{ "schemaVersion": "1.0", "item": { "slug": "moltbot-security", "name": "Moltbot Security", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/NextFrontierBuilds/moltbot-security", "canonicalUrl": "https://clawhub.ai/NextFrontierBuilds/moltbot-security", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/moltbot-security", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=moltbot-security", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "README.md", "SKILL.md", "package.json" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/moltbot-security" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/moltbot-security", "agentPageUrl": "https://openagent3.xyz/skills/moltbot-security/agent", "manifestUrl": "https://openagent3.xyz/skills/moltbot-security/agent.json", "briefUrl": "https://openagent3.xyz/skills/moltbot-security/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Moltbot Security Guide", "body": "Your Moltbot gateway was designed for local use. When exposed to the internet without proper security, attackers can access your API keys, private messages, and full system access.\n\nBased on: Real vulnerability research that found 1,673+ exposed OpenClaw/Moltbot gateways on Shodan." }, { "title": "TL;DR - The 5 Essentials", "body": "Bind to loopback — Never expose gateway to public internet\nSet auth token — Require authentication for all requests\nFix file permissions — Only you should read config files\nUpdate Node.js — Use v22.12.0+ to avoid known vulnerabilities\nUse Tailscale — Secure remote access without public exposure" }, { "title": "What Gets Exposed (The Real Risk)", "body": "When your gateway is publicly accessible:\n\nComplete conversation histories (Telegram, WhatsApp, Signal, iMessage)\nAPI keys for Claude, OpenAI, and other providers\nOAuth tokens and bot credentials\nFull shell access to host machine\n\nPrompt injection attack example: An attacker sends you an email with hidden instructions. Your AI reads it, extracts your recent emails, and forwards summaries to the attacker. No hacking required." }, { "title": "Quick Security Audit", "body": "Run this to check your current security posture:\n\nopenclaw security audit --deep\n\nAuto-fix issues:\n\nopenclaw security audit --deep --fix" }, { "title": "Step 1: Bind Gateway to Loopback Only", "body": "What this does: Prevents the gateway from accepting connections from other machines.\n\nCheck your ~/.openclaw/openclaw.json:\n\n{\n \"gateway\": {\n \"bind\": \"loopback\"\n }\n}\n\nOptions:\n\nloopback — Only accessible from localhost (most secure)\nlan — Accessible from local network only\nauto — Binds to all interfaces (dangerous if exposed)" }, { "title": "Step 2: Set Up Authentication", "body": "Option A: Token Authentication (Recommended)\n\nGenerate a secure token:\n\nopenssl rand -hex 32\n\nAdd to your config:\n\n{\n \"gateway\": {\n \"auth\": {\n \"mode\": \"token\",\n \"token\": \"your-64-char-hex-token-here\"\n }\n }\n}\n\nOr set via environment:\n\nexport CLAWDBOT_GATEWAY_TOKEN=\"your-secure-random-token-here\"\n\nOption B: Password Authentication\n\n{\n \"gateway\": {\n \"auth\": {\n \"mode\": \"password\"\n }\n }\n}\n\nThen:\n\nexport CLAWDBOT_GATEWAY_PASSWORD=\"your-secure-password-here\"" }, { "title": "Step 3: Lock Down File Permissions", "body": "What this does: Ensures only you can read sensitive config files.\n\nchmod 700 ~/.openclaw\nchmod 600 ~/.openclaw/openclaw.json\nchmod 700 ~/.openclaw/credentials\n\nPermission meanings:\n\n700 = Only owner can access folder\n600 = Only owner can read/write file\n\nOr let OpenClaw fix it:\n\nopenclaw security audit --fix" }, { "title": "Step 4: Disable Network Broadcasting", "body": "What this does: Stops OpenClaw from announcing itself via mDNS/Bonjour.\n\nAdd to your shell config (~/.zshrc or ~/.bashrc):\n\nexport CLAWDBOT_DISABLE_BONJOUR=1\n\nReload:\n\nsource ~/.zshrc" }, { "title": "Step 5: Update Node.js", "body": "Older Node.js versions have security vulnerabilities. You need v22.12.0+.\n\nCheck version:\n\nnode --version\n\nMac (Homebrew):\n\nbrew update && brew upgrade node\n\nUbuntu/Debian:\n\ncurl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -\nsudo apt-get install -y nodejs\n\nWindows: Download from nodejs.org" }, { "title": "Step 6: Set Up Tailscale (Remote Access)", "body": "What this does: Creates encrypted tunnel between your devices. Access OpenClaw from anywhere without public exposure.\n\nInstall Tailscale:\n\n# Linux\ncurl -fsSL https://tailscale.com/install.sh | sh\nsudo tailscale up\n\n# Mac\nbrew install tailscale\n\nConfigure OpenClaw for Tailscale:\n\n{\n \"gateway\": {\n \"bind\": \"loopback\",\n \"tailscale\": {\n \"mode\": \"serve\"\n }\n }\n}\n\nNow access via your Tailscale network only." }, { "title": "Step 7: Firewall Setup (UFW)", "body": "For cloud servers (AWS, DigitalOcean, Hetzner, etc.)\n\nInstall UFW:\n\nsudo apt update && sudo apt install ufw -y\n\nSet defaults:\n\nsudo ufw default deny incoming\nsudo ufw default allow outgoing\n\nAllow SSH (don't skip!):\n\nsudo ufw allow ssh\n\nAllow Tailscale (if using):\n\nsudo ufw allow in on tailscale0\n\nEnable:\n\nsudo ufw enable\n\nVerify:\n\nsudo ufw status verbose\n\n⚠️ Never do this:\n\n# DON'T - exposes your gateway publicly\nsudo ufw allow 18789" }, { "title": "Step 8: SSH Hardening", "body": "Disable password auth (use SSH keys):\n\nsudo nano /etc/ssh/sshd_config\n\nChange:\n\nPasswordAuthentication no\nPermitRootLogin no\n\nRestart:\n\nsudo systemctl restart sshd" }, { "title": "Security Checklist", "body": "Before deploying:\n\nGateway bound to loopback or lan\n Auth token or password set\n File permissions locked (600/700)\n mDNS/Bonjour disabled\n Node.js v22.12.0+\n Tailscale configured (if remote)\n Firewall blocking port 18789\n SSH password auth disabled" }, { "title": "Config Template (Secure Defaults)", "body": "{\n \"gateway\": {\n \"port\": 18789,\n \"bind\": \"loopback\",\n \"auth\": {\n \"mode\": \"token\",\n \"token\": \"YOUR_64_CHAR_HEX_TOKEN\"\n },\n \"tailscale\": {\n \"mode\": \"serve\"\n }\n }\n}" }, { "title": "Credits", "body": "Based on security research by @NickSpisak_ who found 1,673+ exposed gateways on Shodan.\n\nOriginal article: https://x.com/nickspisak_/status/2016195582180700592" }, { "title": "Installation", "body": "clawdhub install NextFrontierBuilds/moltbot, openclaw-security\n\nBuilt by @NextXFrontier" } ], "body": "Moltbot Security Guide\n\nYour Moltbot gateway was designed for local use. When exposed to the internet without proper security, attackers can access your API keys, private messages, and full system access.\n\nBased on: Real vulnerability research that found 1,673+ exposed OpenClaw/Moltbot gateways on Shodan.\n\nTL;DR - The 5 Essentials\nBind to loopback — Never expose gateway to public internet\nSet auth token — Require authentication for all requests\nFix file permissions — Only you should read config files\nUpdate Node.js — Use v22.12.0+ to avoid known vulnerabilities\nUse Tailscale — Secure remote access without public exposure\nWhat Gets Exposed (The Real Risk)\n\nWhen your gateway is publicly accessible:\n\nComplete conversation histories (Telegram, WhatsApp, Signal, iMessage)\nAPI keys for Claude, OpenAI, and other providers\nOAuth tokens and bot credentials\nFull shell access to host machine\n\nPrompt injection attack example: An attacker sends you an email with hidden instructions. Your AI reads it, extracts your recent emails, and forwards summaries to the attacker. No hacking required.\n\nQuick Security Audit\n\nRun this to check your current security posture:\n\nopenclaw security audit --deep\n\n\nAuto-fix issues:\n\nopenclaw security audit --deep --fix\n\nStep 1: Bind Gateway to Loopback Only\n\nWhat this does: Prevents the gateway from accepting connections from other machines.\n\nCheck your ~/.openclaw/openclaw.json:\n\n{\n \"gateway\": {\n \"bind\": \"loopback\"\n }\n}\n\n\nOptions:\n\nloopback — Only accessible from localhost (most secure)\nlan — Accessible from local network only\nauto — Binds to all interfaces (dangerous if exposed)\nStep 2: Set Up Authentication\n\nOption A: Token Authentication (Recommended)\n\nGenerate a secure token:\n\nopenssl rand -hex 32\n\n\nAdd to your config:\n\n{\n \"gateway\": {\n \"auth\": {\n \"mode\": \"token\",\n \"token\": \"your-64-char-hex-token-here\"\n }\n }\n}\n\n\nOr set via environment:\n\nexport CLAWDBOT_GATEWAY_TOKEN=\"your-secure-random-token-here\"\n\n\nOption B: Password Authentication\n\n{\n \"gateway\": {\n \"auth\": {\n \"mode\": \"password\"\n }\n }\n}\n\n\nThen:\n\nexport CLAWDBOT_GATEWAY_PASSWORD=\"your-secure-password-here\"\n\nStep 3: Lock Down File Permissions\n\nWhat this does: Ensures only you can read sensitive config files.\n\nchmod 700 ~/.openclaw\nchmod 600 ~/.openclaw/openclaw.json\nchmod 700 ~/.openclaw/credentials\n\n\nPermission meanings:\n\n700 = Only owner can access folder\n600 = Only owner can read/write file\n\nOr let OpenClaw fix it:\n\nopenclaw security audit --fix\n\nStep 4: Disable Network Broadcasting\n\nWhat this does: Stops OpenClaw from announcing itself via mDNS/Bonjour.\n\nAdd to your shell config (~/.zshrc or ~/.bashrc):\n\nexport CLAWDBOT_DISABLE_BONJOUR=1\n\n\nReload:\n\nsource ~/.zshrc\n\nStep 5: Update Node.js\n\nOlder Node.js versions have security vulnerabilities. You need v22.12.0+.\n\nCheck version:\n\nnode --version\n\n\nMac (Homebrew):\n\nbrew update && brew upgrade node\n\n\nUbuntu/Debian:\n\ncurl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -\nsudo apt-get install -y nodejs\n\n\nWindows: Download from nodejs.org\n\nStep 6: Set Up Tailscale (Remote Access)\n\nWhat this does: Creates encrypted tunnel between your devices. Access OpenClaw from anywhere without public exposure.\n\nInstall Tailscale:\n\n# Linux\ncurl -fsSL https://tailscale.com/install.sh | sh\nsudo tailscale up\n\n# Mac\nbrew install tailscale\n\n\nConfigure OpenClaw for Tailscale:\n\n{\n \"gateway\": {\n \"bind\": \"loopback\",\n \"tailscale\": {\n \"mode\": \"serve\"\n }\n }\n}\n\n\nNow access via your Tailscale network only.\n\nStep 7: Firewall Setup (UFW)\n\nFor cloud servers (AWS, DigitalOcean, Hetzner, etc.)\n\nInstall UFW:\n\nsudo apt update && sudo apt install ufw -y\n\n\nSet defaults:\n\nsudo ufw default deny incoming\nsudo ufw default allow outgoing\n\n\nAllow SSH (don't skip!):\n\nsudo ufw allow ssh\n\n\nAllow Tailscale (if using):\n\nsudo ufw allow in on tailscale0\n\n\nEnable:\n\nsudo ufw enable\n\n\nVerify:\n\nsudo ufw status verbose\n\n\n⚠️ Never do this:\n\n# DON'T - exposes your gateway publicly\nsudo ufw allow 18789\n\nStep 8: SSH Hardening\n\nDisable password auth (use SSH keys):\n\nsudo nano /etc/ssh/sshd_config\n\n\nChange:\n\nPasswordAuthentication no\nPermitRootLogin no\n\n\nRestart:\n\nsudo systemctl restart sshd\n\nSecurity Checklist\n\nBefore deploying:\n\n Gateway bound to loopback or lan\n Auth token or password set\n File permissions locked (600/700)\n mDNS/Bonjour disabled\n Node.js v22.12.0+\n Tailscale configured (if remote)\n Firewall blocking port 18789\n SSH password auth disabled\nConfig Template (Secure Defaults)\n{\n \"gateway\": {\n \"port\": 18789,\n \"bind\": \"loopback\",\n \"auth\": {\n \"mode\": \"token\",\n \"token\": \"YOUR_64_CHAR_HEX_TOKEN\"\n },\n \"tailscale\": {\n \"mode\": \"serve\"\n }\n }\n}\n\nCredits\n\nBased on security research by @NickSpisak_ who found 1,673+ exposed gateways on Shodan.\n\nOriginal article: https://x.com/nickspisak_/status/2016195582180700592\n\nInstallation\nclawdhub install NextFrontierBuilds/moltbot, openclaw-security\n\n\nBuilt by @NextXFrontier" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/NextFrontierBuilds/moltbot-security", "publisherUrl": "https://clawhub.ai/NextFrontierBuilds/moltbot-security", "owner": "NextFrontierBuilds", "version": "1.0.3", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/moltbot-security", "downloadUrl": "https://openagent3.xyz/downloads/moltbot-security", "agentUrl": "https://openagent3.xyz/skills/moltbot-security/agent", "manifestUrl": "https://openagent3.xyz/skills/moltbot-security/agent.json", "briefUrl": "https://openagent3.xyz/skills/moltbot-security/agent.md" } }