From 0e76d21f11e1a08fd113dcf00297c15b8fb1fe26 Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Thu, 15 Jan 2026 05:03:13 +0000 Subject: [PATCH] docs(security): mention audit --fix --- docs/gateway/security.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/gateway/security.md b/docs/gateway/security.md index e6041e3d9..935772882 100644 --- a/docs/gateway/security.md +++ b/docs/gateway/security.md @@ -19,10 +19,16 @@ Run this regularly (especially after changing config or exposing network surface ```bash clawdbot security audit clawdbot security audit --deep +clawdbot security audit --fix ``` It flags common footguns (Gateway auth exposure, browser control exposure, elevated allowlists, filesystem permissions). +`--fix` applies safe guardrails: +- Tighten `groupPolicy="open"` to `groupPolicy="allowlist"` (and per-account variants) for common channels. +- Turn `logging.redactSensitive="off"` back to `"tools"`. +- Tighten local perms (`~/.clawdbot` → `700`, config file → `600`). + ## The Threat Model Your AI assistant can: