Dont Hack Me
別駭我!基本安全檢測 — Security self-check for Clawdbot/Moltbot. Run a quick audit of your clawdbot.json to catch dangerous misconfigurations — exposed gateway, missing auth, open DM policy, weak tokens, loose file permissions. Auto-fix included. Invoke: "run a security check" or "幫我做安全檢查".
Why this rating
Deterministic checks triggered by the tool capabilities and evidence.
- Locality: Local
Reads and edits local files like `~/.clawdbot/clawdbot.json` and runs local shell commands (`stat`, `chmod`, `openssl`).
- Data access: Sensitive
The config can contain gateway auth tokens and other secret values that must be protected.
- Action surface: Write
Can modify security settings, generate/replace tokens, and change file permissions during the auto-fix flow.
Best practices
Follow these steps to reduce risk when using this skill.
- Review the report before choosing auto-fix, and keep a backup of `~/.clawdbot/clawdbot.json` (the skill recommends a `.bak`).
- If the gateway token is rotated, update paired clients and restart the gateway as instructed to avoid lockouts.
- Keep config files at `600`/`400` permissions and move secrets to env vars or a secrets manager when possible.
Evidence links
Public sources backing the indicator assignments.
Always be careful when navigating away from the website.
Max-risk rule
If any capability reaches a higher level, the entire indicator level bumps up to keep ratings deterministic and easy to scan.