From 6f5205d826d1e01ebee5673d664661cc63ab9e08 Mon Sep 17 00:00:00 2001
From: Peter Steinberger <steipete@gmail.com>
Date: Sun, 18 Jan 2026 23:37:12 +0000
Subject: [PATCH] docs: elevate security audit callout

---
 docs/gateway/security.md | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/docs/gateway/security.md b/docs/gateway/security.md
index e18936fd2..04cb8ba33 100644
--- a/docs/gateway/security.md
+++ b/docs/gateway/security.md
@@ -5,13 +5,6 @@ read_when:
 ---
 # Security 🔒
 
-Running an AI agent with shell access on your machine is... *spicy*. Here’s how to not get pwned.
-
-Clawdbot is both a product and an experiment: you’re wiring frontier-model behavior into real messaging surfaces and real tools. **There is no “perfectly secure” setup.** The goal is to be deliberate about:
-- who can talk to your bot
-- where the bot is allowed to act
-- what the bot can touch
-
 ## Quick check: `clawdbot security audit`
 
 Run this regularly (especially after changing config or exposing network surfaces):
@@ -29,6 +22,13 @@ It flags common footguns (Gateway auth exposure, browser control exposure, eleva
 - Turn `logging.redactSensitive="off"` back to `"tools"`.
 - Tighten local perms (`~/.clawdbot` → `700`, config file → `600`, plus common state files like `credentials/*.json`, `agents/*/agent/auth-profiles.json`, and `agents/*/sessions/sessions.json`).
 
+Running an AI agent with shell access on your machine is... *spicy*. Here’s how to not get pwned.
+
+Clawdbot is both a product and an experiment: you’re wiring frontier-model behavior into real messaging surfaces and real tools. **There is no “perfectly secure” setup.** The goal is to be deliberate about:
+- who can talk to your bot
+- where the bot is allowed to act
+- what the bot can touch
+
 ### What the audit checks (high level)
 
 - **Inbound access** (DM policies, group policies, allowlists): can strangers trigger the bot?