open/claude-code-complete-agent
1
0
Fork 0
Code Activity Actions
claude-code-complete-agent/security
History
Exact
Kjell Tore Guttormsen 841cd32c66 feat(security): harden repo with scoped permissions, CVE mapping, and scan evidence 
Settings.json: 16 scoped Bash grants (was 6 wildcards), 26-pattern deny list (was 5).
CVE mapping: all 9 OpenClaw CVEs mapped to specific defenses with layer documentation.
Scan results: posture Grade D (expected without llm-security), deep scan 0 critical/high.
Hooks README: Option A — document llm-security hooks, recommend plugin installation.
README: evidence-based security section with scan data and verification instructions.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-05 23:58:59 +02:00
..
auto-mode-explained.md feat: add Computer Use, Remote Control, Auto Mode, and Cowork integration 2026-03-26 10:04:05 +01:00
cve-mitigation-map.md feat(security): harden repo with scoped permissions, CVE mapping, and scan evidence 2026-04-05 23:58:59 +02:00
hook-based-guardrails.md feat: initial companion repo for OpenClaw vs Claude Code article 2026-03-26 09:47:29 +01:00
nemoclaw-comparison.md feat: initial companion repo for OpenClaw vs Claude Code article 2026-03-26 09:47:29 +01:00
openclaw-security-assessment.md docs(security): add OpenClaw vs Claude Code security assessment 2026-04-05 23:38:34 +02:00
permission-modes-explained.md feat: add Computer Use, Remote Control, Auto Mode, and Cowork integration 2026-03-26 10:04:05 +01:00
README.md feat(security): harden repo with scoped permissions, CVE mapping, and scan evidence 2026-04-05 23:58:59 +02:00
scan-results.md feat(security): harden repo with scoped permissions, CVE mapping, and scan evidence 2026-04-05 23:58:59 +02:00

README.md

Security

This directory contains evidence that Claude Code handles the security challenges documented in OpenClaw's CVE disclosures (March 2026). Not just claims — scan data, CVE mappings, and reproducible configuration.

Documents

File What it covers
cve-mitigation-map.md Each OpenClaw CVE mapped to a specific Claude Code defense
scan-results.md Posture and deep scan results (reproducible, dated 2026-04-05)
openclaw-security-assessment.md Data-driven 10-category comparison with CVE analysis
permission-modes-explained.md The four permission modes and when to use each
auto-mode-explained.md Auto Mode: AI safety classifier for autonomous execution
hook-based-guardrails.md Building custom security with PreToolUse hooks
nemoclaw-comparison.md Honest comparison with NemoClaw's enterprise security

The evidence chain

  1. Architecture eliminates 4 CVEs — No gateway, no ports, no multi-user auth means CVE-2026-22172, CVE-2026-25253, CVE-2026-32025, and CVE-2026-32049 cannot occur. See cve-mitigation-map.md.

  2. Configuration blocks 5 CVEs — Scoped Bash permissions (16 grants, 26 deny patterns) and hook enforcement prevent the remaining attack vectors. See .claude/settings.json and hooks/README.md.

  3. Code is clean — Deep scan (10 scanners, 51 files): zero secrets, zero injection vectors, zero supply chain risk, zero Unicode attacks. See scan-results.md.

  4. The gap is documented — Posture Grade D without llm-security plugin, Grade B+ with it. The gap is runtime hook enforcement, not code or configuration quality. See scan-results.md.

How to verify

# Clone and scan yourself:
git clone https://git.fromaitochitta.com/open/claude-code-complete-agent.git
cd claude-code-complete-agent

# With llm-security plugin installed:
/security posture          # Configuration assessment
/security scan .           # Code-level scan
/security deep-scan .      # All 10 deterministic scanners

Honest gaps

  • No kernel isolation. NemoClaw (Landlock, seccomp, netns) provides stronger containment than hooks.
  • No network egress filtering. Use OS-level firewall rules.
  • Single-user only. No multi-tenant separation.

See nemoclaw-comparison.md for the full honest assessment.