Docs
Gateway service runbook
Security πŸ”’

Security πŸ”’

Scope

This page is a placeholder generated from the official source file structure.

What to verify

  • TODO: Add prerequisites and validation checklist.

Outline (from official headings)

  • Quick check: clawdbot security audit
  • What the audit checks (high level)
  • Security Audit Checklist
  • Control UI over HTTP
  • Local session logs live on disk
  • Node execution (system.run)
  • Dynamic skills (watcher / remote nodes)
  • The Threat Model
  • Core concept: access control before intelligence
  • Plugins/extensions
  • DM access model (pairing / allowlist / open / disabled)
  • DM session isolation (multi-user mode)
  • Allowlists (DM + groups) β€” terminology
  • Prompt injection (what it is, why it matters)
  • Prompt injection does not require public DMs
  • Model strength (security note)
  • Reasoning & verbose output in groups
  • Incident Response (if you suspect compromise)
  • Lessons Learned (The Hard Way)
  • The find ~ Incident 🦞

Further reading

  • Official source file: gateway/security.md
SandboxingTailscale (Gateway dashboard)