Tencent SkillHub · Security & Compliance

openclaw-server-secure-skill

Comprehensive security hardening and installation guide for OpenClaw (formerly Clawdbot/Moltbot). Use this skill when the user wants to secure a server, install the OpenClaw agent, or configure Tailscale/Firewall for the agent.

skill openclawclawhub Free

0 Downloads

0 Stars

0 Installs

0 Score

High Signal

⬇ 0 downloads ★ 0 stars Unverified but indexed

Install for OpenClaw

Quick setup

Download the package from Yavira.
Extract the archive and review SKILL.md first.
Import or place the package into your OpenClaw setup.

Requirements

Target platform: OpenClaw
Install method: Manual import
Extraction: Extract archive
Prerequisites: OpenClaw
Primary doc: SKILL.md

Package facts

Download mode: Yavira redirect
Package format: ZIP package
Source platform: Tencent SkillHub
What's included: SKILL.md

Validation

Use the Yavira download entry.
Review SKILL.md after the package is downloaded.
Confirm the extracted package contains the expected setup assets.

Install with your agent

Agent handoff

Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.

Download the package from Yavira.
Extract it into a folder your agent can access.
Paste one of the prompts below and point your agent at the extracted folder.

New install

I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.

Upgrade existing

I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.

Open Send to Agent page Open JSON manifest Open Markdown brief

Trust & source

Release facts

Source: Tencent SkillHub
Verification: Indexed source record
Version: 1.0.0

Provenance

Publisher: kime541200
Source page: View original listing
Canonical URL: Open canonical page

Documentation

ClawHub primary doc Primary doc: SKILL.md 5 sections Open source page

Overview

This skill guides the setup of a secure, self-hosted OpenClaw instance. It covers SSH hardening, Firewall configuration, Tailscale VPN setup, and the OpenClaw installation itself.

Phase 1: System Hardening

Lock down SSH Goal: Keys only, no passwords, no root login. Action: Modify /etc/ssh/sshd_config. Commands: # Backup config sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak # Disable Password Auth sudo sed -i 's/^#*PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config # Disable Root Login sudo sed -i 's/^#*PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config # Reload SSH sudo sshd -t && sudo systemctl reload ssh Default-deny Firewall Goal: Block everything incoming by default. Action: Install and enable UFW. Commands: sudo apt update && sudo apt install ufw -y sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw enable Note: Ensure you have console access or a fallback before enabling if SSH is not yet allowed on another interface, though we configure Tailscale next. Brute-force Protection Goal: Auto-ban IPs after failed login attempts. Action: Install Fail2ban. Commands: sudo apt install fail2ban -y sudo systemctl enable --now fail2ban

Phase 2: Network Privacy (Tailscale)

Install Tailscale Goal: Create a private VPN mesh network. Commands: curl -fsSL https://tailscale.com/install.sh | sh sudo tailscale up Wait for user to authenticate the Tailscale link. Configure SSH & Web via Tailscale Goal: Allow traffic only from the Tailscale subnet (100.64.0.0/10) and remove public access. Commands: # Allow SSH over Tailscale sudo ufw allow from 100.64.0.0/10 to any port 22 proto tcp # Remove public SSH access (Adjust rule name/number as needed) sudo ufw delete allow OpenSSH || sudo ufw delete allow 22/tcp # Allow Web ports over Tailscale sudo ufw allow from 100.64.0.0/10 to any port 443 proto tcp sudo ufw allow from 100.64.0.0/10 to any port 80 proto tcp Disable IPv6 (Optional) Goal: Reduce attack surface. Commands: sudo sed -i 's/IPV6=yes/IPV6=no/' /etc/default/ufw if ! grep -q "net.ipv6.conf.all.disable_ipv6 = 1" /etc/sysctl.conf; then echo "net.ipv6.conf.all.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf fi sudo sysctl -p && sudo ufw reload

Phase 3: OpenClaw Installation

Install OpenClaw Commands: npm install -g openclaw && openclaw doctor Configure Owner Access Required Input: Ask the user for their Telegram ID. Action: Update the config to allowlist only that ID. JSON Config Target (verify location via openclaw doctor): { "dmPolicy": "allowlist", "allowFrom": ["YOUR_TELEGRAM_ID"], "groupPolicy": "allowlist" } Secure Credentials Goal: Restrict file permissions. Commands: chmod 700 ~/.openclaw/credentials 2>/dev/null || true chmod 600 .env 2>/dev/null || true Final Audit Action: Run the built-in security audit. Command: openclaw security audit --deep

Verification Status

Run to confirm: sudo ufw status verbose ss -tulnp tailscale status openclaw doctor

Category context

Identity, auth, scanning, governance, audit, and operational guardrails.

Source: Tencent SkillHub

Largest current source with strong distribution and engagement signals.

Package contents

Included in package

1 Docs

SKILL.md Primary doc