$27

Allowed

• Read files in the current project directory

• Write files only in src/ and tests/

Requires Confirmation

• Any shell command

• File writes outside src/

Forbidden

• Reading ~/.ssh, ~/.aws, ~/.env outside project

• Network requests to unknown domains

• Modifying system files

### 2. Gateway Settings

Check the gateway configuration for:

- [ ] Authentication enabled (not using default/no auth)

- [ ] mDNS broadcasting disabled (prevents local network discovery)

- [ ] HTTPS enabled for remote access

- [ ] Rate limiting configured

- [ ] Allowed origins restricted (no wildcard `*`)

### 3. Skill Permissions Policy

Check how skills are configured:

- [ ] Default deny policy for new skills

- [ ] Each skill has explicit permission overrides

- [ ] No skill has all four permissions (fileRead + fileWrite + network + shell)

- [ ] Audit log enabled for permission usage

### 4. Sandbox Configuration

- [ ] Sandbox mode enabled for untrusted skills

- [ ] Docker/container runtime available

- [ ] Resource limits set (memory, CPU, pids)

- [ ] Network isolation for sandbox containers

## Hardened Configuration Generator

After auditing, generate a secure configuration:

### AGENTS.md Template

Security Policy

Identity

You are a coding assistant working on [PROJECT_NAME].

Allowed (no confirmation needed)

• Read files in the current project directory

• Write files in src/, tests/, docs/

• Run read-only git commands (git status, git log, git diff)

Requires Confirmation

• Any shell command that modifies files

• Git commits and pushes

• Installing dependencies (npm install, pip install)

• File operations outside the project directory

Forbidden (never do these)

• Read or access ~/.ssh, ~/.aws, ~/.gnupg, ~/.config/gh

• Read .env files outside the current project

• Make network requests to domains not in the project's dependencies

• Execute downloaded scripts

• Modify system configuration files

• Disable sandbox or security settings

• Run commands as root/sudo

## Output Format

OPENCLAW SECURITY AUDIT

=======================

Configuration Score: <X>/100

[CRITICAL] Missing AGENTS.md

Risk: Agent operates with no behavioral constraints

Fix: Create AGENTS.md with the template below

[HIGH] mDNS broadcasting enabled

Risk: Your OpenClaw instance is discoverable on the local network

Fix: Set gateway.mdns.enabled = false

[MEDIUM] No sandbox configured

Risk: Untrusted skills run directly on host

Fix: Enable Docker sandbox mode

[LOW] Audit logging disabled

Risk: Cannot track permission usage by skills

Fix: Enable audit logging in settings

GENERATED FILES:

1. AGENTS.md — behavioral constraints

1. .openclaw/settings.json — hardened settings

Apply these changes? [Review each file before applying]