docs(security): mention audit --fix

2026-01-15 05:03:13 +00:00
parent 5e8693bc42
commit 0e76d21f11
1 changed files with 6 additions and 0 deletions
--- a/docs/gateway/security.md
+++ b/docs/gateway/security.md
@@ -19,10 +19,16 @@ Run this regularly (especially after changing config or exposing network surface
 ```bash
 clawdbot security audit
 clawdbot security audit --deep
+clawdbot security audit --fix
 ```

 It flags common footguns (Gateway auth exposure, browser control exposure, elevated allowlists, filesystem permissions).

+`--fix` applies safe guardrails:
+- Tighten `groupPolicy="open"` to `groupPolicy="allowlist"` (and per-account variants) for common channels.
+- Turn `logging.redactSensitive="off"` back to `"tools"`.
+- Tighten local perms (`~/.clawdbot` → `700`, config file → `600`).
+
 ## The Threat Model

 Your AI assistant can: