# Send Moltbot Security to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "moltbot-security",
    "name": "Moltbot Security",
    "source": "tencent",
    "type": "skill",
    "category": "安全合规",
    "sourceUrl": "https://clawhub.ai/NextFrontierBuilds/moltbot-security",
    "canonicalUrl": "https://clawhub.ai/NextFrontierBuilds/moltbot-security",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/moltbot-security",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=moltbot-security",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "README.md",
      "SKILL.md",
      "package.json"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "slug": "moltbot-security",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-29T08:38:04.873Z",
      "expiresAt": "2026-05-06T08:38:04.873Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=moltbot-security",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=moltbot-security",
        "contentDisposition": "attachment; filename=\"moltbot-security-1.0.3.zip\"",
        "redirectLocation": null,
        "bodySnippet": null,
        "slug": "moltbot-security"
      },
      "scope": "item",
      "summary": "Item download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this item.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/moltbot-security"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/moltbot-security",
    "downloadUrl": "https://openagent3.xyz/downloads/moltbot-security",
    "agentUrl": "https://openagent3.xyz/skills/moltbot-security/agent",
    "manifestUrl": "https://openagent3.xyz/skills/moltbot-security/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/moltbot-security/agent.md"
  }
}
```
## Documentation

### Moltbot Security Guide

Your Moltbot gateway was designed for local use. When exposed to the internet without proper security, attackers can access your API keys, private messages, and full system access.

Based on: Real vulnerability research that found 1,673+ exposed OpenClaw/Moltbot gateways on Shodan.

### TL;DR - The 5 Essentials

Bind to loopback — Never expose gateway to public internet
Set auth token — Require authentication for all requests
Fix file permissions — Only you should read config files
Update Node.js — Use v22.12.0+ to avoid known vulnerabilities
Use Tailscale — Secure remote access without public exposure

### What Gets Exposed (The Real Risk)

When your gateway is publicly accessible:

Complete conversation histories (Telegram, WhatsApp, Signal, iMessage)
API keys for Claude, OpenAI, and other providers
OAuth tokens and bot credentials
Full shell access to host machine

Prompt injection attack example: An attacker sends you an email with hidden instructions. Your AI reads it, extracts your recent emails, and forwards summaries to the attacker. No hacking required.

### Quick Security Audit

Run this to check your current security posture:

openclaw security audit --deep

Auto-fix issues:

openclaw security audit --deep --fix

### Step 1: Bind Gateway to Loopback Only

What this does: Prevents the gateway from accepting connections from other machines.

Check your ~/.openclaw/openclaw.json:

{
  "gateway": {
    "bind": "loopback"
  }
}

Options:

loopback — Only accessible from localhost (most secure)
lan — Accessible from local network only
auto — Binds to all interfaces (dangerous if exposed)

### Step 2: Set Up Authentication

Option A: Token Authentication (Recommended)

Generate a secure token:

openssl rand -hex 32

Add to your config:

{
  "gateway": {
    "auth": {
      "mode": "token",
      "token": "your-64-char-hex-token-here"
    }
  }
}

Or set via environment:

export CLAWDBOT_GATEWAY_TOKEN="your-secure-random-token-here"

Option B: Password Authentication

{
  "gateway": {
    "auth": {
      "mode": "password"
    }
  }
}

Then:

export CLAWDBOT_GATEWAY_PASSWORD="your-secure-password-here"

### Step 3: Lock Down File Permissions

What this does: Ensures only you can read sensitive config files.

chmod 700 ~/.openclaw
chmod 600 ~/.openclaw/openclaw.json
chmod 700 ~/.openclaw/credentials

Permission meanings:

700 = Only owner can access folder
600 = Only owner can read/write file

Or let OpenClaw fix it:

openclaw security audit --fix

### Step 4: Disable Network Broadcasting

What this does: Stops OpenClaw from announcing itself via mDNS/Bonjour.

Add to your shell config (~/.zshrc or ~/.bashrc):

export CLAWDBOT_DISABLE_BONJOUR=1

Reload:

source ~/.zshrc

### Step 5: Update Node.js

Older Node.js versions have security vulnerabilities. You need v22.12.0+.

Check version:

node --version

Mac (Homebrew):

brew update && brew upgrade node

Ubuntu/Debian:

curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
sudo apt-get install -y nodejs

Windows: Download from nodejs.org

### Step 6: Set Up Tailscale (Remote Access)

What this does: Creates encrypted tunnel between your devices. Access OpenClaw from anywhere without public exposure.

Install Tailscale:

# Linux
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up

# Mac
brew install tailscale

Configure OpenClaw for Tailscale:

{
  "gateway": {
    "bind": "loopback",
    "tailscale": {
      "mode": "serve"
    }
  }
}

Now access via your Tailscale network only.

### Step 7: Firewall Setup (UFW)

For cloud servers (AWS, DigitalOcean, Hetzner, etc.)

Install UFW:

sudo apt update && sudo apt install ufw -y

Set defaults:

sudo ufw default deny incoming
sudo ufw default allow outgoing

Allow SSH (don't skip!):

sudo ufw allow ssh

Allow Tailscale (if using):

sudo ufw allow in on tailscale0

Enable:

sudo ufw enable

Verify:

sudo ufw status verbose

⚠️ Never do this:

# DON'T - exposes your gateway publicly
sudo ufw allow 18789

### Step 8: SSH Hardening

Disable password auth (use SSH keys):

sudo nano /etc/ssh/sshd_config

Change:

PasswordAuthentication no
PermitRootLogin no

Restart:

sudo systemctl restart sshd

### Security Checklist

Before deploying:

Gateway bound to loopback or lan
 Auth token or password set
 File permissions locked (600/700)
 mDNS/Bonjour disabled
 Node.js v22.12.0+
 Tailscale configured (if remote)
 Firewall blocking port 18789
 SSH password auth disabled

### Config Template (Secure Defaults)

{
  "gateway": {
    "port": 18789,
    "bind": "loopback",
    "auth": {
      "mode": "token",
      "token": "YOUR_64_CHAR_HEX_TOKEN"
    },
    "tailscale": {
      "mode": "serve"
    }
  }
}

### Credits

Based on security research by @NickSpisak_ who found 1,673+ exposed gateways on Shodan.

Original article: https://x.com/nickspisak_/status/2016195582180700592

### Installation

clawdhub install NextFrontierBuilds/moltbot, openclaw-security

Built by @NextXFrontier
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: NextFrontierBuilds
- Version: 1.0.3
## Source health
- Status: healthy
- Item download looks usable.
- Yavira can redirect you to the upstream package for this item.
- Health scope: item
- Reason: direct_download_ok
- Checked at: 2026-04-29T08:38:04.873Z
- Expires at: 2026-05-06T08:38:04.873Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/moltbot-security)
- [Send to Agent page](https://openagent3.xyz/skills/moltbot-security/agent)
- [JSON manifest](https://openagent3.xyz/skills/moltbot-security/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/moltbot-security/agent.md)
- [Download page](https://openagent3.xyz/downloads/moltbot-security)