From 8b56f0e68d977b9141bb5e24622b47707d3eb8de Mon Sep 17 00:00:00 2001
From: Peter Steinberger <steipete@gmail.com>
Date: Tue, 27 Jan 2026 03:30:26 +0000
Subject: [PATCH] docs: warn against public web binding

---
 SECURITY.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/SECURITY.md b/SECURITY.md
index 11aa0b781..5bc9c9112 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -13,6 +13,10 @@ For threat model + hardening guidance (including `clawdbot security audit --deep
 
 - `https://docs.clawd.bot/gateway/security`
 
+### Web Interface Safety
+
+Clawdbot's web interface is intended for local use only. Do **not** bind it to the public internet; it is not hardened for public exposure.
+
 ## Runtime Requirements
 
 ### Node.js Version