一键在 Manus 中运行任何 Skill

openclaw-security-hardening

Harden OpenClaw self-hosted environments with baseline host controls, auth tightening, secret handling, network segmentation, and safe update/rollback workflows. Use when deploying OpenClaw in home labs, startups, or production-like local AI infrastructure.

在 Manus 中运行

星标30

分支4

更新时间2026年5月22日 13:02

来源

BagelHole

BagelHole/DevOps-Security-Agent-Skills

打开 GitHub 仓库查看创作者相关仓库

安装命令

下载

在 Manus 中运行

适用职业SOC

其他计算机职业计算机与数学类职业15-1299L4

SKILL.md

readonly

name	openclaw-security-hardening
description	Harden OpenClaw self-hosted environments with baseline host controls, auth tightening, secret handling, network segmentation, and safe update/rollback workflows. Use when deploying OpenClaw in home labs, startups, or production-like local AI infrastructure.
license	MIT
metadata	{"author":"devops-skills","version":"1.0"}

OpenClaw Security Hardening

Use this skill to reduce exposure in self-hosted OpenClaw deployments before opening access to teammates or external networks.

Build a Threat Model First

Map the highest-risk assets and paths:

Admin/API endpoints for OpenClaw
Provider API keys and model credentials
Prompt/response logs containing sensitive business data
Host-level access (SSH, local admin accounts, remote desktop)

Prioritize controls that reduce credential theft, remote code execution blast radius, and data exfiltration.

Apply Baseline Host Hardening

Keep OS and package dependencies patched on a regular cadence.
Run OpenClaw as a dedicated non-admin user account.
Enable full-disk encryption and secure boot features where available.
Remove unnecessary services and block inbound ports by default.
Lock down remote admin (key-only SSH, no password login, limited source CIDRs).

Example Linux baseline checks:

id openclaw
sudo ss -tulpn
sudo ufw status verbose
sudo systemctl --failed

Harden Application Runtime

Bind OpenClaw to localhost or private VLAN by default.
Place a reverse proxy in front of OpenClaw for TLS, auth, and rate limits.
Enforce authentication on every non-health endpoint.
Disable debug/dev modes in persistent environments.
Restrict outbound egress to only required providers (LLM API, telemetry sink, package mirror).

Example reverse proxy controls to enforce:

TLS 1.2+ only
strict transport security header
request body size limits
request timeout and upstream timeout guardrails
per-IP and per-token rate limiting

Protect Secrets and Tokens

Store secrets in a vault or platform secret manager, not committed .env files.
Rotate provider and admin tokens on a fixed interval and after any incident.
Scope tokens minimally (least privilege, per-service keys).
Scan repos and deployment artifacts for leaked credentials before release.

Rotation checklist:

Generate replacement key.
Update runtime secret store.
Restart or reload OpenClaw.
Validate request success with new key.
Revoke old key.

Segment Network Access

Use layered access patterns:

Tier 1 (private): OpenClaw service port reachable only from app/proxy subnet.
Tier 2 (operator): Admin plane reachable only from VPN/Tailscale/WireGuard.
Tier 3 (public): Expose only hardened reverse proxy with strict ACLs.

Do not publish raw OpenClaw service ports directly to the internet.

Add Detection and Recovery Paths

Centralize auth, error, and audit logs.
Alert on brute-force attempts, token failures, and unusual outbound traffic.
Capture immutable backup snapshots of configs and prompt data retention settings.
Test rollback and restore procedures every release cycle.

Minimum operational runbook:

service restart path
key revocation path
incident isolation path (network block + token disable)
known-good rollback version

Validation Checklist

All sensitive endpoints require auth and are unreachable without VPN or gateway policy.
Secrets are absent from repo history and plaintext shared directories.
Host firewall default deny is active for inbound traffic.
TLS termination and rate limits are active at ingress.
Rollback drill can restore service within target RTO.

Related Skills

openclaw-local-mac-mini - Local OpenClaw hosting setup
multi-tenant-llm-hosting - Multi-tenant AI isolation patterns
zero-trust - Private access and identity-aware network controls

同仓库更多 Skills

同仓库

ai-pipeline-orchestration

BagelHole/DevOps-Security-Agent-Skills

Orchestrate AI/ML pipelines for data ingestion, model training, batch inference, and RAG indexing using Prefect, Airflow, or Dagster. Build reliable, observable, and retriable workflows for production AI systems.

2026-05-2230

llm-caching

BagelHole/DevOps-Security-Agent-Skills

Implement multi-layer LLM caching with exact match, semantic similarity, and provider-side prompt caching. Reduce API costs by 30–70%, cut latency, and improve throughput using Redis, GPTCache, and provider caching APIs.

2026-05-2230

llm-cost-optimization

BagelHole/DevOps-Security-Agent-Skills

Reduce LLM API and infrastructure costs through model selection, prompt caching, batching, caching, quantization, and self-hosting strategies. Track spend by team and model, set budgets, and implement cost-aware routing.

2026-05-2230

sre-dashboards

BagelHole/DevOps-Security-Agent-Skills

Design and operationalize SRE dashboards that surface reliability, latency, error, saturation, and capacity signals across services. Use when building observability views for SLOs, incident response, and executive reliability reporting.

2026-05-2230

model-serving-kubernetes

BagelHole/DevOps-Security-Agent-Skills

Deploy ML models on Kubernetes with KServe (formerly KFServing) and NVIDIA Triton Inference Server. Includes canary deployments, autoscaling, model versioning, A/B testing, and GPU resource management for production model serving.

2026-05-2230

vector-database-ops

BagelHole/DevOps-Security-Agent-Skills

Deploy, manage, and optimize vector databases for AI applications. Covers Qdrant, Weaviate, pgvector, and Pinecone — collection management, indexing strategies, backup, and performance tuning for production RAG and semantic search workloads.

2026-05-2230

name	openclaw-security-hardening
description	Harden OpenClaw self-hosted environments with baseline host controls, auth tightening, secret handling, network segmentation, and safe update/rollback workflows. Use when deploying OpenClaw in home labs, startups, or production-like local AI infrastructure.
license	MIT
metadata	{"author":"devops-skills","version":"1.0"}

OpenClaw Security Hardening

Use this skill to reduce exposure in self-hosted OpenClaw deployments before opening access to teammates or external networks.

Build a Threat Model First

Map the highest-risk assets and paths:

Admin/API endpoints for OpenClaw
Provider API keys and model credentials
Prompt/response logs containing sensitive business data
Host-level access (SSH, local admin accounts, remote desktop)

Prioritize controls that reduce credential theft, remote code execution blast radius, and data exfiltration.

Apply Baseline Host Hardening

Keep OS and package dependencies patched on a regular cadence.
Run OpenClaw as a dedicated non-admin user account.
Enable full-disk encryption and secure boot features where available.
Remove unnecessary services and block inbound ports by default.
Lock down remote admin (key-only SSH, no password login, limited source CIDRs).

Example Linux baseline checks:

id openclaw
sudo ss -tulpn
sudo ufw status verbose
sudo systemctl --failed

Harden Application Runtime

Bind OpenClaw to localhost or private VLAN by default.
Place a reverse proxy in front of OpenClaw for TLS, auth, and rate limits.
Enforce authentication on every non-health endpoint.
Disable debug/dev modes in persistent environments.
Restrict outbound egress to only required providers (LLM API, telemetry sink, package mirror).

Example reverse proxy controls to enforce:

TLS 1.2+ only
strict transport security header
request body size limits
request timeout and upstream timeout guardrails
per-IP and per-token rate limiting

Protect Secrets and Tokens

Store secrets in a vault or platform secret manager, not committed .env files.
Rotate provider and admin tokens on a fixed interval and after any incident.
Scope tokens minimally (least privilege, per-service keys).
Scan repos and deployment artifacts for leaked credentials before release.

Rotation checklist:

Generate replacement key.
Update runtime secret store.
Restart or reload OpenClaw.
Validate request success with new key.
Revoke old key.

Segment Network Access

Use layered access patterns:

Tier 1 (private): OpenClaw service port reachable only from app/proxy subnet.
Tier 2 (operator): Admin plane reachable only from VPN/Tailscale/WireGuard.
Tier 3 (public): Expose only hardened reverse proxy with strict ACLs.

Do not publish raw OpenClaw service ports directly to the internet.

Add Detection and Recovery Paths

Centralize auth, error, and audit logs.
Alert on brute-force attempts, token failures, and unusual outbound traffic.
Capture immutable backup snapshots of configs and prompt data retention settings.
Test rollback and restore procedures every release cycle.

Minimum operational runbook:

service restart path
key revocation path
incident isolation path (network block + token disable)
known-good rollback version

Validation Checklist

All sensitive endpoints require auth and are unreachable without VPN or gateway policy.
Secrets are absent from repo history and plaintext shared directories.
Host firewall default deny is active for inbound traffic.
TLS termination and rate limits are active at ingress.
Rollback drill can restore service within target RTO.

Related Skills

openclaw-local-mac-mini - Local OpenClaw hosting setup
multi-tenant-llm-hosting - Multi-tenant AI isolation patterns
zero-trust - Private access and identity-aware network controls