ouyang/clawdbot
1
0
Fork 0
mirror of https://github.com/clawdbot/clawdbot.git synced 2026-02-01 03:47:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

docs: elevate security audit callout

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-18 23:37:12 +00:00
parent 5f975a4eff
commit 6f5205d826
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docs/gateway/security.md
View File

@@ -5,13 +5,6 @@ read_when:
---
# Security 🔒
Running an AI agent with shell access on your machine is... *spicy*. Heres how to not get pwned.
Clawdbot is both a product and an experiment: youre wiring frontier-model behavior into real messaging surfaces and real tools. **There is no “perfectly secure” setup.** The goal is to be deliberate about:
- who can talk to your bot
- where the bot is allowed to act
- what the bot can touch
## Quick check: `clawdbot security audit`
Run this regularly (especially after changing config or exposing network surfaces):
@@ -29,6 +22,13 @@ It flags common footguns (Gateway auth exposure, browser control exposure, eleva
- Turn `logging.redactSensitive="off"` back to `"tools"`.
- Tighten local perms (`~/.clawdbot``700`, config file → `600`, plus common state files like `credentials/*.json`, `agents/*/agent/auth-profiles.json`, and `agents/*/sessions/sessions.json`).
Running an AI agent with shell access on your machine is... *spicy*. Heres how to not get pwned.
Clawdbot is both a product and an experiment: youre wiring frontier-model behavior into real messaging surfaces and real tools. **There is no “perfectly secure” setup.** The goal is to be deliberate about:
- who can talk to your bot
- where the bot is allowed to act
- what the bot can touch
### What the audit checks (high level)
- **Inbound access** (DM policies, group policies, allowlists): can strangers trigger the bot?