ClawGears
Conduct security audits for OpenClaw-based AI assistants on macOS to detect exposure risks, weak tokens, sensitive commands, and IP leaks.
Description
ClawGears Security Audit Skill
Overview
ClawGears is a security audit tool for OpenClaw/MoltBot/ClawdBot users on macOS. It helps detect and fix security vulnerabilities that could expose your AI assistant to the public internet.
🌟 New in v1.4.0: Context-Aware Risk Explanations
Instead of one-size-fits-all "best practices", ClawGears now provides scenario-based risk analysis:
- Each check explains what it protects and real impact by scenario
- Recommendations are graded: 🔴必须 / 🟠建议 / 🟡可选 / ⚪评估后决定
- Legitimate reasons to not fix are acknowledged
- Alternative compensating measures are suggested
Use this skill when:
- User asks about OpenClaw security
- User wants to check if their AI assistant is exposed
- User mentions "裸奔" (Chinese), "むき出し" (Japanese), "expuesto" (Spanish) or security concerns
- User wants to audit their OpenClaw configuration
- User asks about IP leak detection
Supported Languages: ClawGears README is available in 7 languages:
- 🇬🇧 English | 🇨🇳 中文 | 🇩🇪 Deutsch | 🇫🇷 Français | 🇮🇹 Italiano | 🇯🇵 日本語 | 🇪🇸 Español
⚠️ Requirements & Dependencies
System Binaries Required
| Binary | Purpose |
|---|---|
python3 |
JSON parsing |
curl |
HTTP requests, IP detection |
lsof |
Port and process inspection |
pgrep / pkill |
Process management |
openssl |
Token generation |
socketfilterfw |
macOS firewall control (/usr/libexec/ApplicationFirewall/socketfilterfw) |
Platform
- macOS only - Uses macOS-specific tools and paths
📁 Files Accessed
Read Operations
| Path | Purpose |
|---|---|
~/.openclaw/openclaw.json |
OpenClaw configuration (token, gateway settings) |
~/.openclaw/logs/ |
Gateway logs for anomaly detection |
/Library/Application Support/com.apple.TCC/TCC.db |
macOS TCC database (Full Disk Access, Accessibility) |
~/Library/Application Support/com.apple.TCC/TCC.db |
User-level TCC database |
Write Operations
| Path | Purpose |
|---|---|
./history/ |
Audit result storage (JSON, HTML reports) |
./reports/ |
Generated audit reports |
~/.openclaw/openclaw.json |
Configuration fixes (with --fix flag only) |
🌐 Network Calls
External Services (IP Detection)
| Domain | Purpose | Data Sent |
|---|---|---|
api.ipify.org |
Public IP detection | None (GET request) |
icanhazip.com |
Public IP detection (fallback) | None |
ifconfig.me/ip |
Public IP detection (fallback) | None |
External Services (Leak Detection)
| Domain | Purpose | Data Sent |
|---|---|---|
openclaw.allegro.earth |
OpenClaw exposure database check | Your public IP |
search.censys.io |
Censys scan database (link only, manual check) | None from script |
www.shodan.io |
Shodan scan database (link only, manual check) | None from script |
🔐 Privacy Notice
Before running this skill, please be aware:
-
IP Transmission: Your public IP address will be sent to:
api.ipify.org(or fallback services) for IP detectionopenclaw.allegro.earthfor exposure database check
-
Local File Access: This skill reads:
- Your OpenClaw configuration (including tokens)
- macOS TCC permission database
- Gateway logs
-
System Changes: The
interactive-fix.shscript can:- Modify OpenClaw configuration
- Generate new tokens
- Restart Gateway service
- Require
sudofor firewall changes
-
Recommendation: Review scripts before running. Run
quick-check.shfirst (read-only) before applying any fixes.
Security Risks Explained
Use this section to understand each risk, its actual impact, and whether it applies to your situation.
| Risk | What It Protects | Real Impact | Fix Priority |
|---|---|---|---|
| Gateway exposed | Prevent unauthorized access to your AI assistant | 🔴 Critical - Anyone on the internet can control your AI. Fix immediately if exposed. | Weak token |
| - ✅ Enable if Mac is portable or in shared spaces | |||
| - ⚠️ OK to disable if you need remote restart control (e.g., for Mac-to-Mac sync) | |||
| - If disabled, consider physical security measures instead | |||
| IP in leak database | Check if already exposed | 🟠 High - Your IP is in a public exposure database. Check before panicking: | |
| - If you've been using OpenClaw for a while without issues, it IP may have been indexed already. | |||
| - If you just started, use the tool: do a quick check and not a leak. | |||
| iCloud sync enabled | Prevent sensitive data cloud sync | 🟡 Low - iCloud may sync Documents, Desktop, Pictures by default. Evaluate based on your needs: | |
| - ✅ Enable if you store sensitive data in these folders | |||
| - ⚠️ OK to disable if you don't store sensitive data in these locations | |||
| - If disabled, consider using .gitignore for excluding patterns | |||
| SIP disabled | Protect system integrity | 🟡 Low - System-level protections are reduced. **Usually OK to keep enabled, - Only disable if you have a specific, legitimate reason (e.g., development, testing) | |
| - If disabled, be extra cautious about what you install |
Quick Security Check
Run a fast 5-second security audit (read-only, safe to run):
./scripts/quick-check.sh
This checks:
- Gateway network exposure
- Token strength
- Command injection protection
- TCC permissions
- Firewall status
Full Security Audit
Run comprehensive security check:
./scripts/generate-report.sh --format html --output ./reports
IP Leak Detection
Check if user's IP has been exposed in security databases:
./scripts/ip-leak-check.sh --all
Checks 3 databases:
- openclaw.allegro.earth - OpenClaw specific exposure database
- Censys - Internet-wide scanning database (https://search.censys.io)
- Shodan - IoT and service scanning database (https://www.shodan.io)
Interactive Fix
⚠️ Requires explicit user consent before running
Automatically fix common security issues:
./scripts/interactive-fix.sh
Options:
--bind- Rebind Gateway to localhost--token- Generate new strong token--deny- Add sensitive commands to deny list--restart- Restart Gateway service--all- Fix all issues
Workflow
When user asks about security:
-
First, run quick check to identify issues (read-only):
./scripts/quick-check.sh -
If issues found, explain risks and ask for consent before fixing:
./scripts/interactive-fix.sh --all -
Check IP exposure:
./scripts/ip-leak-check.sh --all -
Generate report for records:
./scripts/generate-report.sh --format html
Output Interpretation
Quick Check Results
| Symbol | Meaning |
|---|---|
| ✅ PASS | Security check passed |
| ⚠️ WARN | Warning, review recommended |
| ❌ FAIL | Critical issue, fix immediately |
IP Leak Results
| Result | Action |
|---|---|
| IP NOT in database | Continue monitoring |
| IP FOUND in database | URGENT: Close public access, regenerate tokens |
Important Reminders
- Always recommend running quick check first (read-only, safe)
- Explain risks in plain language before fixing
- Ask for explicit consent before running interactive-fix.sh
- Suggest periodic checks (weekly or after config changes)
- Warn about the 220,000+ exposed OpenClaw instances
Statistics
Over 220,000 OpenClaw instances are publicly exposed. Many API keys have already leaked to hacker databases.
Related Links
- GitHub: https://github.com/JinHanAI/ClawGears
- ClawHub: https://clawhub.ai
License
MIT-0 (ClawHub Platform License)
Reviews (0)
No reviews yet. Be the first to review!
Comments (0)
No comments yet. Be the first to share your thoughts!