audit-openclaw-security

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

audit-openclaw-security

审计并加固OpenClaw安全

Run a defensive, permissioned security audit of an OpenClaw deployment and turn the results into a practical remediation plan.

This revision is tuned for OpenClaw 2026.3.8 and uses

{baseDir}

when referencing bundled scripts from commands.

对OpenClaw部署执行防御性、权限受控的安全审计，并将结果转化为可落地的修复方案。

本版本适配OpenClaw 2026.3.8，引用命令中的捆绑脚本时使用

{baseDir}

路径。

Guardrails

防护准则

Only audit systems the user owns or has explicit permission to assess.
Never ask for raw secrets. Do not request gateway tokens/passwords, model API keys, session cookies, OAuth creds, or raw credential files.

Prefer outputs that are designed to be shareable or redacted:

```
openclaw status --all
```
```
openclaw status --deep
```
```
openclaw gateway probe --json
```
```
openclaw security audit --json
```
```
openclaw security audit --deep --json
```

Treat the Gateway, Control UI, browser control, paired nodes, and automation surfaces as operator-level access.
Default to audit-only. Before any config edits,
```
--fix
```
operations, firewall changes, or restarts, create a backup first and get explicit user approval.
When the user wants remediation, make the backup step explicit:
- ```
openclaw backup create --verify
```
- use
```
--no-include-workspace
```
  if the config is invalid but you still need state + creds
- use
```
--only-config
```
  if the user only wants a minimal safety copy before edits

仅审计用户拥有或已获得明确评估权限的系统。
切勿索要原始密钥。不要请求网关令牌/密码、模型API密钥、会话Cookie、OAuth凭证或原始凭证文件。

优先使用可共享或已脱敏的输出内容：

```
openclaw status --all
```
```
openclaw status --deep
```
```
openclaw gateway probe --json
```
```
openclaw security audit --json
```
```
openclaw security audit --deep --json
```

将Gateway、Control UI、浏览器控制、配对节点和自动化接口视为操作员级别的访问权限。
默认仅执行审计操作。在进行任何配置编辑、
```
--fix
```
操作、防火墙变更或重启前，先创建备份并获得用户明确批准。
当用户需要修复方案时，明确告知备份步骤：
- ```
openclaw backup create --verify
```
- 如果配置无效但仍需保存状态和凭证，使用
```
--no-include-workspace
```
- 如果用户仅需要最小化的安全副本用于编辑前备份，使用
```
--only-config
```

What “good” looks like

安全标准示例

Gateway is bound to loopback unless there is a deliberate, defended reason not to.
Strong Gateway auth is enabled.
No accidental public exposure (LAN bind, port-forward, permissive reverse proxy, Tailscale Funnel).
Control UI is either localhost/Serve or explicitly origin-restricted behind a trusted proxy.
DMs require pairing or strict allowlists.
Groups require mention gating and are not open if broad tools are enabled.
```
session.dmScope
```
is isolated appropriately:
- ```
per-channel-peer
```
  for most multi-user setups
- ```
per-account-channel-peer
```
  when the same provider runs multiple accounts
Tooling is least privilege:
- ```
tools.profile: "messaging"
```
  or stricter for inbox-facing agents
- deny
```
group:runtime
```
  ,
```
group:fs
```
  ,
```
group:automation
```
  on untrusted surfaces
- ```
tools.fs.workspaceOnly: true
```
- ```
tools.exec.security: "deny"
```
  or at least approval-gated
- ```
tools.elevated.enabled: false
```
  unless there is a narrow, intentional need
Plugins and skills are explicitly trusted, minimally writable, and not used as an easy persistence path.
Secrets, transcripts, and logs have tight permissions and an intentional retention plan.

除非有经过防护的明确需求，否则Gateway应绑定到回环地址。
启用强Gateway认证。
避免意外的公网暴露（LAN绑定、端口转发、宽松的反向代理、Tailscale Funnel）。
Control UI要么部署在本地/Serve，要么通过可信代理进行明确的源限制。
DM消息需要配对验证或严格的白名单。
群组需要提及限制，若启用了广泛工具则不应设置为开放群组。
```
session.dmScope
```
需进行适当隔离：
- 大多数多用户场景使用
```
per-channel-peer
```
- 当同一提供商运行多个账户时使用
```
per-account-channel-peer
```
工具遵循最小权限原则：
- 面向收件箱的Agent使用
```
tools.profile: "messaging"
```
  或更严格的配置
- 在不可信接口上拒绝
```
group:runtime
```
  、
```
group:fs
```
  、
```
group:automation
```
  权限
- 设置
```
tools.fs.workspaceOnly: true
```
- ```
tools.exec.security: "deny"
```
  或至少设置为需批准执行
- 除非有特定的明确需求，否则设置
```
tools.elevated.enabled: false
```
插件和技能需经过明确信任，最小化可写权限，避免被用作简易持久化路径。
密钥、对话记录和日志需设置严格权限，并制定明确的留存计划。

Use the bundled files progressively

逐步使用捆绑文件

Only open the extra files you need for the task:

```
references/command-cheatsheet.md
```
— exact command ladders

references/openclaw-audit-checks.md

— current high-signal

checkId

glossary

```
references/openclaw-baseline-config.md
```
— secure baseline snippets
```
references/platform-mac-mini.md
```
```
references/platform-personal-laptop.md
```
```
references/platform-docker.md
```
```
references/platform-aws-ec2.md
```
```
assets/report-template.md
```
— report structure

仅打开完成任务所需的额外文件：

```
references/command-cheatsheet.md
```
— 完整命令指南

references/openclaw-audit-checks.md

— 当前高优先级

checkId

术语表

```
references/openclaw-baseline-config.md
```
— 安全基准配置片段
```
references/platform-mac-mini.md
```
```
references/platform-personal-laptop.md
```
```
references/platform-docker.md
```
```
references/platform-aws-ec2.md
```
```
assets/report-template.md
```
— 报告结构模板

Step 0 — Establish context quickly

步骤0 — 快速明确上下文

Collect just enough context to choose the audit path:

Where is OpenClaw running?
- macOS host / Mac mini
- personal laptop
- Docker host
- EC2 / VPS / other cloud VM
Install style?
- native install
- Docker / Compose
- source checkout
Do we have local shell access?
- Mode A: chat-only / user runs commands
- Mode B: agent can run shell commands directly

收集足够的上下文信息以选择审计路径：

OpenClaw运行在何处？
- macOS主机 / Mac mini
- 个人笔记本电脑
- Docker主机
- EC2 / VPS / 其他云虚拟机
安装方式？
- 原生安装
- Docker / Compose
- 源码编译安装
是否拥有本地Shell访问权限？
- 模式A：仅通过聊天交互 / 用户执行命令
- 模式B：Agent可直接执行Shell命令

Mode A — Assisted self-audit (chat-only)

模式A — 协助式自助审计（仅聊天交互）

Ask the user to run the following on the OpenClaw host and share the outputs.

请用户在OpenClaw主机上运行以下命令并分享输出结果。

Minimum audit set

最小审计命令集

bash

openclaw --version
openclaw status --all
openclaw status --deep
openclaw gateway status
openclaw gateway probe --json
openclaw channels status --probe
openclaw doctor
openclaw security audit --json
openclaw security audit --deep --json

bash

openclaw --version
openclaw status --all
openclaw status --deep
openclaw gateway status
openclaw gateway probe --json
openclaw channels status --probe
openclaw doctor
openclaw security audit --json
openclaw security audit --deep --json

Helpful extras

补充辅助命令

bash

openclaw health --json
openclaw backup create --dry-run --json
openclaw backup create --only-config --dry-run --json
openclaw skills list --eligible --json
openclaw plugins list --json

bash

openclaw health --json
openclaw backup create --dry-run --json
openclaw backup create --only-config --dry-run --json
openclaw skills list --eligible --json
openclaw plugins list --json

Safe targeted config reads

安全的定向配置读取

Prefer targeted reads over a full config dump:

bash

openclaw config get gateway.bind
openclaw config get gateway.auth.mode
openclaw config get gateway.auth.allowTailscale
openclaw config get gateway.controlUi.allowedOrigins
openclaw config get gateway.trustedProxies
openclaw config get gateway.allowRealIpFallback
openclaw config get discovery.mdns.mode
openclaw config get session.dmScope
openclaw config get tools.profile
openclaw config get tools.fs.workspaceOnly
openclaw config get tools.exec.security
openclaw config get tools.elevated.enabled
openclaw config get channels.defaults.dmPolicy
openclaw config get channels.defaults.groupPolicy
openclaw config get logging.redactSensitive

优先使用定向读取而非完整配置导出：

bash

openclaw config get gateway.bind
openclaw config get gateway.auth.mode
openclaw config get gateway.auth.allowTailscale
openclaw config get gateway.controlUi.allowedOrigins
openclaw config get gateway.trustedProxies
openclaw config get gateway.allowRealIpFallback
openclaw config get discovery.mdns.mode
openclaw config get session.dmScope
openclaw config get tools.profile
openclaw config get tools.fs.workspaceOnly
openclaw config get tools.exec.security
openclaw config get tools.elevated.enabled
openclaw config get channels.defaults.dmPolicy
openclaw config get channels.defaults.groupPolicy
openclaw config get logging.redactSensitive

DM / group follow-up checks

DM / 群组后续核查

If the issue is “the bot is online but DMs or groups behave strangely”, check pairing and mention gating:

bash

openclaw pairing list <channel>

Examples of

<channel>

include

discord

slack

signal

telegram

whatsapp

matrix

imessage

, and

bluebubbles

如果遇到“Bot在线但DM或群组行为异常”的问题，检查配对和提及限制：

bash

openclaw pairing list <channel>

<channel>

的示例包括

discord

、

slack

、

signal

、

telegram

、

whatsapp

、

matrix

、

imessage

和

bluebubbles

。

If the user must share the config

若用户必须分享配置文件

OpenClaw config is often JSON5-like. Redact it before sharing:

bash

python3 "{baseDir}/scripts/redact_openclaw_config.py" ~/.openclaw/openclaw.json > openclaw.json.redacted

OpenClaw配置通常为类JSON5格式。分享前请先脱敏：

bash

python3 "{baseDir}/scripts/redact_openclaw_config.py" ~/.openclaw/openclaw.json > openclaw.json.redacted

Host / network snapshots

主机 / 网络快照

macOS

bash

whoami
sw_vers
uname -a
lsof -nP -iTCP -sTCP:LISTEN
/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate
/usr/libexec/ApplicationFirewall/socketfilterfw --getstealthmode
fdesetup status || true

Linux / cloud VM

bash

whoami
cat /etc/os-release
uname -a
ss -ltnp
sudo ufw status verbose || true
sudo nft list ruleset || true
sudo iptables -S || true

Docker / Compose

bash

docker ps --format 'table {{.Names}}	{{.Image}}	{{.Ports}}'
docker compose ps || true
docker port openclaw-gateway 18789 || true

macOS

bash

whoami
sw_vers
uname -a
lsof -nP -iTCP -sTCP:LISTEN
/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate
/usr/libexec/ApplicationFirewall/socketfilterfw --getstealthmode
fdesetup status || true

Linux / 云虚拟机

bash

whoami
cat /etc/os-release
uname -a
ss -ltnp
sudo ufw status verbose || true
sudo nft list ruleset || true
sudo iptables -S || true

Docker / Compose

bash

docker ps --format 'table {{.Names}}	{{.Image}}	{{.Ports}}'
docker compose ps || true
docker port openclaw-gateway 18789 || true

Mode B — Automated local audit (shell access)

模式B — 自动化本地审计（Shell访问）

Run the bundled collector and report renderer:

bash

bash "{baseDir}/scripts/collect_openclaw_audit.sh" --out ./openclaw-audit
python3 "{baseDir}/scripts/render_report.py" --input ./openclaw-audit --output ./openclaw-security-report.md

Then review

openclaw-security-report.md

, refine wording where needed, and present the final report to the user.

运行捆绑的收集器和报告渲染工具：

bash

bash "{baseDir}/scripts/collect_openclaw_audit.sh" --out ./openclaw-audit
python3 "{baseDir}/scripts/render_report.py" --input ./openclaw-audit --output ./openclaw-security-report.md

然后查看

openclaw-security-report.md

，按需优化表述后将最终报告呈现给用户。

Notes on the collector

收集器说明

It is read-only by default.
It does not run
```
openclaw security audit --fix
```
.
It collects shareable CLI diagnostics plus basic host/network context.

It now captures current high-value signals such as:

```
openclaw status --deep
```
```
openclaw gateway probe --json
```
```
openclaw channels status --probe
```
targeted safe
```
config get
```
values
backup dry-run metadata

默认仅读取数据。
不会执行
```
openclaw security audit --fix
```
。
收集可共享的CLI诊断信息以及基础主机/网络上下文。

目前会捕获以下高价值信息：

```
openclaw status --deep
```
```
openclaw gateway probe --json
```
```
openclaw channels status --probe
```
定向安全的
```
config get
```
值
备份试运行元数据

How to interpret the audit

如何解读审计结果

Use OpenClaw’s own security audit output as the primary source of truth, then translate it into a clear threat narrative.

以OpenClaw自身的安全审计输出为主要依据，将其转化为清晰的威胁说明。

Triage order

优先级排序

Prioritise in this order:

Anything open + tools enabled
Lock down DMs/groups first, then tighten tool policy and sandboxing.
Public network exposure
LAN bind, Funnel, missing auth, weak reverse-proxy handling.
Browser / node / Control UI exposure
Treat these as operator access, not “just another feature”.
Filesystem permissions
State dir, config file, auth profiles, logs, and transcript locations.
Plugin / skill supply chain
Trust only what is intentionally installed and writable by the right user.
Model and prompt-injection resilience
Important, but not a substitute for access control.

按以下优先级处理：

开放接口+已启用工具
首先锁定DM/群组访问，然后收紧工具策略与沙箱设置。
公网暴露
LAN绑定、Funnel、缺失认证、宽松的反向代理配置。
浏览器 / 节点 / Control UI暴露
将这些视为操作员级访问权限，而非“普通功能”。
文件系统权限
状态目录、配置文件、认证配置文件、日志和对话记录的存储位置。
插件 / 技能供应链
仅信任有意安装且由正确用户拥有可写权限的组件。
模型与提示注入防护能力
重要但无法替代访问控制。

Findings that are easy to miss in newer OpenClaw builds

新版本OpenClaw中易被忽略的检测结果

Pay extra attention to these newer or high-signal check IDs:

gateway.control_ui.allowed_origins_required

gateway.control_ui.host_header_origin_fallback

```
gateway.real_ip_fallback_enabled
```
```
config.insecure_or_dangerous_flags
```
```
sandbox.dangerous_network_mode
```

tools.exec.host_sandbox_no_sandbox_defaults

tools.exec.host_sandbox_no_sandbox_agents

tools.exec.safe_bins_interpreter_unprofiled

```
skills.workspace.symlink_escape
```

security.exposure.open_groups_with_elevated

security.exposure.open_groups_with_runtime_or_fs

security.trust_model.multi_user_heuristic

Use

references/openclaw-audit-checks.md

and

assets/openclaw_checkid_map.json

to map each finding to likely config paths and remediation areas.

特别关注以下新增或高优先级的检查ID：

gateway.control_ui.allowed_origins_required

gateway.control_ui.host_header_origin_fallback

```
gateway.real_ip_fallback_enabled
```
```
config.insecure_or_dangerous_flags
```
```
sandbox.dangerous_network_mode
```

tools.exec.host_sandbox_no_sandbox_defaults

tools.exec.host_sandbox_no_sandbox_agents

tools.exec.safe_bins_interpreter_unprofiled

```
skills.workspace.symlink_escape
```

security.exposure.open_groups_with_elevated

security.exposure.open_groups_with_runtime_or_fs

security.trust_model.multi_user_heuristic

使用

references/openclaw-audit-checks.md

和

assets/openclaw_checkid_map.json

将每个检测结果映射到对应的配置路径和修复范围。

Core remediation patterns

核心修复模式

1) Gateway exposure and auth

1) 网关暴露与认证

Prefer
```
gateway.bind: "loopback"
```
.
Require token or password auth for anything beyond strictly local use.
Do not treat
```
gateway.remote.*
```
values as protection for local WS access; actual protection comes from
```
gateway.auth.*
```
.
If the user needs a new shared secret,
```
openclaw doctor --generate-gateway-token
```
is the safe boring path.

优先设置
```
gateway.bind: "loopback"
```
。
对于非严格本地使用的场景，要求令牌或密码认证。
不要将
```
gateway.remote.*
```
配置视为本地WebSocket访问的保护措施；实际保护来自
```
gateway.auth.*
```
配置。
如果用户需要新的共享密钥，使用
```
openclaw doctor --generate-gateway-token
```
是安全可靠的方式。

2) Reverse proxies and browser-origin policy

2) 反向代理与浏览器源策略

If there is a reverse proxy in front of the Gateway:

configure
```
gateway.trustedProxies
```
keep
```
gateway.allowRealIpFallback: false
```
unless there is a very specific need
for non-loopback Control UI use, set
```
gateway.controlUi.allowedOrigins
```
do not enable Host-header origin fallback unless the user knowingly accepts the downgrade

如果网关前部署了反向代理：

配置
```
gateway.trustedProxies
```
除非有特殊需求，否则设置
```
gateway.allowRealIpFallback: false
```
对于非回环的Control UI使用场景，设置
```
gateway.controlUi.allowedOrigins
```
除非用户明确接受降级风险，否则不要启用Host-header源回退。

3) Tailscale Serve vs Funnel

```
tailscale.mode: "serve"
```
keeps the Gateway tailnet-only.
```
tailscale.mode: "funnel"
```
is public and should be treated as urgent/high risk.
```
gateway.auth.allowTailscale
```
can allow tokenless Control UI/WebSocket auth via Tailscale identity headers. That assumes the gateway host itself is trusted.
If untrusted code can run on the host, or if any reverse proxy sits in front of the gateway, disable
```
gateway.auth.allowTailscale
```
and require token/password or trusted-proxy auth.

```
tailscale.mode: "serve"
```
仅在Tailscale网络内开放网关。
```
tailscale.mode: "funnel"
```
会将网关暴露到公网，应视为高风险并紧急处理。
```
gateway.auth.allowTailscale
```
可通过Tailscale身份头实现无令牌的Control UI/WebSocket认证，这要求网关主机本身是可信的。
如果不可信代码可在主机上运行，或网关前部署了反向代理，禁用
```
gateway.auth.allowTailscale
```
并要求令牌/密码或可信代理认证。

4) DM and group isolation

4) DM与群组隔离

Use
```
dmPolicy: "pairing"
```
or
```
allowlist
```
for inbox-facing bots.
For shared or support-style inboxes, set
```
session.dmScope: "per-channel-peer"
```
.
For multi-account channel setups, prefer
```
per-account-channel-peer
```
.
Avoid
```
groupPolicy: "open"
```
unless the tool surface is extremely limited.
Require mentions in groups and use
```
agents.list[].groupChat.mentionPatterns
```
where native mentions are unreliable.

面向收件箱的Bot使用
```
dmPolicy: "pairing"
```
或
```
allowlist
```
。
对于共享或支持类收件箱，设置
```
session.dmScope: "per-channel-peer"
```
。
对于多账户渠道配置，优先使用
```
per-account-channel-peer
```
。
除非工具接口极其有限，否则避免设置
```
groupPolicy: "open"
```
。
群组内要求提及Bot，并在原生提及不可靠的场景下使用
```
agents.list[].groupChat.mentionPatterns
```
。

5) Tool surface reduction

5) 工具接口缩减

Start from the conservative baseline in

references/openclaw-baseline-config.md

Good defaults for user-facing agents:

```
tools.profile: "messaging"
```
deny
```
group:automation
```
deny
```
group:runtime
```
deny
```
group:fs
```
```
tools.fs.workspaceOnly: true
```

tools.exec.security: "deny"

and

ask: "always"

tools.exec.applyPatch.workspaceOnly: true

```
tools.elevated.enabled: false
```

从

references/openclaw-baseline-config.md

中的保守基准配置开始。

面向用户的Agent推荐默认配置：

```
tools.profile: "messaging"
```
拒绝
```
group:automation
```
权限
拒绝
```
group:runtime
```
权限
拒绝
```
group:fs
```
权限
```
tools.fs.workspaceOnly: true
```

tools.exec.security: "deny"

且

ask: "always"

tools.exec.applyPatch.workspaceOnly: true

```
tools.elevated.enabled: false
```

6) Node / browser / automation trust

6) 节点 / 浏览器 / 自动化信任

Paired nodes are remote execution surfaces. Audit them like you would audit operator access.
Browser control is not “just viewing pages”; it is effectively remote operator capability.
```
gateway
```
/
```
cron
```
tools create persistence and should not be reachable from untrusted chat surfaces.

配对节点是远程执行接口，需像审计操作员权限一样审计它们。
浏览器控制并非“仅查看页面”，而是等效于远程操作员能力。
```
gateway
```
/
```
cron
```
工具会创建持久化任务，不应被不可信聊天接口访问。

7) Secrets, logs, transcripts, and writable paths

7) 密钥、日志、对话记录与可写路径

Audit and discuss these paths carefully without asking for raw contents:

```
~/.openclaw/openclaw.json
```
```
~/.openclaw/secrets.json
```

~/.openclaw/agents/<agentId>/agent/auth-profiles.json

~/.openclaw/agents/<agentId>/sessions/*.jsonl

```
/tmp/openclaw/openclaw-YYYY-MM-DD.log
```
pairing stores under
```
~/.openclaw/credentials/
```

仔细审计并讨论以下路径，但不要索要原始内容：

```
~/.openclaw/openclaw.json
```
```
~/.openclaw/secrets.json
```

~/.openclaw/agents/<agentId>/agent/auth-profiles.json

~/.openclaw/agents/<agentId>/sessions/*.jsonl

```
/tmp/openclaw/openclaw-YYYY-MM-DD.log
```
```
~/.openclaw/credentials/
```
下的配对存储文件

Platform-specific guidance

平台专属指南

Load the matching playbook when the environment is clear:

macOS host / Mac mini ->
```
references/platform-mac-mini.md
```
personal laptop ->
```
references/platform-personal-laptop.md
```
Docker / Compose ->
```
references/platform-docker.md
```
EC2 / VPS ->
```
references/platform-aws-ec2.md
```

明确环境后加载对应的操作手册：

macOS主机 / Mac mini ->
```
references/platform-mac-mini.md
```
个人笔记本电脑 ->
```
references/platform-personal-laptop.md
```
Docker / Compose ->
```
references/platform-docker.md
```
EC2 / VPS ->
```
references/platform-aws-ec2.md
```

Deliverable format

交付物格式

Use

assets/report-template.md

or the rendered report from

{baseDir}/scripts/render_report.py

The final deliverable should include:

executive summary
environment overview
findings table with redacted evidence
sequenced remediation plan
verification commands
residual risk / operational practices

使用

assets/report-template.md

或

{baseDir}/scripts/render_report.py

生成的报告。

最终交付物应包含：

执行摘要
环境概述
包含脱敏证据的检测结果表格
按顺序排列的修复计划
验证命令
剩余风险 / 操作建议

Troubleshooting notes

故障排除说明

“openclaw: command not found”

Confirm the CLI is installed and on
```
PATH
```
.
On Windows, prefer WSL2 for shell-driven audit flows.
Re-run the official install / update path, then retry
```
openclaw --version
```
.

确认CLI已安装且在
```
PATH
```
中。
在Windows上，优先使用WSL2执行基于Shell的审计流程。
重新运行官方安装 / 更新流程，然后重试
```
openclaw --version
```
。

“Gateway won’t start — configuration invalid”

OpenClaw now fails closed on invalid config keys, invalid values, or invalid types. That is intentional and security-relevant.

Use:

bash

openclaw doctor
openclaw doctor --fix

Even when the config is invalid, diagnostic commands such as

openclaw status

openclaw gateway status

openclaw gateway probe

, and

openclaw health

are still useful.

OpenClaw现在会在配置键无效、值无效或类型不匹配时终止启动。这是出于安全考虑的设计。

使用以下命令：

bash

openclaw doctor
openclaw doctor --fix

即使配置无效，

openclaw status

、

openclaw gateway status

、

openclaw gateway probe

和

openclaw health

等诊断命令仍然可用。

“Runtime: running” but “RPC probe: failed”

Trust the probe details, not just the supervisor status:

```
Probe target
```
```
Listening
```
```
Last gateway error
```

This often means service/config drift, auth mismatch, or a listener that is not actually reachable by the CLI.

信任探针详情而非仅看监控状态：

```
Probe target
```
```
Listening
```
```
Last gateway error
```

这通常意味着服务/配置不一致、认证不匹配或CLI无法实际访问监听器。

“Bot is online but DMs fail”

Check:

bash

openclaw channels status --probe
openclaw pairing list <channel>

Common root causes:

pending pairing approval
```
dmPolicy
```
too strict for the expected sender
provider-side permission or token drift

检查：

bash

openclaw channels status --probe
openclaw pairing list <channel>

常见根本原因：

待处理的配对审批
```
dmPolicy
```
对预期发送者过于严格
提供商侧权限或令牌失效

“Groups are silent”

Check:

```
groupPolicy
```
```
requireMention
```
```
mentionPatterns
```
audit findings about open groups combined with runtime/fs/elevated tools

检查：

```
groupPolicy
```
```
requireMention
```
```
mentionPatterns
```
关于开放群组结合runtime/fs/elevated工具的审计结果

Trigger tests (skill author sanity check)

触发测试（技能作者 sanity check）

Should trigger:

“Can you audit my OpenClaw setup for security?”
“My OpenClaw gateway is exposed through Tailscale Serve — is that okay?”
“Interpret my
```
openclaw security audit --deep --json
```
findings.”
“I’m running OpenClaw in Docker on a VPS; help me harden it.”
“Why is my OpenClaw Control UI complaining about origins and trusted proxies?”
“My bot is online but DMs don’t reply; can you audit pairing and access policy?”

Should not trigger:

generic macOS hardening unrelated to OpenClaw
generic Docker security unrelated to OpenClaw
general AWS or VPS hardening unrelated to OpenClaw
unrelated software audits

应触发本技能的场景：

“你能审计我的OpenClaw设置的安全性吗？”
“我的OpenClaw网关通过Tailscale Serve暴露，这样安全吗？”
“帮我解读
```
openclaw security audit --deep --json
```
的检测结果。”
“我在VPS上的Docker中运行OpenClaw，帮我加固它。”
“为什么我的OpenClaw Control UI会提示源和可信代理的问题？”
“我的Bot在线但不回复DM，你能审计配对和访问策略吗？”

不应触发本技能的场景：

与OpenClaw无关的通用macOS加固
与OpenClaw无关的通用Docker安全配置
与OpenClaw无关的通用AWS或VPS加固
无关软件的审计