ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Moltbot Security

v1.0.3

Security hardening for AI agents - Moltbot, OpenClaw, Cursor, Claude. Lock down gateway, fix permissions, auth, firewalls. Essential for vibe-coding setups.

3· 2.7k·5 current·5 all-time
byNext Frontier AI@nextfrontierbuilds

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for nextfrontierbuilds/moltbot-security.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Moltbot Security" (nextfrontierbuilds/moltbot-security) from ClawHub.
Skill page: https://clawhub.ai/nextfrontierbuilds/moltbot-security
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install moltbot-security

ClawHub CLI

Package manager switcher

npx clawhub@latest install moltbot-security
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description claim security hardening for Moltbot/OpenClaw and the SKILL.md content indeed provides firewall, auth, permissions, Node.js updates, and Tailscale guidance — that aligns with the stated purpose. However, the package metadata claims no required config paths or env vars while the instructions explicitly reference ~/.openclaw/openclaw.json and several CLAWDBOT_* environment variables. This metadata/instruction mismatch is unexpected and deserves attention.
!
Instruction Scope
Instructions tell the operator to read and edit sensitive config files (~/.openclaw/openclaw.json), change file permissions, export secrets (CLAWDBOT_GATEWAY_TOKEN / CLAWDBOT_GATEWAY_PASSWORD), run firewall and sshd config changes, and run 'openclaw security audit --deep --fix'. Those actions are within a hardening guide's scope, but they are high-impact (modify system files, apply fixes automatically). The guide also recommends piping remote install scripts (Tailscale, NodeSource). Ensure you trust the sources before running them and verify the CLI tooling (openclaw) exists and is from a trusted origin.
Install Mechanism
The skill is instruction-only (no install spec), which is lower risk as nothing is written by the package manager. However, the instructions recommend running third-party install scripts (curl | sh for Tailscale and NodeSource), and a homebrew command for macOS; those are external downloads executed on the host and carry the usual supply-chain risk. The package.json references a GitHub repo, but registry metadata lists source/homepage as unknown/none — inconsistent provenance information.
!
Credentials
The SKILL.md instructs you to set environment variables (CLAWDBOT_GATEWAY_TOKEN, CLAWDBOT_GATEWAY_PASSWORD, CLAWDBOT_DISABLE_BONJOUR) and to edit local config paths, which are reasonable for a gateway hardening guide. But the registry metadata declares no required env vars and no required config paths; this mismatch makes it unclear what secrets/config the skill expects or will operate on. No unrelated credentials are requested, but the lack of declared requirements reduces transparency.
Persistence & Privilege
The skill does not request persistent or privileged platform-level presence (always:false, no special flags). It instructs manual edits to user and system files (home config, /etc/ssh, ufw) which are expected for system hardening. It does not attempt to modify other skills or system agent configs automatically in the provided instructions.
What to consider before installing
This is a practical hardening checklist, but before running anything: 1) Verify the origin — the registry metadata lists no known homepage while package.json points to a GitHub repo; inspect that repo and its author. 2) Don’t blindly run curl | sh commands — fetch and review the scripts first. 3) Back up ~/.openclaw and any config files before editing or running auto-fix commands. 4) Confirm the 'openclaw' CLI is legitimate and from a trusted source before using --fix or audit commands. 5) Be cautious exporting tokens in shells; use a secrets store if possible. If you want, I can: fetch and summarize the referenced GitHub repo (if publicly available), list the exact commands the guide recommends to run so you can review them, or suggest safer step-by-step commands to audit without applying automatic fixes.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fwbjkhksg4ymhxb1as5d46180y4zf
2.7kdownloads
3stars
4versions
Updated 2h ago
v1.0.3
MIT-0
Next Frontier AI@nextfrontierbuilds
latest
Download

Moltbot Security Guide

Your Moltbot gateway was designed for local use. When exposed to the internet without proper security, attackers can access your API keys, private messages, and full system access.

Based on: Real vulnerability research that found 1,673+ exposed OpenClaw/Moltbot gateways on Shodan.

TL;DR - The 5 Essentials

  1. Bind to loopback — Never expose gateway to public internet
  2. Set auth token — Require authentication for all requests
  3. Fix file permissions — Only you should read config files
  4. Update Node.js — Use v22.12.0+ to avoid known vulnerabilities
  5. Use Tailscale — Secure remote access without public exposure

What Gets Exposed (The Real Risk)

When your gateway is publicly accessible:

  • Complete conversation histories (Telegram, WhatsApp, Signal, iMessage)
  • API keys for Claude, OpenAI, and other providers
  • OAuth tokens and bot credentials
  • Full shell access to host machine

Prompt injection attack example: An attacker sends you an email with hidden instructions. Your AI reads it, extracts your recent emails, and forwards summaries to the attacker. No hacking required.

Quick Security Audit

Run this to check your current security posture:

openclaw security audit --deep

Auto-fix issues:

openclaw security audit --deep --fix

Step 1: Bind Gateway to Loopback Only

What this does: Prevents the gateway from accepting connections from other machines.

Check your ~/.openclaw/openclaw.json:

{
  "gateway": {
    "bind": "loopback"
  }
}

Options:

  • loopback — Only accessible from localhost (most secure)
  • lan — Accessible from local network only
  • auto — Binds to all interfaces (dangerous if exposed)

Step 2: Set Up Authentication

Option A: Token Authentication (Recommended)

Generate a secure token:

openssl rand -hex 32

Add to your config:

{
  "gateway": {
    "auth": {
      "mode": "token",
      "token": "your-64-char-hex-token-here"
    }
  }
}

Or set via environment:

export CLAWDBOT_GATEWAY_TOKEN="your-secure-random-token-here"

Option B: Password Authentication

{
  "gateway": {
    "auth": {
      "mode": "password"
    }
  }
}

Then:

export CLAWDBOT_GATEWAY_PASSWORD="your-secure-password-here"

Step 3: Lock Down File Permissions

What this does: Ensures only you can read sensitive config files.

chmod 700 ~/.openclaw
chmod 600 ~/.openclaw/openclaw.json
chmod 700 ~/.openclaw/credentials

Permission meanings:

  • 700 = Only owner can access folder
  • 600 = Only owner can read/write file

Or let OpenClaw fix it:

openclaw security audit --fix

Step 4: Disable Network Broadcasting

What this does: Stops OpenClaw from announcing itself via mDNS/Bonjour.

Add to your shell config (~/.zshrc or ~/.bashrc):

export CLAWDBOT_DISABLE_BONJOUR=1

Reload:

source ~/.zshrc

Step 5: Update Node.js

Older Node.js versions have security vulnerabilities. You need v22.12.0+.

Check version:

node --version

Mac (Homebrew):

brew update && brew upgrade node

Ubuntu/Debian:

curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
sudo apt-get install -y nodejs

Windows: Download from nodejs.org

Step 6: Set Up Tailscale (Remote Access)

What this does: Creates encrypted tunnel between your devices. Access OpenClaw from anywhere without public exposure.

Install Tailscale:

# Linux
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up

# Mac
brew install tailscale

Configure OpenClaw for Tailscale:

{
  "gateway": {
    "bind": "loopback",
    "tailscale": {
      "mode": "serve"
    }
  }
}

Now access via your Tailscale network only.

Step 7: Firewall Setup (UFW)

For cloud servers (AWS, DigitalOcean, Hetzner, etc.)

Install UFW:

sudo apt update && sudo apt install ufw -y

Set defaults:

sudo ufw default deny incoming
sudo ufw default allow outgoing

Allow SSH (don't skip!):

sudo ufw allow ssh

Allow Tailscale (if using):

sudo ufw allow in on tailscale0

Enable:

sudo ufw enable

Verify:

sudo ufw status verbose

⚠️ Never do this:

# DON'T - exposes your gateway publicly
sudo ufw allow 18789

Step 8: SSH Hardening

Disable password auth (use SSH keys):

sudo nano /etc/ssh/sshd_config

Change:

PasswordAuthentication no
PermitRootLogin no

Restart:

sudo systemctl restart sshd

Security Checklist

Before deploying:

  • Gateway bound to loopback or lan
  • Auth token or password set
  • File permissions locked (600/700)
  • mDNS/Bonjour disabled
  • Node.js v22.12.0+
  • Tailscale configured (if remote)
  • Firewall blocking port 18789
  • SSH password auth disabled

Config Template (Secure Defaults)

{
  "gateway": {
    "port": 18789,
    "bind": "loopback",
    "auth": {
      "mode": "token",
      "token": "YOUR_64_CHAR_HEX_TOKEN"
    },
    "tailscale": {
      "mode": "serve"
    }
  }
}

Credits

Based on security research by @NickSpisak_ who found 1,673+ exposed gateways on Shodan.

Original article: https://x.com/nickspisak_/status/2016195582180700592

Installation

clawdhub install NextFrontierBuilds/moltbot, openclaw-security

Built by @NextXFrontier

Comments

Loading comments...