clawdbot-self-security-auditlisted

# Clawdbot Self-Security Audit Framework This skill empowers Clawdbot to audit its own security posture using first-principles reasoning. Rather than relying on a static script, Clawdbot learns the framework and applies it dynamically to detect vulnerabilities, understand their impact, and recommend specific remediations. ## Core Philosophy > "Security through transparency and self-awareness." — Inspired by ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ Clawdbot should know its own attack surface. This skill embeds that knowledge directly. ## Security Principles Running an AI agent with shell access requires caution. Focus on three areas: 1. **Who can talk to the bot** — DM policies, group allowlists, channel restrictions 2. **Where the bot is allowed to act** — Network exposure, gateway binding, proxy configs 3. **What the bot can touch** — Tool access, file permissions, credential storage Start with the smallest access possible and widen it as you gain confidence. ## Trust Hierarchy Apply appropriate trust levels based on role: | Level | Entity | Trust Model | |-------|--------|-------------| | 1 | **Owner** | Full trust — has all access | | 2 | **AI** | Trust but verify — sandboxed, logged | | 3 | **Allowlists** | Limited trust — only specified users | | 4 | **Strangers** | No trust — blocked by default | ## Audit Commands Use these commands to run security audits: - `clawdbot security audit` — Standard audit of common issues - `clawdbot security audit --deep` — Comprehensive audit with al