let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(security): mention audit --fix

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-15 05:03:13 +00:00
parent 5e8693bc42
commit 0e76d21f11
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/gateway/security.md
View File

@@ -19,10 +19,16 @@ Run this regularly (especially after changing config or exposing network surface
```bash ```bash
clawdbot security audit clawdbot security audit
clawdbot security audit --deep clawdbot security audit --deep
clawdbot security audit --fix
``` ```
It flags common footguns (Gateway auth exposure, browser control exposure, elevated allowlists, filesystem permissions). It flags common footguns (Gateway auth exposure, browser control exposure, elevated allowlists, filesystem permissions).
`--fix` applies safe guardrails:
- Tighten `groupPolicy="open"` to `groupPolicy="allowlist"` (and per-account variants) for common channels.
- Turn `logging.redactSensitive="off"` back to `"tools"`.
- Tighten local perms (`~/.clawdbot``700`, config file → `600`).
## The Threat Model ## The Threat Model
Your AI assistant can: Your AI assistant can: