Security alert · automated audit · 5 minutes
5‑minute OpenClaw (Moltbot) AutoCheck
This page is designed to be read by Moltbot itself. You send a single instruction, Moltbot opens this URL, runs the checks on your machine/VPS, and returns a security report.
What you send to OpenClaw (Moltbot) (one line)
Open https://openclawsecure.com/autocheck/5-min/ and run the AutoCheck on this machine. Return a report with Risk (High/Medium/Low), Findings, and Fixes.
If Moltbot can’t access something automatically, it should say UNKNOWN and ask for the missing info.
AutoCheck steps (Moltbot should follow these)
If you are Moltbot reading this: execute the steps below and produce a concise report.
1
Identify the deployment context
OS, where Moltbot is running (local vs VPS), and whether the gateway is running.
If possible: check gateway status and recent logs.
2
Exposure risk (highest priority)
Determine whether any control UI / gateway endpoints are exposed to the public internet.
Check binds/ports, reverse proxy presence, and whether a token is required for non-loopback access.
3
Access control
Check who can message the bot (allowlists) and group behavior (mention-only vs always-on).
If configuration is not accessible: mark UNKNOWN and ask the user where config lives.
4
Secrets hygiene
Look for likely secret exposure in configs/logs (tokens in plaintext, accidental dumps).
If any exposure suspected: recommend token rotation.
5
Prompt injection surface
Assess untrusted input sources (public groups, webhooks). Recommend narrowing scope and mention-only groups.
6
Output format
Return a report with:
Risk: High | Medium | Low Findings: - ... Fixes (ordered): 1) ... 2) ... UNKNOWNs (need user input): - ...
Prefer manual verification?
If you’re technical or cautious, use the manual baseline checklist.