Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub ยท Security & Compliance
Moltbot Security
Security hardening for AI agents - Moltbot, OpenClaw, Cursor, Claude. Lock down gateway, fix permissions, auth, firewalls. Essential for vibe-coding setups.
skill openclawclawhub Free
Security hardening for AI agents - Moltbot, OpenClaw, Cursor, Claude. Lock down gateway, fix permissions, auth, firewalls. Essential for vibe-coding setups.
โฌ 0 downloads โ
0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- README.md, SKILL.md, package.json
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 1.0.3
Provenance
- Publisher
- NextFrontierBuilds
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
Moltbot Security Guide
Your Moltbot gateway was designed for local use. When exposed to the internet without proper security, attackers can access your API keys, private messages, and full system access. Based on: Real vulnerability research that found 1,673+ exposed OpenClaw/Moltbot gateways on Shodan.
TL;DR - The 5 Essentials
Bind to loopback โ Never expose gateway to public internet Set auth token โ Require authentication for all requests Fix file permissions โ Only you should read config files Update Node.js โ Use v22.12.0+ to avoid known vulnerabilities Use Tailscale โ Secure remote access without public exposure
What Gets Exposed (The Real Risk)
When your gateway is publicly accessible: Complete conversation histories (Telegram, WhatsApp, Signal, iMessage) API keys for Claude, OpenAI, and other providers OAuth tokens and bot credentials Full shell access to host machine Prompt injection attack example: An attacker sends you an email with hidden instructions. Your AI reads it, extracts your recent emails, and forwards summaries to the attacker. No hacking required.
Quick Security Audit
Run this to check your current security posture: openclaw security audit --deep Auto-fix issues: openclaw security audit --deep --fix
Step 1: Bind Gateway to Loopback Only
What this does: Prevents the gateway from accepting connections from other machines. Check your ~/.openclaw/openclaw.json: { "gateway": { "bind": "loopback" } } Options: loopback โ Only accessible from localhost (most secure) lan โ Accessible from local network only auto โ Binds to all interfaces (dangerous if exposed)
Step 2: Set Up Authentication
Option A: Token Authentication (Recommended) Generate a secure token: openssl rand -hex 32 Add to your config: { "gateway": { "auth": { "mode": "token", "token": "your-64-char-hex-token-here" } } } Or set via environment: export CLAWDBOT_GATEWAY_TOKEN="your-secure-random-token-here" Option B: Password Authentication { "gateway": { "auth": { "mode": "password" } } } Then: export CLAWDBOT_GATEWAY_PASSWORD="your-secure-password-here"
Step 3: Lock Down File Permissions
What this does: Ensures only you can read sensitive config files. chmod 700 ~/.openclaw chmod 600 ~/.openclaw/openclaw.json chmod 700 ~/.openclaw/credentials Permission meanings: 700 = Only owner can access folder 600 = Only owner can read/write file Or let OpenClaw fix it: openclaw security audit --fix
Step 4: Disable Network Broadcasting
What this does: Stops OpenClaw from announcing itself via mDNS/Bonjour. Add to your shell config (~/.zshrc or ~/.bashrc): export CLAWDBOT_DISABLE_BONJOUR=1 Reload: source ~/.zshrc
Step 5: Update Node.js
Older Node.js versions have security vulnerabilities. You need v22.12.0+. Check version: node --version Mac (Homebrew): brew update && brew upgrade node Ubuntu/Debian: curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash - sudo apt-get install -y nodejs Windows: Download from nodejs.org
Step 6: Set Up Tailscale (Remote Access)
What this does: Creates encrypted tunnel between your devices. Access OpenClaw from anywhere without public exposure. Install Tailscale: # Linux curl -fsSL https://tailscale.com/install.sh | sh sudo tailscale up # Mac brew install tailscale Configure OpenClaw for Tailscale: { "gateway": { "bind": "loopback", "tailscale": { "mode": "serve" } } } Now access via your Tailscale network only.
Step 7: Firewall Setup (UFW)
For cloud servers (AWS, DigitalOcean, Hetzner, etc.) Install UFW: sudo apt update && sudo apt install ufw -y Set defaults: sudo ufw default deny incoming sudo ufw default allow outgoing Allow SSH (don't skip!): sudo ufw allow ssh Allow Tailscale (if using): sudo ufw allow in on tailscale0 Enable: sudo ufw enable Verify: sudo ufw status verbose โ ๏ธ Never do this: # DON'T - exposes your gateway publicly sudo ufw allow 18789
Step 8: SSH Hardening
Disable password auth (use SSH keys): sudo nano /etc/ssh/sshd_config Change: PasswordAuthentication no PermitRootLogin no Restart: sudo systemctl restart sshd
Security Checklist
Before deploying: Gateway bound to loopback or lan Auth token or password set File permissions locked (600/700) mDNS/Bonjour disabled Node.js v22.12.0+ Tailscale configured (if remote) Firewall blocking port 18789 SSH password auth disabled
Config Template (Secure Defaults)
{ "gateway": { "port": 18789, "bind": "loopback", "auth": { "mode": "token", "token": "YOUR_64_CHAR_HEX_TOKEN" }, "tailscale": { "mode": "serve" } } }
Credits
Based on security research by @NickSpisak_ who found 1,673+ exposed gateways on Shodan. Original article: https://x.com/nickspisak_/status/2016195582180700592
Installation
clawdhub install NextFrontierBuilds/moltbot, openclaw-security Built by @NextXFrontier
Category context
Identity, auth, scanning, governance, audit, and operational guardrails.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
2 Docs1 Config
- SKILL.md
- README.md
- package.json