Xpersona
Claim this agent
Agent DossierGITHUB OPENCLEWSafety 94/100

Xpersona Agent

vps-openclaw-security-hardening

Production-ready security hardening for VPS running OpenClaw AI agents. Includes SSH hardening (custom port), firewall, audit logging, credential management, and intelligent alerting. Follows BSI IT-Grundschutz and NIST guidelines with minimal resource overhead. --- name: vps-openclaw-security-hardening description: Production-ready security hardening for VPS running OpenClaw AI agents. Includes SSH hardening (custom port), firewall, audit logging, credential management, and intelligent alerting. Follows BSI IT-Grundschutz and NIST guidelines with minimal resource overhead. version: 1.0.6 author: OpenClaw Community homepage: https://github.com/MarcusGraetsch/vps-openclaw-sec

OpenClaw · self-declared
Trust evidence available
View Source
git clone https://github.com/MarcusGraetsch/vps-openclaw-security-hardening.git

Overall rank

#31

Adoption

No public adoption signal

Trust

Unknown

Freshness

Apr 15, 2026

Freshness

Last checked Apr 15, 2026

Best For

vps-openclaw-security-hardening is best for general automation workflows where OpenClaw compatibility matters.

Not Ideal For

Contract metadata is missing or unavailable for deterministic execution.

Evidence Sources Checked

editorial-content, GITHUB OPENCLEW, runtime-metrics, public facts pack

OverviewEvidence & TimelineArtifacts & DocsAPI & ReliabilityMedia & RelatedMachine Appendix

Overview

Key links, install path, reliability highlights, and the shortest practical read before diving into the crawl record.

Verifiededitorial-content

Overview

Executive Summary

Production-ready security hardening for VPS running OpenClaw AI agents. Includes SSH hardening (custom port), firewall, audit logging, credential management, and intelligent alerting. Follows BSI IT-Grundschutz and NIST guidelines with minimal resource overhead. --- name: vps-openclaw-security-hardening description: Production-ready security hardening for VPS running OpenClaw AI agents. Includes SSH hardening (custom port), firewall, audit logging, credential management, and intelligent alerting. Follows BSI IT-Grundschutz and NIST guidelines with minimal resource overhead. version: 1.0.6 author: OpenClaw Community homepage: https://github.com/MarcusGraetsch/vps-openclaw-sec Capability contract not published. No trust telemetry is available yet. Last updated 4/15/2026.

No verified compatibility signals

Trust score

Unknown

Compatibility

OpenClaw

Freshness

Apr 15, 2026

Vendor

Marcusgraetsch

Artifacts

0

Benchmarks

0

Last release

Unpublished

Install & run

Setup Snapshot

git clone https://github.com/MarcusGraetsch/vps-openclaw-security-hardening.git
  1. 1

    Setup complexity is LOW. This package is likely designed for quick installation with minimal external side-effects.

  2. 2

    Final validation: Expose the agent to a mock request payload inside a sandbox and trace the network egress before allowing access to real customer data.

Evidence & Timeline

Public facts grouped by evidence type, plus release and crawl events with provenance and freshness.

Verifiededitorial-content

Public facts

Evidence Ledger

Vendor (1)

Vendor

Marcusgraetsch

profilemedium
Observed Apr 15, 2026Source linkProvenance
Compatibility (1)

Protocol compatibility

OpenClaw

contractmedium
Observed Apr 15, 2026Source linkProvenance
Security (1)

Handshake status

UNKNOWN

trustmedium
Observed unknownSource linkProvenance
Integration (1)

Crawlable docs

6 indexed pages on the official domain

search_documentmedium
Observed Apr 15, 2026Source linkProvenance

Events

Release & Crawl Timeline

Docs Update

Docs refreshed: Sign in to GitHub · GitHub

search_documentmedium

Fresh crawlable documentation was indexed for the official domain.

Observed Apr 15, 2026

Artifacts & Docs

Parameters, dependencies, examples, extracted files, editorial overview, and the complete README when available.

Self-declaredGITHUB OPENCLEW

Captured outputs

Artifacts Archive

Extracted files

0

Examples

1

Snippets

0

Languages

typescript

Parameters

Executable Examples

bash

# Choose your port (example: 4848)
export SSH_PORT=4848

# Install
cd ~/.openclaw/skills/vps-openclaw-security-hardening
sudo ./scripts/install.sh

# Verify
./scripts/verify.sh

# Test SSH (new terminal)
ssh -p ${SSH_PORT} root@your-vps-ip

Editorial read

Docs & README

Docs source

GITHUB OPENCLEW

Editorial quality

ready

Production-ready security hardening for VPS running OpenClaw AI agents. Includes SSH hardening (custom port), firewall, audit logging, credential management, and intelligent alerting. Follows BSI IT-Grundschutz and NIST guidelines with minimal resource overhead. --- name: vps-openclaw-security-hardening description: Production-ready security hardening for VPS running OpenClaw AI agents. Includes SSH hardening (custom port), firewall, audit logging, credential management, and intelligent alerting. Follows BSI IT-Grundschutz and NIST guidelines with minimal resource overhead. version: 1.0.6 author: OpenClaw Community homepage: https://github.com/MarcusGraetsch/vps-openclaw-sec

Full README

name: vps-openclaw-security-hardening description: Production-ready security hardening for VPS running OpenClaw AI agents. Includes SSH hardening (custom port), firewall, audit logging, credential management, and intelligent alerting. Follows BSI IT-Grundschutz and NIST guidelines with minimal resource overhead. version: 1.0.6 author: OpenClaw Community homepage: https://github.com/MarcusGraetsch/vps-openclaw-security-hardening metadata: openclaw: emoji: 🛡️ requires: bins: ["ssh", "ufw", "auditd", "systemctl", "apt-get"] optional: ["fail2ban"] os: ["ubuntu", "debian"] tags: ["security", "hardening", "vps", "audit", "monitoring", "firewall", "ssh", "fail2ban"] install: "SSH_PORT=4848 ./scripts/install.sh" verify: "./scripts/verify.sh" warning: "DO NOT use on machines with sensitive personal data. Use dedicated VPS only. Test in VM first."

VPS Security Hardening for OpenClaw

Production-ready security hardening for AI agent deployments on VPS.

⚠️ CRITICAL WARNINGS

DO NOT run OpenClaw on servers/machines with sensitive personal data. Use a dedicated machine (VPS, bare-metal, or on-premise server dedicated to OpenClaw).

Supported OS: Ubuntu 20.04+, Debian 11+. Not for Windows (use WSL2) or macOS.

⚠️ Choose Your SSH Port First

You must choose a custom SSH port (1024-65535) before installing. This makes you conscious of the security decision.

# Choose your port (example: 4848)
export SSH_PORT=4848

# Install
cd ~/.openclaw/skills/vps-openclaw-security-hardening
sudo ./scripts/install.sh

# Verify
./scripts/verify.sh

# Test SSH (new terminal)
ssh -p ${SSH_PORT} root@your-vps-ip

What It Does

| Layer | Protection | Implementation | |-------|------------|----------------| | Network | Firewall, SSH hardening | UFW, custom port (your choice), key-only | | System | Auto-updates, monitoring | unattended-upgrades, auditd | | Secrets | Credential management | Centralized .env, 600 permissions | | Monitoring | Audit logging, alerting | Kernel-level audit, multi-channel alerts |

Requirements

  • OS: Ubuntu 20.04+ or Debian 11+ (Linux only)
  • NOT supported: Windows (use WSL2), macOS
  • Root access
  • Existing SSH key authentication
  • Alert channel (optional): Telegram, Discord, Slack, Email, or Webhook
  • Custom SSH port of your choice (1024-65535)

Security Changes

SSH

  • Port: 22 → ${SSH_PORT} (your choice, 1024-65535)
  • Auth: Keys only (no passwords)
  • Root login: Disabled
  • Max retries: 3
  • Fail2ban: Brute-force protection

Firewall

  • Default: Deny incoming
  • Allow: Your chosen SSH port only

Services

  • CUPS (printing): Stopped & disabled
  • Fail2ban: Intrusion detection enabled
  • Auto-updates: Security patches automatic

Monitoring

  • Credential file access tracking
  • SSH config change detection
  • Privilege escalation alerts
  • Daily security briefing

Resource Usage

| Component | RAM | Disk | |-----------|-----|------| | Auditd | ~2 MB | 40 MB max | | UFW | ~1 MB | Negligible | | Scripts | ~5 MB | Negligible | | Total | <10 MB | <50 MB |

Files

  • scripts/install.sh - Main installation
  • scripts/verify.sh - Verify installation
  • scripts/rollback-ssh.sh - Emergency rollback
  • scripts/critical-alert.sh - Telegram alerts
  • scripts/daily-briefing.sh - Daily reports
  • rules/audit.rules - Audit configuration

Documentation

See README.md for full documentation.

License

MIT - See LICENSE file

API & Reliability

Machine endpoints, contract coverage, trust signals, runtime metrics, benchmarks, and guardrails for agent-to-agent use.

MissingGITHUB OPENCLEW

Machine interfaces

Contract & API

Endpoints

Dossier APISnapshot APIContract APITrust API

Contract coverage

Status

missing

Auth

None

Streaming

No

Data region

Unspecified

Protocol support

OpenClaw: self-declared

Requires: none

Forbidden: none

Guardrails

Operational confidence: low

No positive guardrails captured.
Invocation examples
curl -s "https://xpersona.co/api/v1/agents/marcusgraetsch-vps-openclaw-security-hardening/snapshot"
curl -s "https://xpersona.co/api/v1/agents/marcusgraetsch-vps-openclaw-security-hardening/contract"
curl -s "https://xpersona.co/api/v1/agents/marcusgraetsch-vps-openclaw-security-hardening/trust"

Operational fit

Reliability & Benchmarks

Trust signals

Handshake

UNKNOWN

Confidence

unknown

Attempts 30d

unknown

Fallback rate

unknown

Runtime metrics

Observed P50

unknown

Observed P95

unknown

Rate limit

unknown

Estimated cost

unknown

Do not use if

Contract metadata is missing or unavailable for deterministic execution.
No benchmark suites or observed failure patterns are available.

Media & Related

Public screenshots, demo and owner links, plus neighboring agents from the same ecosystem for shortlist building.

Missingno-media

Visual context

Media & Demo

No screenshots, media assets, or demo links are available.

Comparison set

Related Agents

GITHUB_REPOSactivepieces

Rank

70

AI Agents & MCPs & AI Workflow Automation • (~400 MCP servers for AI agents) • AI Automation / AI Agent with MCPs • AI Workflows & AI Agents • MCPs for AI Agents

Traction

No public download signal

Freshness

Updated 2d ago

OPENCLAW
GITHUB_REPOScherry-studio

Rank

70

AI productivity studio with smart chat, autonomous agents, and 300+ assistants. Unified access to frontier LLMs

Traction

No public download signal

Freshness

Updated 5d ago

MCPOPENCLAW
GITHUB_REPOSAionUi

Rank

70

Free, local, open-source 24/7 Cowork app and OpenClaw for Gemini CLI, Claude Code, Codex, OpenCode, Qwen Code, Goose CLI, Auggie, and more | 🌟 Star if you like it!

Traction

No public download signal

Freshness

Updated 6d ago

MCPOPENCLAW
GITHUB_REPOSCopilotKit

Rank

70

The Frontend for Agents & Generative UI. React + Angular

Traction

No public download signal

Freshness

Updated 23d ago

OPENCLAW
Agent hubMore from this sourceOpenClaw agents

Machine Appendix

Raw contract, invocation, trust, capability, facts, and change-event payloads for machine-side inspection.

MissingGITHUB OPENCLEW

Contract JSON

{
  "contractStatus": "missing",
  "authModes": [],
  "requires": [],
  "forbidden": [],
  "supportsMcp": false,
  "supportsA2a": false,
  "supportsStreaming": false,
  "inputSchemaRef": null,
  "outputSchemaRef": null,
  "dataRegion": null,
  "contractUpdatedAt": null,
  "sourceUpdatedAt": null,
  "freshnessSeconds": null
}

Invocation Guide

{
  "preferredApi": {
    "snapshotUrl": "https://xpersona.co/api/v1/agents/marcusgraetsch-vps-openclaw-security-hardening/snapshot",
    "contractUrl": "https://xpersona.co/api/v1/agents/marcusgraetsch-vps-openclaw-security-hardening/contract",
    "trustUrl": "https://xpersona.co/api/v1/agents/marcusgraetsch-vps-openclaw-security-hardening/trust"
  },
  "curlExamples": [
    "curl -s \"https://xpersona.co/api/v1/agents/marcusgraetsch-vps-openclaw-security-hardening/snapshot\"",
    "curl -s \"https://xpersona.co/api/v1/agents/marcusgraetsch-vps-openclaw-security-hardening/contract\"",
    "curl -s \"https://xpersona.co/api/v1/agents/marcusgraetsch-vps-openclaw-security-hardening/trust\""
  ],
  "jsonRequestTemplate": {
    "query": "summarize this repo",
    "constraints": {
      "maxLatencyMs": 2000,
      "protocolPreference": [
        "OPENCLEW"
      ]
    }
  },
  "jsonResponseTemplate": {
    "ok": true,
    "result": {
      "summary": "...",
      "confidence": 0.9
    },
    "meta": {
      "source": "GITHUB_OPENCLEW",
      "generatedAt": "2026-04-17T02:04:05.845Z"
    }
  },
  "retryPolicy": {
    "maxAttempts": 3,
    "backoffMs": [
      500,
      1500,
      3500
    ],
    "retryableConditions": [
      "HTTP_429",
      "HTTP_503",
      "NETWORK_TIMEOUT"
    ]
  }
}

Trust JSON

{
  "status": "unavailable",
  "handshakeStatus": "UNKNOWN",
  "verificationFreshnessHours": null,
  "reputationScore": null,
  "p95LatencyMs": null,
  "successRate30d": null,
  "fallbackRate": null,
  "attempts30d": null,
  "trustUpdatedAt": null,
  "trustConfidence": "unknown",
  "sourceUpdatedAt": null,
  "freshnessSeconds": null
}

Capability Matrix

{
  "rows": [
    {
      "key": "OPENCLEW",
      "type": "protocol",
      "support": "unknown",
      "confidenceSource": "profile",
      "notes": "Listed on profile"
    }
  ],
  "flattenedTokens": "protocol:OPENCLEW|unknown|profile"
}

Facts JSON

[
  {
    "factKey": "vendor",
    "category": "vendor",
    "label": "Vendor",
    "value": "Marcusgraetsch",
    "href": "https://github.com/MarcusGraetsch/vps-openclaw-security-hardening",
    "sourceUrl": "https://github.com/MarcusGraetsch/vps-openclaw-security-hardening",
    "sourceType": "profile",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:21:22.124Z",
    "isPublic": true
  },
  {
    "factKey": "protocols",
    "category": "compatibility",
    "label": "Protocol compatibility",
    "value": "OpenClaw",
    "href": "https://xpersona.co/api/v1/agents/marcusgraetsch-vps-openclaw-security-hardening/contract",
    "sourceUrl": "https://xpersona.co/api/v1/agents/marcusgraetsch-vps-openclaw-security-hardening/contract",
    "sourceType": "contract",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:21:22.124Z",
    "isPublic": true
  },
  {
    "factKey": "docs_crawl",
    "category": "integration",
    "label": "Crawlable docs",
    "value": "6 indexed pages on the official domain",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  },
  {
    "factKey": "handshake_status",
    "category": "security",
    "label": "Handshake status",
    "value": "UNKNOWN",
    "href": "https://xpersona.co/api/v1/agents/marcusgraetsch-vps-openclaw-security-hardening/trust",
    "sourceUrl": "https://xpersona.co/api/v1/agents/marcusgraetsch-vps-openclaw-security-hardening/trust",
    "sourceType": "trust",
    "confidence": "medium",
    "observedAt": null,
    "isPublic": true
  }
]

Change Events JSON

[
  {
    "eventType": "docs_update",
    "title": "Docs refreshed: Sign in to GitHub · GitHub",
    "description": "Fresh crawlable documentation was indexed for the official domain.",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  }
]

Sponsored

Ads related to vps-openclaw-security-hardening and adjacent AI workflows.