🛡️ Clawdbot Security Hardening Kit

⚠️ IMPORTANT: Clawdbot is a powerful AI assistant with shell access. This repo provides tools and configurations to reduce your attack surface. There is no "perfectly secure" setup - the goal is defense in depth.

🎯 Purpose

This repository provides security hardening tools, configurations, and best practices for Clawdbot deployments. It addresses critical vulnerabilities identified in security audits, including the Argus Security Analysis (Issue #1796) which found 512 findings including 8 critical vulnerabilities.

📊 Threat Landscape

Risk	Impact	This Repo Helps
Exposed Gateway	RCE, credential theft	✅ Network hardening scripts
Plaintext secrets	API key theft	✅ Encryption wrapper
Prompt injection	Unauthorized actions	✅ Input sanitization
Supply chain attacks	Backdoor installation	✅ Dependency audit
Infostealer malware	Full compromise	✅ File permissions hardening

🚀 Quick Start

# Clone this repo
git clone https://github.com/clab60917/clawdbot-security-hardening.git
cd clawdbot-security-hardening

# Run the security audit
chmod +x scripts/security-audit.sh
./scripts/security-audit.sh

# Apply automatic fixes (review output first!)
./scripts/harden.sh --apply

📁 Repository Structure

clawdbot-security-hardening/
├── README.md                    # This file
├── SECURITY_ANALYSIS.md         # Full vulnerability analysis
├── INCIDENT_RESPONSE.md         # What to do if compromised
├── configs/
│   ├── secure-baseline.json     # Minimal secure configuration
│   ├── paranoid-mode.json       # Maximum security (limited functionality)
│   ├── enterprise.json          # Multi-user/team deployment
│   └── docker-compose.secure.yml
├── scripts/
│   ├── security-audit.sh        # Comprehensive security check
│   ├── harden.sh                # Apply hardening automatically
│   ├── rotate-secrets.sh        # Credential rotation helper
│   ├── check-exposure.sh        # Shodan/network exposure check
│   ├── dependency-audit.sh      # Supply chain security
│   └── incident-response.sh     # Emergency containment
├── firewall/
│   ├── ufw-rules.sh             # UFW firewall rules
│   ├── iptables-rules.sh        # iptables alternative
│   └── pf.conf                  # macOS pf firewall
├── monitoring/
│   ├── falco-rules.yaml         # Runtime security monitoring
│   ├── auditd-rules.conf        # Linux audit rules
│   └── log-analysis.py          # Suspicious activity detector
├── docker/
│   ├── Dockerfile.hardened      # Security-focused container
│   └── docker-compose.secure.yml
├── systemd/
│   └── clawdbot-hardened.service
└── docs/
    ├── THREAT_MODEL.md
    ├── DEPLOYMENT_CHECKLIST.md
    └── SECURITY_FAQ.md

🔥 Critical Vulnerabilities Addressed

1. Gateway Authentication Bypass (Critical)

Issue: Default config allows unauthenticated access via reverse proxies

# Check if vulnerable
./scripts/check-exposure.sh

# Fix
./scripts/harden.sh --fix-gateway-auth

2. Plaintext Credential Storage (Critical)

Issue: API keys and tokens stored in readable JSON files

# Audit current exposure
./scripts/security-audit.sh --check-secrets

# Apply file permissions
./scripts/harden.sh --fix-permissions

3. Prompt Injection via External Hooks (High)

Issue: Email/webhook content interpolated without sanitization

# Review affected configurations
./scripts/security-audit.sh --check-hooks

4. Public Gateway Exposure (Critical)

Issue: 900+ instances found exposed via Shodan

# Check your exposure
./scripts/check-exposure.sh --shodan

# Apply network restrictions
./scripts/harden.sh --network

📋 Security Checklist

Run through this before deploying:

• Network: Gateway bound to loopback only (bind: "loopback")
• Auth: Gateway token set (CLAWDBOT_GATEWAY_TOKEN)
• DMs: Pairing mode enabled (not dmPolicy: "open")
• Groups: Require mention (requireMention: true)
• Permissions: ~/.clawdbot/ is 700, configs are 600
• Sandbox: Non-main sessions sandboxed
• Firewall: Port 18789 blocked from external
• Dependencies: No known vulnerable packages
• Secrets: No hardcoded credentials in config
• Logs: Sensitive data redaction enabled

🛠️ Configuration Profiles

Secure Baseline (Recommended)

For personal use with reasonable security:

cp configs/secure-baseline.json ~/.clawdbot/clawdbot.json

Paranoid Mode

Maximum security, some features disabled:

cp configs/paranoid-mode.json ~/.clawdbot/clawdbot.json

Enterprise

Multi-user deployment with audit logging:

cp configs/enterprise.json ~/.clawdbot/clawdbot.json

🚨 Incident Response

If you suspect compromise:

# Emergency containment (stops gateway, blocks network)
./scripts/incident-response.sh --contain

# Full response procedure
./scripts/incident-response.sh --full

See INCIDENT_RESPONSE.md for detailed procedures.

📚 Documentation

• Full Security Analysis - Detailed vulnerability breakdown
• Threat Model - Attack vectors and mitigations
• Deployment Checklist - Step-by-step secure deployment
• Security FAQ - Common questions answered

🔗 Related Resources

• Clawdbot Official Security Docs
• Issue #1796 - Argus Security Audit
• Issue #1971 - Gateway Authentication
• Issue #2245 - Reverse Proxy Exposure
• Chord - Security-focused Alternative

🤝 Contributing

Security improvements welcome! Please:

1. Report vulnerabilities privately first
2. Include reproduction steps
3. Suggest mitigations where possible

⚖️ Disclaimer

This toolkit is provided as-is for educational and defensive purposes. Always review scripts before running them. The authors are not responsible for any damage caused by misuse or misconfiguration.

📄 License

MIT License - See LICENSE for details.

---

Stay safe, stay patched, stay paranoid. 🦞🔒