📖 Documentation
Everything you need to secure your Clawdbot installation with ClawdGuard.
Quick Start
Install ClawdGuard with a single command:
curl -fsSL https://clawdguard.com/install.sh | bashThis will:
- Detect your operating system
- Verify Clawdbot is installed
- Run a comprehensive security audit
- Apply recommended hardening fixes
- Install the
clawdguardCLI
CLI Commands
clawdguard audit
Run a security audit on your Clawdbot installation.
clawdguard audit # Standard audit
clawdguard audit --deep # Comprehensive audit
clawdguard audit --fix # Audit + auto-fix issuesclawdguard score
Display your current security score.
clawdguard scoreScores are rated:
- 🟢 90-100: Excellent - Enterprise ready
- 🟡 70-89: Good - Safe for personal use
- 🟠 50-69: Fair - Some risks present
- 🔴 0-49: Critical - Immediate action needed
clawdguard log
View the action log showing recent Clawdbot activity.
clawdguard logclawdguard export
Export a compliance report in JSON format.
clawdguard exportclawdguard start
Start Clawdbot with pre-flight security checks.
clawdguard startSecurity Checks
ClawdGuard performs the following security checks:
🔴 Critical
- Gateway Authentication - Is auth enabled on the gateway?
- Exposed Ports - Are any ports open to the internet?
- API Key Storage - Are keys stored in plaintext configs?
🟡 High Priority
- Mention Requirements - Does the bot require @mentions?
- Sandbox Mode - Are untrusted operations sandboxed?
🟢 Recommended
- User Isolation - Running as dedicated user?
- File Permissions - Are config files properly locked?
Best Practices
1. Use a Dedicated Machine
Run Clawdbot on a dedicated Mac Mini or Linux box, not your daily driver. This isolates any potential security issues.
2. Store API Keys in Environment Variables
Never put API keys directly in config files. Use environment variables:
# In ~/.zshrc or ~/.bashrc
export OPENAI_API_KEY="sk-..."
export ANTHROPIC_API_KEY="sk-ant-..."3. Enable Gateway Authentication
Always enable authentication on your Clawdbot gateway to prevent unauthorized access.
4. Use Mention Requirements
Configure Clawdbot to only respond when @mentioned, preventing it from acting on every message.
5. Run Regular Audits
Schedule regular security audits:
# Add to crontab for weekly audits
0 9 * * 1 clawdguard audit --deepTroubleshooting
Command not found: clawdguard
The CLI may need sudo to install globally. Run:
sudo bash -c "$(curl -fsSL https://clawdguard.com/install.sh)"Low security score after install
Run the audit with auto-fix:
clawdguard audit --fixGateway not detected
Make sure Clawdbot is installed and the gateway is running:
clawdbot gateway statusSupport
Need help? Here's how to reach us:
- GitHub Issues: Report a bug
- Twitter: @jeffweisbein