ClawAudit verdict
moltbot-security
Security hardening guide for AI agent gateways; teaches users to bind to loopback, set auth tokens, fix permissions, and use Tailscale — defensive security documentation with no malicious patterns.
⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Permission integrity
network_out
package_install
Findings (8)
Possible hardcoded credential
SKILL.md · code · TOKEN="your-secure-random-token-here
Pipe-to-shell pattern (curl | sh) — supply chain attack vector
SKILL.md · code · curl -fsSL https://tailscale.com/install.sh | sh
Pipe to sh — executes piped content as shell commands
SKILL.md · code · | sh
Accesses OpenClaw config/secrets directly
SKILL.md · code · ~/.openclaw/openclaw.json
Accesses shell history/config
SKILL.md · code · ~/.zshrc
References sudo — requests elevated privileges
SKILL.md · code · sudo
apt-get install — installs system packages
SKILL.md · code · apt-get install
Sets world-executable permissions
SKILL.md · code · chmod 700
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class A). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
No declared permissions — minimal attack surface.
network_outpackage_install Is this flag fair?
Thanks — recorded.