Clawd Zero Trust

The skill's files and runtime instructions are consistent with a Zero Trust hardening tool for OpenClaw, but it performs privileged system changes (firewall, iptables, OpenClaw config), touches agent config and plugin files, and ships elevated exec settings that you should review before applying.

This skill implements a powerful, coherent Zero Trust workflow but performs privileged changes — review before enabling mutating modes. Before you run --apply or enable automatic use: - Run everything in dry-run/audit mode first: bash scripts/audit.sh and bash scripts/egress-filter.sh --dry-run and --status. - Backup your OpenClaw config and current firewall rules (openclaw.json and iptables-save / UFW state). The scripts create backups, but keep your own copy. - Inspect config/providers.txt and config/custom-providers.json to ensure only expected endpoints are allowlisted. Verify api.agentsandbox.co and any Telegram/GitHub entries are acceptable. - Examine hardening.json, specifically tools.exec (security: "full", ask: "off") and tools.elevated.allowFrom (Telegram IDs). If you do not want host-level exec without prompts or Telegram-triggered elevated operations, change these before applying. - Use plugin-integrity.sh --snapshot to establish a baseline, and review plugin-hashes.json before running --verify. - Prefer manual invocation for the first run, avoid cron/unattended applies until you’ve validated the behavior in a staging instance. - Because mutating operations require root, run the scripts only on systems where you can safely recover and where UFW/iptables changes are acceptable. If you want further assurance, request a short audit of the specific network calls the scripts will make (e.g., snapshot of curl/openssl invocations) and a review of any code paths that perform outbound POSTs (the repo documents an OAuth flow for agentsandbox).