ClawHub

OpenClaw HTTPS Setup

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it configures Nginx and Certbot to expose an OpenClaw Gateway over HTTPS, but it should be used carefully on production servers.

Review the generated Nginx configuration before running it, confirm OpenClaw Gateway is intended to be reachable from the internet, and make sure authentication or IP restrictions are in place if needed. Back up existing Nginx and cron configuration, avoid running this during critical traffic, and prefer Certbot's packaged renewal timer or an idempotent cron setup where available.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the user to make privileged system changes, expose an internal service on the public internet, and alter security controls such as SELinux, but it does not clearly warn about service exposure, downtime, firewall implications, or the need to validate that the backend is safe to publish. In a security-sensitive deployment skill, omission of these warnings can lead users to unintentionally expose an unauthenticated or weakly protected service.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
- If getting 502 Bad Gateway errors, check that OpenClaw Gateway is running and accessible at 127.0.0.1:18789
- If SSL certificate fails, ensure port 80 is accessible from the internet
- Check Nginx error logs: `sudo tail -f /var/log/nginx/error.log`
- Check SELinux: `sudo setsebool -P httpd_can_network_connect 1`

## Security Notes
- The configuration includes proper security headers
Confidence
84% confidence
Finding
sudo

Chaining Abuse

High
Category
Tool Misuse
Content
### 10. Set up automatic certificate renewal
```bash
# Add cron job for certificate renewal
sudo crontab -l | { cat; echo "0 12 * * * /usr/bin/certbot renew --quiet --nginx"; } | sudo crontab -
```

## Verification
Confidence
88% confidence
Finding
| sudo

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal