:

sudo ufw default deny incoming
sudo ufw default allow outgoing

Allow SSH (don't skip!):

sudo ufw allow ssh

Allow Tailscale (if using):

sudo ufw allow in on tailscale0

Enable:

sudo ufw enable

Verify:

sudo ufw status verbose

⚠️ Never do this:

# DON'T - exposes your gateway publicly
sudo ufw allow 18789

Step 8: SSH Hardening

Disable password auth (use SSH keys):

sudo nano /etc/ssh/sshd_config

Change:

PasswordAuthentication no
PermitRootLogin no

Restart:

sudo systemctl restart sshd

Security Checklist

Before deploying:

Config Template (Secure Defaults)

{
  "gateway": {
    "port": 18789,
    "bind": "loopback",
    "auth": {
      "mode": "token",
      "token": "YOUR_64_CHAR_HEX_TOKEN"
    },
    "tailscale": {
      "mode": "serve"
    }
  }
}

Credits

Based on security research by @NickSpisak_ who found 1,673+ exposed gateways on Shodan.

Original article: https://x.com/nickspisak_/status/2016195582180700592

Installation

clawdhub install NextFrontierBuilds/moltbot, openclaw-security

Built by @NextXFrontier

README.md

Moltbot Security Guide

Security hardening for Moltbot/Clawdbot. Lock down your gateway, fix file permissions, set up authentication, configure firewalls.

Based on real vulnerability research that found 1,673+ exposed Clawdbot/Moltbot gateways on Shodan.

Install

ClawdHub:

clawdhub install NextFrontierBuilds/moltbot-security

npm:

npm install moltbot-security

The 5 Essentials

Bind to loopback — Never expose gateway publicly
Set auth token — Require authentication
Fix file permissions — Only you read configs
Update Node.js — v22.12.0+ required
Use Tailscale — Secure remote access

Quick Audit

clawdbot security audit --deep --fix

What Gets Exposed

Without proper security:

Conversation histories (Telegram, WhatsApp, Signal)
API keys (Claude, OpenAI)
OAuth tokens and credentials
Full shell access

Secure Config Template

{
  "gateway": {
    "bind": "loopback",
    "auth": {
      "mode": "token",
      "token": "YOUR_64_CHAR_HEX_TOKEN"
    },
    "tailscale": {
      "mode": "serve"
    }
  }
}

Credits

Based on research by @NickSpisak_

Built by @NextXFrontier

Permissions & Security

Security level L1: Low-risk skills with minimal permissions. Review inputs and outputs before running in production.

**What this does:** Ensures only you can read sensitive config files. ```bash chmod 700 ~/.openclaw chmod 600 ~/.openclaw/openclaw.json chmod 700 ~/.openclaw/credentials ``` **Permission meanings:** - `700` = Only owner can access folder - `600` = Only owner can read/write file Or let OpenClaw fix it: ```bash openclaw security audit --fix ``` ---

Requirements

OpenClaw CLI installed and configured.
Language: Markdown
License: MIT
Topics:

Configuration

```json { "gateway": { "port": 18789, "bind": "loopback", "auth": { "mode": "token", "token": "YOUR_64_CHAR_HEX_TOKEN" }, "tailscale": { "mode": "serve" } } } ``` ---

FAQ

How do I install moltbot, openclaw-security?

Run openclaw add @nextfrontierbuilds/moltbot-security in your terminal. This installs moltbot, openclaw-security into your OpenClaw Skills catalog.

Does this skill run locally or in the cloud?

OpenClaw Skills execute locally by default. Review the SKILL.md and permissions before running any skill.

Where can I verify the source code?

The source repository is available at https://github.com/openclaw/skills/tree/main/skills/nextfrontierbuilds/moltbot-security. Review commits and README documentation before installing.