audit-openclaw-security
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
Chineseaudit-openclaw-security
审计并加固OpenClaw安全
Run a defensive, permissioned security audit of an OpenClaw deployment and turn the results into a practical remediation plan.
This revision is tuned for OpenClaw 2026.3.8 and uses when referencing bundled scripts from commands.
{baseDir}对OpenClaw部署执行防御性、权限受控的安全审计,并将结果转化为可落地的修复方案。
本版本适配OpenClaw 2026.3.8,引用命令中的捆绑脚本时使用路径。
{baseDir}Guardrails
防护准则
- Only audit systems the user owns or has explicit permission to assess.
- Never ask for raw secrets. Do not request gateway tokens/passwords, model API keys, session cookies, OAuth creds, or raw credential files.
- Prefer outputs that are designed to be shareable or redacted:
openclaw status --allopenclaw status --deepopenclaw gateway probe --jsonopenclaw security audit --jsonopenclaw security audit --deep --json
- Treat the Gateway, Control UI, browser control, paired nodes, and automation surfaces as operator-level access.
- Default to audit-only. Before any config edits, operations, firewall changes, or restarts, create a backup first and get explicit user approval.
--fix - When the user wants remediation, make the backup step explicit:
openclaw backup create --verify- use if the config is invalid but you still need state + creds
--no-include-workspace - use if the user only wants a minimal safety copy before edits
--only-config
- 仅审计用户拥有或已获得明确评估权限的系统。
- 切勿索要原始密钥。不要请求网关令牌/密码、模型API密钥、会话Cookie、OAuth凭证或原始凭证文件。
- 优先使用可共享或已脱敏的输出内容:
openclaw status --allopenclaw status --deepopenclaw gateway probe --jsonopenclaw security audit --jsonopenclaw security audit --deep --json
- 将Gateway、Control UI、浏览器控制、配对节点和自动化接口视为操作员级别的访问权限。
- 默认仅执行审计操作。在进行任何配置编辑、操作、防火墙变更或重启前,先创建备份并获得用户明确批准。
--fix - 当用户需要修复方案时,明确告知备份步骤:
openclaw backup create --verify- 如果配置无效但仍需保存状态和凭证,使用
--no-include-workspace - 如果用户仅需要最小化的安全副本用于编辑前备份,使用
--only-config
What “good” looks like
安全标准示例
- Gateway is bound to loopback unless there is a deliberate, defended reason not to.
- Strong Gateway auth is enabled.
- No accidental public exposure (LAN bind, port-forward, permissive reverse proxy, Tailscale Funnel).
- Control UI is either localhost/Serve or explicitly origin-restricted behind a trusted proxy.
- DMs require pairing or strict allowlists.
- Groups require mention gating and are not open if broad tools are enabled.
- is isolated appropriately:
session.dmScope- for most multi-user setups
per-channel-peer - when the same provider runs multiple accounts
per-account-channel-peer
- Tooling is least privilege:
- or stricter for inbox-facing agents
tools.profile: "messaging" - deny ,
group:runtime,group:fson untrusted surfacesgroup:automation tools.fs.workspaceOnly: true- or at least approval-gated
tools.exec.security: "deny" - unless there is a narrow, intentional need
tools.elevated.enabled: false
- Plugins and skills are explicitly trusted, minimally writable, and not used as an easy persistence path.
- Secrets, transcripts, and logs have tight permissions and an intentional retention plan.
- 除非有经过防护的明确需求,否则Gateway应绑定到回环地址。
- 启用强Gateway认证。
- 避免意外的公网暴露(LAN绑定、端口转发、宽松的反向代理、Tailscale Funnel)。
- Control UI要么部署在本地/Serve,要么通过可信代理进行明确的源限制。
- DM消息需要配对验证或严格的白名单。
- 群组需要提及限制,若启用了广泛工具则不应设置为开放群组。
- 需进行适当隔离:
session.dmScope- 大多数多用户场景使用
per-channel-peer - 当同一提供商运行多个账户时使用
per-account-channel-peer
- 大多数多用户场景使用
- 工具遵循最小权限原则:
- 面向收件箱的Agent使用或更严格的配置
tools.profile: "messaging" - 在不可信接口上拒绝、
group:runtime、group:fs权限group:automation - 设置
tools.fs.workspaceOnly: true - 或至少设置为需批准执行
tools.exec.security: "deny" - 除非有特定的明确需求,否则设置
tools.elevated.enabled: false
- 面向收件箱的Agent使用
- 插件和技能需经过明确信任,最小化可写权限,避免被用作简易持久化路径。
- 密钥、对话记录和日志需设置严格权限,并制定明确的留存计划。
Use the bundled files progressively
逐步使用捆绑文件
Only open the extra files you need for the task:
- — exact command ladders
references/command-cheatsheet.md - — current high-signal
references/openclaw-audit-checks.mdglossarycheckId - — secure baseline snippets
references/openclaw-baseline-config.md references/platform-mac-mini.mdreferences/platform-personal-laptop.mdreferences/platform-docker.mdreferences/platform-aws-ec2.md- — report structure
assets/report-template.md
仅打开完成任务所需的额外文件:
- — 完整命令指南
references/command-cheatsheet.md - — 当前高优先级
references/openclaw-audit-checks.md术语表checkId - — 安全基准配置片段
references/openclaw-baseline-config.md references/platform-mac-mini.mdreferences/platform-personal-laptop.mdreferences/platform-docker.mdreferences/platform-aws-ec2.md- — 报告结构模板
assets/report-template.md
Step 0 — Establish context quickly
步骤0 — 快速明确上下文
Collect just enough context to choose the audit path:
- Where is OpenClaw running?
- macOS host / Mac mini
- personal laptop
- Docker host
- EC2 / VPS / other cloud VM
- Install style?
- native install
- Docker / Compose
- source checkout
- Do we have local shell access?
- Mode A: chat-only / user runs commands
- Mode B: agent can run shell commands directly
收集足够的上下文信息以选择审计路径:
- OpenClaw运行在何处?
- macOS主机 / Mac mini
- 个人笔记本电脑
- Docker主机
- EC2 / VPS / 其他云虚拟机
- 安装方式?
- 原生安装
- Docker / Compose
- 源码编译安装
- 是否拥有本地Shell访问权限?
- 模式A:仅通过聊天交互 / 用户执行命令
- 模式B:Agent可直接执行Shell命令
Mode A — Assisted self-audit (chat-only)
模式A — 协助式自助审计(仅聊天交互)
Ask the user to run the following on the OpenClaw host and share the outputs.
请用户在OpenClaw主机上运行以下命令并分享输出结果。
Minimum audit set
最小审计命令集
bash
openclaw --version
openclaw status --all
openclaw status --deep
openclaw gateway status
openclaw gateway probe --json
openclaw channels status --probe
openclaw doctor
openclaw security audit --json
openclaw security audit --deep --jsonbash
openclaw --version
openclaw status --all
openclaw status --deep
openclaw gateway status
openclaw gateway probe --json
openclaw channels status --probe
openclaw doctor
openclaw security audit --json
openclaw security audit --deep --jsonHelpful extras
补充辅助命令
bash
openclaw health --json
openclaw backup create --dry-run --json
openclaw backup create --only-config --dry-run --json
openclaw skills list --eligible --json
openclaw plugins list --jsonbash
openclaw health --json
openclaw backup create --dry-run --json
openclaw backup create --only-config --dry-run --json
openclaw skills list --eligible --json
openclaw plugins list --jsonSafe targeted config reads
安全的定向配置读取
Prefer targeted reads over a full config dump:
bash
openclaw config get gateway.bind
openclaw config get gateway.auth.mode
openclaw config get gateway.auth.allowTailscale
openclaw config get gateway.controlUi.allowedOrigins
openclaw config get gateway.trustedProxies
openclaw config get gateway.allowRealIpFallback
openclaw config get discovery.mdns.mode
openclaw config get session.dmScope
openclaw config get tools.profile
openclaw config get tools.fs.workspaceOnly
openclaw config get tools.exec.security
openclaw config get tools.elevated.enabled
openclaw config get channels.defaults.dmPolicy
openclaw config get channels.defaults.groupPolicy
openclaw config get logging.redactSensitive优先使用定向读取而非完整配置导出:
bash
openclaw config get gateway.bind
openclaw config get gateway.auth.mode
openclaw config get gateway.auth.allowTailscale
openclaw config get gateway.controlUi.allowedOrigins
openclaw config get gateway.trustedProxies
openclaw config get gateway.allowRealIpFallback
openclaw config get discovery.mdns.mode
openclaw config get session.dmScope
openclaw config get tools.profile
openclaw config get tools.fs.workspaceOnly
openclaw config get tools.exec.security
openclaw config get tools.elevated.enabled
openclaw config get channels.defaults.dmPolicy
openclaw config get channels.defaults.groupPolicy
openclaw config get logging.redactSensitiveDM / group follow-up checks
DM / 群组后续核查
If the issue is “the bot is online but DMs or groups behave strangely”, check pairing and mention gating:
bash
openclaw pairing list <channel>Examples of include , , , , , , , and .
<channel>discordslacksignaltelegramwhatsappmatriximessagebluebubbles如果遇到“Bot在线但DM或群组行为异常”的问题,检查配对和提及限制:
bash
openclaw pairing list <channel><channel>discordslacksignaltelegramwhatsappmatriximessagebluebubblesIf the user must share the config
若用户必须分享配置文件
OpenClaw config is often JSON5-like. Redact it before sharing:
bash
python3 "{baseDir}/scripts/redact_openclaw_config.py" ~/.openclaw/openclaw.json > openclaw.json.redactedOpenClaw配置通常为类JSON5格式。分享前请先脱敏:
bash
python3 "{baseDir}/scripts/redact_openclaw_config.py" ~/.openclaw/openclaw.json > openclaw.json.redactedHost / network snapshots
主机 / 网络快照
macOS
bash
whoami
sw_vers
uname -a
lsof -nP -iTCP -sTCP:LISTEN
/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate
/usr/libexec/ApplicationFirewall/socketfilterfw --getstealthmode
fdesetup status || trueLinux / cloud VM
bash
whoami
cat /etc/os-release
uname -a
ss -ltnp
sudo ufw status verbose || true
sudo nft list ruleset || true
sudo iptables -S || trueDocker / Compose
bash
docker ps --format 'table {{.Names}} {{.Image}} {{.Ports}}'
docker compose ps || true
docker port openclaw-gateway 18789 || truemacOS
bash
whoami
sw_vers
uname -a
lsof -nP -iTCP -sTCP:LISTEN
/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate
/usr/libexec/ApplicationFirewall/socketfilterfw --getstealthmode
fdesetup status || trueLinux / 云虚拟机
bash
whoami
cat /etc/os-release
uname -a
ss -ltnp
sudo ufw status verbose || true
sudo nft list ruleset || true
sudo iptables -S || trueDocker / Compose
bash
docker ps --format 'table {{.Names}} {{.Image}} {{.Ports}}'
docker compose ps || true
docker port openclaw-gateway 18789 || trueMode B — Automated local audit (shell access)
模式B — 自动化本地审计(Shell访问)
Run the bundled collector and report renderer:
bash
bash "{baseDir}/scripts/collect_openclaw_audit.sh" --out ./openclaw-audit
python3 "{baseDir}/scripts/render_report.py" --input ./openclaw-audit --output ./openclaw-security-report.mdThen review , refine wording where needed, and present the final report to the user.
openclaw-security-report.md运行捆绑的收集器和报告渲染工具:
bash
bash "{baseDir}/scripts/collect_openclaw_audit.sh" --out ./openclaw-audit
python3 "{baseDir}/scripts/render_report.py" --input ./openclaw-audit --output ./openclaw-security-report.md然后查看,按需优化表述后将最终报告呈现给用户。
openclaw-security-report.mdNotes on the collector
收集器说明
- It is read-only by default.
- It does not run .
openclaw security audit --fix - It collects shareable CLI diagnostics plus basic host/network context.
- It now captures current high-value signals such as:
openclaw status --deepopenclaw gateway probe --jsonopenclaw channels status --probe- targeted safe values
config get - backup dry-run metadata
- 默认仅读取数据。
- 不会执行。
openclaw security audit --fix - 收集可共享的CLI诊断信息以及基础主机/网络上下文。
- 目前会捕获以下高价值信息:
openclaw status --deepopenclaw gateway probe --jsonopenclaw channels status --probe- 定向安全的值
config get - 备份试运行元数据
How to interpret the audit
如何解读审计结果
Use OpenClaw’s own security audit output as the primary source of truth, then translate it into a clear threat narrative.
以OpenClaw自身的安全审计输出为主要依据,将其转化为清晰的威胁说明。
Triage order
优先级排序
Prioritise in this order:
- Anything open + tools enabled
Lock down DMs/groups first, then tighten tool policy and sandboxing. - Public network exposure
LAN bind, Funnel, missing auth, weak reverse-proxy handling. - Browser / node / Control UI exposure
Treat these as operator access, not “just another feature”. - Filesystem permissions
State dir, config file, auth profiles, logs, and transcript locations. - Plugin / skill supply chain
Trust only what is intentionally installed and writable by the right user. - Model and prompt-injection resilience
Important, but not a substitute for access control.
按以下优先级处理:
- 开放接口+已启用工具
首先锁定DM/群组访问,然后收紧工具策略与沙箱设置。 - 公网暴露
LAN绑定、Funnel、缺失认证、宽松的反向代理配置。 - 浏览器 / 节点 / Control UI暴露
将这些视为操作员级访问权限,而非“普通功能”。 - 文件系统权限
状态目录、配置文件、认证配置文件、日志和对话记录的存储位置。 - 插件 / 技能供应链
仅信任有意安装且由正确用户拥有可写权限的组件。 - 模型与提示注入防护能力
重要但无法替代访问控制。
Findings that are easy to miss in newer OpenClaw builds
新版本OpenClaw中易被忽略的检测结果
Pay extra attention to these newer or high-signal check IDs:
gateway.control_ui.allowed_origins_requiredgateway.control_ui.host_header_origin_fallbackgateway.real_ip_fallback_enabledconfig.insecure_or_dangerous_flagssandbox.dangerous_network_modetools.exec.host_sandbox_no_sandbox_defaultstools.exec.host_sandbox_no_sandbox_agentstools.exec.safe_bins_interpreter_unprofiledskills.workspace.symlink_escapesecurity.exposure.open_groups_with_elevatedsecurity.exposure.open_groups_with_runtime_or_fssecurity.trust_model.multi_user_heuristic
Use and to map each finding to likely config paths and remediation areas.
references/openclaw-audit-checks.mdassets/openclaw_checkid_map.json特别关注以下新增或高优先级的检查ID:
gateway.control_ui.allowed_origins_requiredgateway.control_ui.host_header_origin_fallbackgateway.real_ip_fallback_enabledconfig.insecure_or_dangerous_flagssandbox.dangerous_network_modetools.exec.host_sandbox_no_sandbox_defaultstools.exec.host_sandbox_no_sandbox_agentstools.exec.safe_bins_interpreter_unprofiledskills.workspace.symlink_escapesecurity.exposure.open_groups_with_elevatedsecurity.exposure.open_groups_with_runtime_or_fssecurity.trust_model.multi_user_heuristic
使用和将每个检测结果映射到对应的配置路径和修复范围。
references/openclaw-audit-checks.mdassets/openclaw_checkid_map.jsonCore remediation patterns
核心修复模式
1) Gateway exposure and auth
1) 网关暴露与认证
- Prefer .
gateway.bind: "loopback" - Require token or password auth for anything beyond strictly local use.
- Do not treat values as protection for local WS access; actual protection comes from
gateway.remote.*.gateway.auth.* - If the user needs a new shared secret, is the safe boring path.
openclaw doctor --generate-gateway-token
- 优先设置。
gateway.bind: "loopback" - 对于非严格本地使用的场景,要求令牌或密码认证。
- 不要将配置视为本地WebSocket访问的保护措施;实际保护来自
gateway.remote.*配置。gateway.auth.* - 如果用户需要新的共享密钥,使用是安全可靠的方式。
openclaw doctor --generate-gateway-token
2) Reverse proxies and browser-origin policy
2) 反向代理与浏览器源策略
If there is a reverse proxy in front of the Gateway:
- configure
gateway.trustedProxies - keep unless there is a very specific need
gateway.allowRealIpFallback: false - for non-loopback Control UI use, set
gateway.controlUi.allowedOrigins - do not enable Host-header origin fallback unless the user knowingly accepts the downgrade
如果网关前部署了反向代理:
- 配置
gateway.trustedProxies - 除非有特殊需求,否则设置
gateway.allowRealIpFallback: false - 对于非回环的Control UI使用场景,设置
gateway.controlUi.allowedOrigins - 除非用户明确接受降级风险,否则不要启用Host-header源回退。
3) Tailscale Serve vs Funnel
3) Tailscale Serve vs Funnel
- keeps the Gateway tailnet-only.
tailscale.mode: "serve" - is public and should be treated as urgent/high risk.
tailscale.mode: "funnel" - can allow tokenless Control UI/WebSocket auth via Tailscale identity headers. That assumes the gateway host itself is trusted.
gateway.auth.allowTailscale - If untrusted code can run on the host, or if any reverse proxy sits in front of the gateway, disable and require token/password or trusted-proxy auth.
gateway.auth.allowTailscale
- 仅在Tailscale网络内开放网关。
tailscale.mode: "serve" - 会将网关暴露到公网,应视为高风险并紧急处理。
tailscale.mode: "funnel" - 可通过Tailscale身份头实现无令牌的Control UI/WebSocket认证,这要求网关主机本身是可信的。
gateway.auth.allowTailscale - 如果不可信代码可在主机上运行,或网关前部署了反向代理,禁用并要求令牌/密码或可信代理认证。
gateway.auth.allowTailscale
4) DM and group isolation
4) DM与群组隔离
- Use or
dmPolicy: "pairing"for inbox-facing bots.allowlist - For shared or support-style inboxes, set .
session.dmScope: "per-channel-peer" - For multi-account channel setups, prefer .
per-account-channel-peer - Avoid unless the tool surface is extremely limited.
groupPolicy: "open" - Require mentions in groups and use where native mentions are unreliable.
agents.list[].groupChat.mentionPatterns
- 面向收件箱的Bot使用或
dmPolicy: "pairing"。allowlist - 对于共享或支持类收件箱,设置。
session.dmScope: "per-channel-peer" - 对于多账户渠道配置,优先使用。
per-account-channel-peer - 除非工具接口极其有限,否则避免设置。
groupPolicy: "open" - 群组内要求提及Bot,并在原生提及不可靠的场景下使用。
agents.list[].groupChat.mentionPatterns
5) Tool surface reduction
5) 工具接口缩减
Start from the conservative baseline in .
references/openclaw-baseline-config.mdGood defaults for user-facing agents:
tools.profile: "messaging"- deny
group:automation - deny
group:runtime - deny
group:fs tools.fs.workspaceOnly: true- and
tools.exec.security: "deny"ask: "always" tools.exec.applyPatch.workspaceOnly: truetools.elevated.enabled: false
从中的保守基准配置开始。
references/openclaw-baseline-config.md面向用户的Agent推荐默认配置:
tools.profile: "messaging"- 拒绝权限
group:automation - 拒绝权限
group:runtime - 拒绝权限
group:fs tools.fs.workspaceOnly: true- 且
tools.exec.security: "deny"ask: "always" tools.exec.applyPatch.workspaceOnly: truetools.elevated.enabled: false
6) Node / browser / automation trust
6) 节点 / 浏览器 / 自动化信任
- Paired nodes are remote execution surfaces. Audit them like you would audit operator access.
- Browser control is not “just viewing pages”; it is effectively remote operator capability.
- /
gatewaytools create persistence and should not be reachable from untrusted chat surfaces.cron
- 配对节点是远程执行接口,需像审计操作员权限一样审计它们。
- 浏览器控制并非“仅查看页面”,而是等效于远程操作员能力。
- /
gateway工具会创建持久化任务,不应被不可信聊天接口访问。cron
7) Secrets, logs, transcripts, and writable paths
7) 密钥、日志、对话记录与可写路径
Audit and discuss these paths carefully without asking for raw contents:
~/.openclaw/openclaw.json~/.openclaw/secrets.json~/.openclaw/agents/<agentId>/agent/auth-profiles.json~/.openclaw/agents/<agentId>/sessions/*.jsonl/tmp/openclaw/openclaw-YYYY-MM-DD.log- pairing stores under
~/.openclaw/credentials/
仔细审计并讨论以下路径,但不要索要原始内容:
~/.openclaw/openclaw.json~/.openclaw/secrets.json~/.openclaw/agents/<agentId>/agent/auth-profiles.json~/.openclaw/agents/<agentId>/sessions/*.jsonl/tmp/openclaw/openclaw-YYYY-MM-DD.log- 下的配对存储文件
~/.openclaw/credentials/
Platform-specific guidance
平台专属指南
Load the matching playbook when the environment is clear:
- macOS host / Mac mini ->
references/platform-mac-mini.md - personal laptop ->
references/platform-personal-laptop.md - Docker / Compose ->
references/platform-docker.md - EC2 / VPS ->
references/platform-aws-ec2.md
明确环境后加载对应的操作手册:
- macOS主机 / Mac mini ->
references/platform-mac-mini.md - 个人笔记本电脑 ->
references/platform-personal-laptop.md - Docker / Compose ->
references/platform-docker.md - EC2 / VPS ->
references/platform-aws-ec2.md
Deliverable format
交付物格式
Use or the rendered report from .
assets/report-template.md{baseDir}/scripts/render_report.pyThe final deliverable should include:
- executive summary
- environment overview
- findings table with redacted evidence
- sequenced remediation plan
- verification commands
- residual risk / operational practices
使用或生成的报告。
assets/report-template.md{baseDir}/scripts/render_report.py最终交付物应包含:
- 执行摘要
- 环境概述
- 包含脱敏证据的检测结果表格
- 按顺序排列的修复计划
- 验证命令
- 剩余风险 / 操作建议
Troubleshooting notes
故障排除说明
“openclaw: command not found”
“openclaw: command not found”
- Confirm the CLI is installed and on .
PATH - On Windows, prefer WSL2 for shell-driven audit flows.
- Re-run the official install / update path, then retry .
openclaw --version
- 确认CLI已安装且在中。
PATH - 在Windows上,优先使用WSL2执行基于Shell的审计流程。
- 重新运行官方安装 / 更新流程,然后重试。
openclaw --version
“Gateway won’t start — configuration invalid”
“Gateway won’t start — configuration invalid”
OpenClaw now fails closed on invalid config keys, invalid values, or invalid types. That is intentional and security-relevant.
Use:
bash
openclaw doctor
openclaw doctor --fixEven when the config is invalid, diagnostic commands such as , , , and are still useful.
openclaw statusopenclaw gateway statusopenclaw gateway probeopenclaw healthOpenClaw现在会在配置键无效、值无效或类型不匹配时终止启动。这是出于安全考虑的设计。
使用以下命令:
bash
openclaw doctor
openclaw doctor --fix即使配置无效,、、和等诊断命令仍然可用。
openclaw statusopenclaw gateway statusopenclaw gateway probeopenclaw health“Runtime: running” but “RPC probe: failed”
“Runtime: running” but “RPC probe: failed”
Trust the probe details, not just the supervisor status:
Probe targetListeningLast gateway error
This often means service/config drift, auth mismatch, or a listener that is not actually reachable by the CLI.
信任探针详情而非仅看监控状态:
Probe targetListeningLast gateway error
这通常意味着服务/配置不一致、认证不匹配或CLI无法实际访问监听器。
“Bot is online but DMs fail”
“Bot is online but DMs fail”
Check:
bash
openclaw channels status --probe
openclaw pairing list <channel>Common root causes:
- pending pairing approval
- too strict for the expected sender
dmPolicy - provider-side permission or token drift
检查:
bash
openclaw channels status --probe
openclaw pairing list <channel>常见根本原因:
- 待处理的配对审批
- 对预期发送者过于严格
dmPolicy - 提供商侧权限或令牌失效
“Groups are silent”
“Groups are silent”
Check:
groupPolicyrequireMentionmentionPatterns- audit findings about open groups combined with runtime/fs/elevated tools
检查:
groupPolicyrequireMentionmentionPatterns- 关于开放群组结合runtime/fs/elevated工具的审计结果
Trigger tests (skill author sanity check)
触发测试(技能作者 sanity check)
Should trigger:
- “Can you audit my OpenClaw setup for security?”
- “My OpenClaw gateway is exposed through Tailscale Serve — is that okay?”
- “Interpret my findings.”
openclaw security audit --deep --json - “I’m running OpenClaw in Docker on a VPS; help me harden it.”
- “Why is my OpenClaw Control UI complaining about origins and trusted proxies?”
- “My bot is online but DMs don’t reply; can you audit pairing and access policy?”
Should not trigger:
- generic macOS hardening unrelated to OpenClaw
- generic Docker security unrelated to OpenClaw
- general AWS or VPS hardening unrelated to OpenClaw
- unrelated software audits
应触发本技能的场景:
- “你能审计我的OpenClaw设置的安全性吗?”
- “我的OpenClaw网关通过Tailscale Serve暴露,这样安全吗?”
- “帮我解读的检测结果。”
openclaw security audit --deep --json - “我在VPS上的Docker中运行OpenClaw,帮我加固它。”
- “为什么我的OpenClaw Control UI会提示源和可信代理的问题?”
- “我的Bot在线但不回复DM,你能审计配对和访问策略吗?”
不应触发本技能的场景:
- 与OpenClaw无关的通用macOS加固
- 与OpenClaw无关的通用Docker安全配置
- 与OpenClaw无关的通用AWS或VPS加固
- 无关软件的审计