openclaw-server-secure-skillComprehensive security hardening and installation guide for OpenClaw (formerly Clawdbot/Moltbot). Use this skill when the user wants to secure a server, install the OpenClaw agent, or configure Tailscale/Firewall for the agent.
Install via ClawdBot CLI:
clawdbot install kime541200/openclaw-server-secure-skillThis skill guides the setup of a secure, self-hosted OpenClaw instance. It covers SSH hardening, Firewall configuration, Tailscale VPN setup, and the OpenClaw installation itself.
/etc/ssh/sshd_config.
# Backup config
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
# Disable Password Auth
sudo sed -i 's/^#*PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config
# Disable Root Login
sudo sed -i 's/^#*PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config
# Reload SSH
sudo sshd -t && sudo systemctl reload ssh
sudo apt update && sudo apt install ufw -y
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw enableNote: Ensure you have console access or a fallback before enabling if SSH is not yet allowed on another interface, though we configure Tailscale next.
sudo apt install fail2ban -y
sudo systemctl enable --now fail2ban
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up
# Allow SSH over Tailscale
sudo ufw allow from 100.64.0.0/10 to any port 22 proto tcp
# Remove public SSH access (Adjust rule name/number as needed)
sudo ufw delete allow OpenSSH || sudo ufw delete allow 22/tcp
# Allow Web ports over Tailscale
sudo ufw allow from 100.64.0.0/10 to any port 443 proto tcp
sudo ufw allow from 100.64.0.0/10 to any port 80 proto tcp
sudo sed -i 's/IPV6=yes/IPV6=no/' /etc/default/ufw
if ! grep -q "net.ipv6.conf.all.disable_ipv6 = 1" /etc/sysctl.conf; then
echo "net.ipv6.conf.all.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
fi
sudo sysctl -p && sudo ufw reload
npm install -g openclaw && openclaw doctoropenclaw doctor):
{
"dmPolicy": "allowlist",
"allowFrom": ["YOUR_TELEGRAM_ID"],
"groupPolicy": "allowlist"
}
chmod 700 ~/.openclaw/credentials 2>/dev/null || true
chmod 600 .env 2>/dev/null || true
openclaw security audit --deepRun to confirm:
sudo ufw status verbose
ss -tulnp
tailscale status
openclaw doctorGenerated Mar 1, 2026
A small business needs to deploy a self-hosted OpenClaw agent on a cloud server (e.g., AWS EC2 or DigitalOcean droplet) to manage customer interactions via Telegram. This skill guides them through hardening SSH, setting up a firewall, and using Tailscale for secure VPN access, ensuring the server is protected from unauthorized access and brute-force attacks while enabling remote administration.
A healthcare organization wants to deploy OpenClaw for internal communication or patient support while complying with data privacy regulations (e.g., HIPAA). This skill helps secure the server by disabling public SSH, configuring Tailscale for encrypted network traffic, and restricting access to specific Telegram IDs, minimizing exposure of sensitive health data.
A tech startup is setting up a development or staging server for OpenClaw to test new features before production. This skill provides step-by-step instructions to lock down SSH, install fail2ban for brute-force protection, and configure UFW to allow only Tailscale traffic, creating a secure sandbox environment that reduces the risk of breaches during testing.
A university research team needs to deploy OpenClaw for data collection or automation projects, requiring a secure server accessible only to authorized team members. This skill guides them through SSH key-based authentication, firewall setup to block public access, and Tailscale integration for private networking, ensuring compliance with institutional security policies.
Offer a subscription-based service where you use this skill to secure and maintain OpenClaw servers for clients, handling updates, audits, and troubleshooting. Revenue comes from monthly fees, with potential upsells for 24/7 monitoring or custom configurations tailored to client needs.
Provide one-time consulting or implementation services to businesses deploying OpenClaw, using this skill as a guide to harden servers, set up Tailscale, and configure access controls. Revenue is generated through project-based fees, with opportunities for follow-up support or training sessions.
Integrate this skill into a larger SaaS platform that offers automated server management tools, allowing users to deploy and secure OpenClaw with a few clicks. Revenue streams include subscription tiers for the platform, with premium features like automated security audits or compliance reporting.
💬 Integration Tip
Before enabling UFW, ensure you have console access or a fallback method (e.g., existing SSH session) to avoid locking yourself out, especially when removing public SSH rules during Tailscale configuration.
Transform AI agents from task-followers into proactive partners that anticipate needs and continuously improve. Now with WAL Protocol, Working Buffer, Autonomous Crons, and battle-tested patterns. Part of the Hal Stack 🦞
Use the ClawdHub CLI to search, install, update, and publish agent skills from clawdhub.com. Use when you need to fetch new skills on the fly, sync installed skills to latest or a specific version, or publish new/updated skill folders with the npm-installed clawdhub CLI.
Clawdbot documentation expert with decision tree navigation, search scripts, doc fetching, version tracking, and config snippets for all Clawdbot features
Interact with Moltbook social network for AI agents. Post, reply, browse, and analyze engagement. Use when the user wants to engage with Moltbook, check their feed, reply to posts, or track their activity on the agent social network.
OpenClaw CLI wrapper — gateway, channels, models, agents, nodes, browser, memory, security, automation.
MoltGuard — runtime security plugin for OpenClaw agents by OpenGuardrails. Helps users install, register, activate, and check the status of MoltGuard. Use wh...