Baseline Kit - OpenClaw Security Configuration
LiveSecure-by-default configuration templates for OpenClaw
HardeningCompliance
Baseline Kit - OpenClaw Security Configuration
Stop configuration mistakes before they become incidents.
The Problem
Most OpenClaw security incidents come from default configurations:
- Gateway exposed to public internet
- Overly permissive skill policies
- Missing audit logging
- No backup/recovery plan
The Solution
Baseline Kit generates secure-by-default configurations:
# Generate secure baseline
npx baseline-kit generate --profile strict
# Verify your current setup
npx baseline-kit audit
Configuration Profiles
| Profile | Use Case | Security Level |
|---|---|---|
| Development | Local testing | Balanced |
| Team | Small team shared | Enhanced |
| Enterprise | Production deployment | Strict |
| Air-gapped | No external network | Maximum |
Generated Configurations
openclaw.json
{
"gateway": {
"bind": "loopback",
"auth": {
"rateLimit": { "maxAttempts": 5, "windowMs": 60000 }
}
},
"skills": {
"allowedSources": ["clawhub.com"],
"requireVerification": true
},
"logging": {
"audit": true,
"retentionDays": 30
}
}
Audit Checklist
Baseline Kit verifies:
- Gateway not exposed to public internet
- Authentication rate limiting enabled
- Skill sources restricted
- Audit logging configured
- Backup strategy documented
- Secrets management in place
Compliance Mapping
- SOC 2 Type II
- ISO 27001
- NIST Cybersecurity Framework
信任层·社区画像
Trust Layer
Data handling is explicit
Open and auditable workflow
Runtime boundaries are transparent
Risk Note
Third-party skills may include hidden network calls or unsafe install scripts. Scan before use.