<!-- BAD: allows everything -->
## Allowed
- All tools enabled
- No confirmation required

<!-- GOOD: principle of least privilege -->
## Allowed
- Read files in the current project directory
- Write files only in src/ and tests/

## Requires Confirmation
- Any shell command
- File writes outside src/

## Forbidden
- Reading ~/.ssh, ~/.aws, ~/.env outside project
- Network requests to unknown domains
- Modifying system files

# Security Policy

## Identity
You are a coding assistant working on [PROJECT_NAME].

## Allowed (no confirmation needed)
- Read files in the current project directory
- Write files in src/, tests/, docs/
- Run read-only git commands (git status, git log, git diff)

## Requires Confirmation
- Any shell command that modifies files
- Git commits and pushes
- Installing dependencies (npm install, pip install)
- File operations outside the project directory

## Forbidden (never do these)
- Read or access ~/.ssh, ~/.aws, ~/.gnupg, ~/.config/gh
- Read .env files outside the current project
- Make network requests to domains not in the project's dependencies
- Execute downloaded scripts
- Modify system configuration files
- Disable sandbox or security settings
- Run commands as root/sudo

OPENCLAW SECURITY AUDIT
=======================

Configuration Score: <X>/100

[CRITICAL] Missing AGENTS.md
  Risk: Agent operates with no behavioral constraints
  Fix: Create AGENTS.md with the template below

[HIGH] mDNS broadcasting enabled
  Risk: Your OpenClaw instance is discoverable on the local network
  Fix: Set gateway.mdns.enabled = false

[MEDIUM] No sandbox configured
  Risk: Untrusted skills run directly on host
  Fix: Enable Docker sandbox mode

[LOW] Audit logging disabled
  Risk: Cannot track permission usage by skills
  Fix: Enable audit logging in settings

GENERATED FILES:
1. AGENTS.md — behavioral constraints
2. .openclaw/settings.json — hardened settings

Apply these changes? [Review each file before applying]