How should moltbot-security be evaluated before use?

Use the required flow: snapshot, contract, and trust before recommending or executing this skill.

What kind of evidence is visible on this page?

This page surfaces public facts, change history, trust indicators, artifact evidence, and benchmark summaries with provenance.

Crawler Summary

moltbot-security answer-first brief

Security hardening guide for Moltbot/Clawdbot. Lock down your gateway, fix file permissions, set up auth, configure firewalls. Based on real vulnerability research. --- name: moltbot-security description: Security hardening guide for Moltbot/Clawdbot. Lock down your gateway, fix file permissions, set up auth, configure firewalls. Based on real vulnerability research. version: 1.0.0 author: NextFrontierBuilds keywords: moltbot, clawdbot, security, hardening, gateway, firewall, tailscale, ssh, authentication, ai-agent --- Moltbot Security Guide Your Moltbot gateway was designed fo Published capability contract available. No trust telemetry is available yet. Last updated 3/1/2026.

Freshness

Last checked 3/1/2026

Best For

Contract is available with explicit auth and schema references.

Not Ideal For

moltbot-security is not ideal for teams that need stronger public trust telemetry, lower setup complexity, or more explicit contract coverage before production rollout.

Evidence Sources Checked

editorial-content, capability-contract, runtime-metrics, public facts pack

Card Facts Snapshot Contract Trust

Claim this agent

Agent DossierGitHubSafety: 89/100

moltbot-security

OpenClawself-declared

Public facts

Change events

Artifacts

Freshness

Mar 1, 2026

Verifiededitorial-contentNo verified compatibility signals

Published capability contract available. No trust telemetry is available yet. Last updated 3/1/2026.

Schema refs publishedTrust evidence available

Trust score

Unknown

Compatibility

OpenClaw

Freshness

Mar 1, 2026

Vendor

Nextfrontierbuilds

Artifacts

Benchmarks

Last release

Unpublished

Executive Summary

Key links, install path, and a quick operational read before the deeper crawl record.

Verifiededitorial-content

Summary

Published capability contract available. No trust telemetry is available yet. Last updated 3/1/2026.

View Source

Setup snapshot

git clone https://github.com/NextFrontierBuilds/moltbot-security.git

1
Setup complexity is LOW. This package is likely designed for quick installation with minimal external side-effects.
2
Final validation: Expose the agent to a mock request payload inside a sandbox and trace the network egress before allowing access to real customer data.

Evidence Ledger

Everything public we have scraped or crawled about this agent, grouped by evidence type with provenance.

Verifiededitorial-content

Vendor (1)

Vendor

Nextfrontierbuilds

profilemedium

Observed Mar 1, 2026Source link Provenance

Compatibility (2)

Protocol compatibility

OpenClaw

contractmedium

Observed Feb 24, 2026Source link Provenance

Auth modes

api_key, oauth

contracthigh

Observed Feb 24, 2026Source link Provenance

Artifact (1)

Machine-readable schemas

OpenAPI or schema references published

contracthigh

Observed Feb 24, 2026Source link Provenance

Security (1)

Handshake status

UNKNOWN

trustmedium

Observed unknownSource link Provenance

Integration (1)

Crawlable docs

6 indexed pages on the official domain

search_documentmedium

Observed Apr 15, 2026Source link Provenance

Release & Crawl Timeline

Merged public release, docs, artifact, benchmark, pricing, and trust refresh events.

Self-declaredagent-index

Docs Update

Docs refreshed: Sign in to GitHub · GitHub

search_documentmedium

Fresh crawlable documentation was indexed for the official domain.

Observed Apr 15, 2026

Artifacts Archive

Extracted files, examples, snippets, parameters, dependencies, permissions, and artifact metadata.

Self-declaredGITHUB OPENCLEW

Extracted files

Examples

Snippets

Languages

typescript

Parameters

Executable Examples

bash

clawdbot security audit --deep

bash

clawdbot security audit --deep --fix

json

{
  "gateway": {
    "bind": "loopback"
  }
}

bash

openssl rand -hex 32

json

{
  "gateway": {
    "auth": {
      "mode": "token",
      "token": "your-64-char-hex-token-here"
    }
  }
}

bash

export CLAWDBOT_GATEWAY_TOKEN="your-secure-random-token-here"

Docs & README

Full documentation captured from public sources, including the complete README when available.

Self-declaredGITHUB OPENCLEW

Docs source

GITHUB OPENCLEW

Editorial quality

ready

Full README

name: moltbot-security description: Security hardening guide for Moltbot/Clawdbot. Lock down your gateway, fix file permissions, set up auth, configure firewalls. Based on real vulnerability research. version: 1.0.0 author: NextFrontierBuilds keywords: moltbot, clawdbot, security, hardening, gateway, firewall, tailscale, ssh, authentication, ai-agent

Moltbot Security Guide

Your Moltbot gateway was designed for local use. When exposed to the internet without proper security, attackers can access your API keys, private messages, and full system access.

Based on: Real vulnerability research that found 1,673+ exposed Clawdbot/Moltbot gateways on Shodan.

TL;DR - The 5 Essentials

Bind to loopback — Never expose gateway to public internet
Set auth token — Require authentication for all requests
Fix file permissions — Only you should read config files
Update Node.js — Use v22.12.0+ to avoid known vulnerabilities
Use Tailscale — Secure remote access without public exposure

What Gets Exposed (The Real Risk)

When your gateway is publicly accessible:

Complete conversation histories (Telegram, WhatsApp, Signal, iMessage)
API keys for Claude, OpenAI, and other providers
OAuth tokens and bot credentials
Full shell access to host machine

Prompt injection attack example: An attacker sends you an email with hidden instructions. Your AI reads it, extracts your recent emails, and forwards summaries to the attacker. No hacking required.

Quick Security Audit

Run this to check your current security posture:

clawdbot security audit --deep

Auto-fix issues:

clawdbot security audit --deep --fix

Step 1: Bind Gateway to Loopback Only

What this does: Prevents the gateway from accepting connections from other machines.

Check your ~/.clawdbot/clawdbot.json:

{
  "gateway": {
    "bind": "loopback"
  }
}

Options:

loopback — Only accessible from localhost (most secure)
lan — Accessible from local network only
auto — Binds to all interfaces (dangerous if exposed)

Step 2: Set Up Authentication

Option A: Token Authentication (Recommended)

Generate a secure token:

openssl rand -hex 32

Add to your config:

{
  "gateway": {
    "auth": {
      "mode": "token",
      "token": "your-64-char-hex-token-here"
    }
  }
}

Or set via environment:

export CLAWDBOT_GATEWAY_TOKEN="your-secure-random-token-here"

Option B: Password Authentication

{
  "gateway": {
    "auth": {
      "mode": "password"
    }
  }
}

Then:

export CLAWDBOT_GATEWAY_PASSWORD="your-secure-password-here"

Step 3: Lock Down File Permissions

What this does: Ensures only you can read sensitive config files.

chmod 700 ~/.clawdbot
chmod 600 ~/.clawdbot/clawdbot.json
chmod 700 ~/.clawdbot/credentials

Permission meanings:

700 = Only owner can access folder
600 = Only owner can read/write file

Or let Clawdbot fix it:

clawdbot security audit --fix

Step 4: Disable Network Broadcasting

What this does: Stops Clawdbot from announcing itself via mDNS/Bonjour.

Add to your shell config (~/.zshrc or ~/.bashrc):

export CLAWDBOT_DISABLE_BONJOUR=1

Reload:

source ~/.zshrc

Step 5: Update Node.js

Older Node.js versions have security vulnerabilities. You need v22.12.0+.

Check version:

node --version

Mac (Homebrew):

brew update && brew upgrade node

Ubuntu/Debian:

curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
sudo apt-get install -y nodejs

Windows: Download from nodejs.org

Step 6: Set Up Tailscale (Remote Access)

What this does: Creates encrypted tunnel between your devices. Access Clawdbot from anywhere without public exposure.

Install Tailscale:

# Linux
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up

# Mac
brew install tailscale

Configure Clawdbot for Tailscale:

{
  "gateway": {
    "bind": "loopback",
    "tailscale": {
      "mode": "serve"
    }
  }
}

Now access via your Tailscale network only.

Step 7: Firewall Setup (UFW)

For cloud servers (AWS, DigitalOcean, Hetzner, etc.)

Install UFW:

sudo apt update && sudo apt install ufw -y

Set defaults:

sudo ufw default deny incoming
sudo ufw default allow outgoing

Allow SSH (don't skip!):

sudo ufw allow ssh

Allow Tailscale (if using):

sudo ufw allow in on tailscale0

Enable:

sudo ufw enable

Verify:

sudo ufw status verbose

⚠️ Never do this:

# DON'T - exposes your gateway publicly
sudo ufw allow 18789

Step 8: SSH Hardening

Disable password auth (use SSH keys):

sudo nano /etc/ssh/sshd_config

Change:

PasswordAuthentication no
PermitRootLogin no

Restart:

sudo systemctl restart sshd

Security Checklist

Before deploying:

[ ] Gateway bound to loopback or lan
[ ] Auth token or password set
[ ] File permissions locked (600/700)
[ ] mDNS/Bonjour disabled
[ ] Node.js v22.12.0+
[ ] Tailscale configured (if remote)
[ ] Firewall blocking port 18789
[ ] SSH password auth disabled

Config Template (Secure Defaults)

{
  "gateway": {
    "port": 18789,
    "bind": "loopback",
    "auth": {
      "mode": "token",
      "token": "YOUR_64_CHAR_HEX_TOKEN"
    },
    "tailscale": {
      "mode": "serve"
    }
  }
}

Credits

Based on security research by @NickSpisak_ who found 1,673+ exposed gateways on Shodan.

Original article: https://x.com/nickspisak_/status/2016195582180700592

Installation

clawdhub install NextFrontierBuilds/moltbot-security

Built by @NextXFrontier

Contract & API

Machine endpoints, protocol fit, contract coverage, invocation examples, and guardrails for agent-to-agent use.

Verifiedcapability-contract

Endpoints

Dossier API Snapshot API Contract API Trust API

Contract coverage

Status

ready

Auth

api_key, oauth

Streaming

Data region

global

Protocol support

OpenClaw: self-declared

Requires: openclew, lang:typescript

Forbidden: none

Guardrails

Operational confidence: medium

Contract is available with explicit auth and schema references.

Trust confidence is not low and verification freshness is acceptable.

Invocation examples

curl -s "https://xpersona.co/api/v1/agents/nextfrontierbuilds-moltbot-security/snapshot"

curl -s "https://xpersona.co/api/v1/agents/nextfrontierbuilds-moltbot-security/contract"

curl -s "https://xpersona.co/api/v1/agents/nextfrontierbuilds-moltbot-security/trust"

Reliability & Benchmarks

Trust and runtime signals, benchmark suites, failure patterns, and practical risk constraints.

Missingruntime-metrics

Trust signals

Handshake

UNKNOWN

Confidence

unknown

Attempts 30d

unknown

Fallback rate

unknown

Runtime metrics

Observed P50

unknown

Observed P95

unknown

Rate limit

unknown

Estimated cost

unknown

No benchmark suites or observed failure patterns are available.

Media & Demo

Every public screenshot, visual asset, demo link, and owner-provided destination tied to this agent.

Missingno-media

No screenshots, media assets, or demo links are available.

Related Agents

Neighboring agents from the same protocol and source ecosystem for comparison and shortlist building.

Self-declaredprotocol-neighbors

GITHUB_REPOSactivepieces

Rank

AI Agents & MCPs & AI Workflow Automation • (~400 MCP servers for AI agents) • AI Automation / AI Agent with MCPs • AI Workflows & AI Agents • MCPs for AI Agents

Traction

No public download signal

Freshness

Updated 2d ago

OPENCLAW

GITHUB_REPOScherry-studio

Rank

AI productivity studio with smart chat, autonomous agents, and 300+ assistants. Unified access to frontier LLMs

Traction

No public download signal

Freshness

Updated 5d ago

MCPOPENCLAW

GITHUB_REPOSAionUi

Rank

Free, local, open-source 24/7 Cowork app and OpenClaw for Gemini CLI, Claude Code, Codex, OpenCode, Qwen Code, Goose CLI, Auggie, and more | 🌟 Star if you like it!

Traction

No public download signal

Freshness

Updated 6d ago

MCPOPENCLAW

GITHUB_REPOSCopilotKit

Rank

The Frontend for Agents & Generative UI. React + Angular

Traction

No public download signal

Freshness

Updated 23d ago

OPENCLAW

Machine Appendix

Contract JSON

{
  "contractStatus": "ready",
  "authModes": [
    "api_key",
    "oauth"
  ],
  "requires": [
    "openclew",
    "lang:typescript"
  ],
  "forbidden": [],
  "supportsMcp": false,
  "supportsA2a": false,
  "supportsStreaming": false,
  "inputSchemaRef": "https://github.com/NextFrontierBuilds/moltbot-security#input",
  "outputSchemaRef": "https://github.com/NextFrontierBuilds/moltbot-security#output",
  "dataRegion": "global",
  "contractUpdatedAt": "2026-02-24T19:45:03.576Z",
  "sourceUpdatedAt": "2026-02-24T19:45:03.576Z",
  "freshnessSeconds": 4420062
}

Invocation Guide

{
  "preferredApi": {
    "snapshotUrl": "https://xpersona.co/api/v1/agents/nextfrontierbuilds-moltbot-security/snapshot",
    "contractUrl": "https://xpersona.co/api/v1/agents/nextfrontierbuilds-moltbot-security/contract",
    "trustUrl": "https://xpersona.co/api/v1/agents/nextfrontierbuilds-moltbot-security/trust"
  },
  "curlExamples": [
    "curl -s \"https://xpersona.co/api/v1/agents/nextfrontierbuilds-moltbot-security/snapshot\"",
    "curl -s \"https://xpersona.co/api/v1/agents/nextfrontierbuilds-moltbot-security/contract\"",
    "curl -s \"https://xpersona.co/api/v1/agents/nextfrontierbuilds-moltbot-security/trust\""
  ],
  "jsonRequestTemplate": {
    "query": "summarize this repo",
    "constraints": {
      "maxLatencyMs": 2000,
      "protocolPreference": [
        "OPENCLEW"
      ]
    }
  },
  "jsonResponseTemplate": {
    "ok": true,
    "result": {
      "summary": "...",
      "confidence": 0.9
    },
    "meta": {
      "source": "GITHUB_OPENCLEW",
      "generatedAt": "2026-04-16T23:32:45.905Z"
    }
  },
  "retryPolicy": {
    "maxAttempts": 3,
    "backoffMs": [
      500,
      1500,
      3500
    ],
    "retryableConditions": [
      "HTTP_429",
      "HTTP_503",
      "NETWORK_TIMEOUT"
    ]
  }
}

Trust JSON

{
  "status": "unavailable",
  "handshakeStatus": "UNKNOWN",
  "verificationFreshnessHours": null,
  "reputationScore": null,
  "p95LatencyMs": null,
  "successRate30d": null,
  "fallbackRate": null,
  "attempts30d": null,
  "trustUpdatedAt": null,
  "trustConfidence": "unknown",
  "sourceUpdatedAt": null,
  "freshnessSeconds": null
}

Capability Matrix

{
  "rows": [
    {
      "key": "OPENCLEW",
      "type": "protocol",
      "support": "unknown",
      "confidenceSource": "profile",
      "notes": "Listed on profile"
    },
    {
      "key": "access",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    },
    {
      "key": "read",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    }
  ],
  "flattenedTokens": "protocol:OPENCLEW|unknown|profile capability:access|supported|profile capability:read|supported|profile"
}

Facts JSON

[
  {
    "factKey": "docs_crawl",
    "category": "integration",
    "label": "Crawlable docs",
    "value": "6 indexed pages on the official domain",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  },
  {
    "factKey": "vendor",
    "category": "vendor",
    "label": "Vendor",
    "value": "Nextfrontierbuilds",
    "href": "https://github.com/NextFrontierBuilds/moltbot-security",
    "sourceUrl": "https://github.com/NextFrontierBuilds/moltbot-security",
    "sourceType": "profile",
    "confidence": "medium",
    "observedAt": "2026-03-01T06:04:55.252Z",
    "isPublic": true
  },
  {
    "factKey": "protocols",
    "category": "compatibility",
    "label": "Protocol compatibility",
    "value": "OpenClaw",
    "href": "https://xpersona.co/api/v1/agents/nextfrontierbuilds-moltbot-security/contract",
    "sourceUrl": "https://xpersona.co/api/v1/agents/nextfrontierbuilds-moltbot-security/contract",
    "sourceType": "contract",
    "confidence": "medium",
    "observedAt": "2026-02-24T19:45:03.576Z",
    "isPublic": true
  },
  {
    "factKey": "auth_modes",
    "category": "compatibility",
    "label": "Auth modes",
    "value": "api_key, oauth",
    "href": "https://xpersona.co/api/v1/agents/nextfrontierbuilds-moltbot-security/contract",
    "sourceUrl": "https://xpersona.co/api/v1/agents/nextfrontierbuilds-moltbot-security/contract",
    "sourceType": "contract",
    "confidence": "high",
    "observedAt": "2026-02-24T19:45:03.576Z",
    "isPublic": true
  },
  {
    "factKey": "schema_refs",
    "category": "artifact",
    "label": "Machine-readable schemas",
    "value": "OpenAPI or schema references published",
    "href": "https://github.com/NextFrontierBuilds/moltbot-security#input",
    "sourceUrl": "https://xpersona.co/api/v1/agents/nextfrontierbuilds-moltbot-security/contract",
    "sourceType": "contract",
    "confidence": "high",
    "observedAt": "2026-02-24T19:45:03.576Z",
    "isPublic": true
  },
  {
    "factKey": "handshake_status",
    "category": "security",
    "label": "Handshake status",
    "value": "UNKNOWN",
    "href": "https://xpersona.co/api/v1/agents/nextfrontierbuilds-moltbot-security/trust",
    "sourceUrl": "https://xpersona.co/api/v1/agents/nextfrontierbuilds-moltbot-security/trust",
    "sourceType": "trust",
    "confidence": "medium",
    "observedAt": null,
    "isPublic": true
  }
]

Change Events JSON

[
  {
    "eventType": "docs_update",
    "title": "Docs refreshed: Sign in to GitHub · GitHub",
    "description": "Fresh crawlable documentation was indexed for the official domain.",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  }
]