Harden your Clawdbot VPS from exposed nightmare to private AI fortress.
A comprehensive security hardening skill for Clawdbot installations on VPS servers. Takes you from fresh Ubuntu to locked-down private AI server.
Running Clawdbot on a VPS without proper hardening is a security nightmare:
- Hundreds of exposed gateways leaving API keys and private chats vulnerable
- Infostealers actively targeting Clawdbot - RedLine, Lumma, and Vidar now sweep
~/.clawdbot/directories - Gateway token theft = RCE - One leaked token gives attackers shell access to your machine
- Open DM policies let strangers control your AI and inject malicious prompts
Implements defense-in-depth across four layers:
┌─────────────────────────────────────────────────────────────┐
│ Phase 1: OS Security │
│ └── SSH hardening, UFW firewall, Fail2ban │
├─────────────────────────────────────────────────────────────┤
│ Phase 2: Network Isolation │
│ └── Tailscale VPN, port restrictions, no public exposure │
├─────────────────────────────────────────────────────────────┤
│ Phase 3: Clawdbot Security │
│ └── DM allowlists, file permissions, sandboxing │
├─────────────────────────────────────────────────────────────┤
│ Phase 4: Verification │
│ └── Security audit, status checks, compliance validation │
└─────────────────────────────────────────────────────────────┘
# Download and run the hardening script
curl -fsSL https://raw.githubusercontent.com/dennisonbertram/clawdbot-safe/main/clawdbot-safe/scripts/harden.sh -o harden.sh
chmod +x harden.sh
# Run with your Telegram ID
./harden.sh --telegram-id YOUR_TELEGRAM_ID-
Download the skill:
curl -LO https://github.com/dennisonbertram/clawdbot-safe/releases/latest/download/clawdbot-safe.zip
-
Install in Claude Code:
unzip clawdbot-safe.zip -d ~/.claude/skills/ -
Invoke the skill:
/clawdbot-safe
Follow the step-by-step guide in SKILL.md.
- ✅ SSH: Key-only authentication, no root login
- ✅ Firewall: Default-deny incoming with UFW
- ✅ Brute-force protection: Fail2ban auto-bans attackers
- ✅ Tailscale VPN: Private mesh network for access
- ✅ No public SSH: Only accessible via Tailscale
- ✅ No public web ports: Gateway only via Tailscale
- ✅ Optional IPv6 disable: Reduced attack surface
- ✅ DM Policy: Allowlist mode (only you can message the bot)
- ✅ Group Policy: Allowlist with mention gating
- ✅ File Permissions: 600/700 on all sensitive files
- ✅ Gateway Auth: Token-based authentication
- ✅ Tool Sandboxing: Isolated execution environment
- ✅ Sensitive Logging: Redaction enabled
| Script | Purpose |
|---|---|
harden.sh |
Full automated hardening for fresh Ubuntu VPS |
verify.sh |
Post-hardening verification (checks all security controls) |
audit.sh |
Quick security status check |
After hardening, your setup should have:
- No public SSH (only via Tailscale 100.64.0.0/10)
- No public web ports (only via Tailscale)
- Server only reachable via Tailscale VPN
- Bot responds only to allowlisted user IDs
- All credential files have 600/700 permissions
-
clawdbot security audit --deeppasses
This skill protects against:
| Threat | Attack Vector | Protection |
|---|---|---|
| Credential Theft | Infostealers targeting ~/.clawdbot/ |
File permissions, encryption at rest |
| Unauthorized Access | Open DM policies, exposed ports | Allowlists, Tailscale isolation |
| Network Attacks | Public SSH/web exposure | UFW + Tailscale, Fail2ban |
| Prompt Injection | Malicious content in URLs/files | Sandboxing, model selection |
See threat_model.md for detailed analysis.
- Access via VPS provider's console/VNC
- Re-enable password auth:
sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config sudo systemctl reload ssh - Fix SSH keys, then re-harden
# 1. Stop gateway immediately
pkill -f clawdbot
# 2. Lock down network
sudo ufw default deny incoming && sudo ufw reload
# 3. Rotate ALL credentials
# See SKILL.md for full incident responseIssues and PRs welcome. Security issues should be reported privately.
MIT
"You buckle your seatbelts before you step on the gas."