82b5aa3646
Maps the gap between the security assessment article and actual repo configuration. 6 tasks to make this repo demonstrable proof that Claude Code handles OpenClaw security challenges. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
87 lines
3 KiB
Markdown
87 lines
3 KiB
Markdown
# Hardening Plan: Claude Code Complete Agent
|
|
|
|
Make this repo a demonstrable proof that Claude Code handles
|
|
OpenClaw's security challenges — not just a claim, but evidence.
|
|
|
|
## Context
|
|
|
|
`security/openclaw-security-assessment.md` documents 9 OpenClaw
|
|
CVEs and maps them to Claude Code mitigations. But the repo itself
|
|
doesn't yet demonstrate these mitigations. The hooks are demo
|
|
shell scripts, settings.json is basic, and no scan data exists.
|
|
|
|
## Tasks
|
|
|
|
### 1. Harden settings.json
|
|
|
|
Replace the demo allow/deny lists with a production-quality
|
|
permission model that maps to specific OpenClaw CVEs.
|
|
|
|
**Current state:** Basic glob patterns (`Bash(ls:*)`, `Bash(rm -rf *)`)
|
|
**Target state:** Scoped permissions with clear security rationale
|
|
|
|
File: `.claude/settings.json`
|
|
|
|
Reference: llm-security `reference-config-generator.mjs` output
|
|
for what Grade A looks like.
|
|
|
|
### 2. Upgrade hooks to production quality
|
|
|
|
The current `hooks/pre-tool-use.sh` and `hooks/post-tool-use.sh`
|
|
are demo bash scripts with grep-based pattern matching. Replace
|
|
with hooks that demonstrate real security patterns.
|
|
|
|
**Option A:** Document which llm-security hooks cover which CVEs
|
|
and recommend users install the llm-security plugin.
|
|
|
|
**Option B:** Include lightweight standalone hooks in this repo
|
|
that demonstrate the patterns (not the full llm-security suite).
|
|
|
|
Option A is more honest. Option B duplicates work.
|
|
|
|
Files: `hooks/`, `.claude/settings.json` (hook config)
|
|
|
|
### 3. Create CVE-to-mitigation mapping
|
|
|
|
Add a document that explicitly connects each OpenClaw CVE to
|
|
the specific Claude Code feature or configuration that prevents it.
|
|
|
|
| CVE | Attack | Claude Code defense | Where configured |
|
|
|-----|--------|-------------------|------------------|
|
|
| CVE-2026-22172 | Client self-declares scope | Single-user, no scope model | Architecture |
|
|
| CVE-2026-25253 | WebSocket hijack | No gateway/port | Architecture |
|
|
| CVE-2026-32048 | Sandbox child escape | Permission hooks | settings.json |
|
|
| CVE-2026-30741 | Prompt injection RCE | pre-prompt-inject-scan | llm-security plugin |
|
|
| ... | ... | ... | ... |
|
|
|
|
File: `security/cve-mitigation-map.md`
|
|
|
|
### 4. Run security scan and include results
|
|
|
|
Run `/security posture` and `/security scan` against the repo.
|
|
Include the results as documentation (not raw JSON — formatted
|
|
summary with grade).
|
|
|
|
File: `security/scan-results.md`
|
|
|
|
### 5. Update security/README.md
|
|
|
|
Add the new documents to the index. Rewrite the intro to
|
|
position the security/ directory as evidence, not just docs.
|
|
|
|
### 6. Update README.md security section
|
|
|
|
Reference the scan results and CVE mapping. The security section
|
|
should answer: "How do I know this is actually secure?"
|
|
|
|
## Verification
|
|
|
|
- [ ] `settings.json` has scoped permissions (not `Bash(*)`)
|
|
- [ ] Each OpenClaw CVE maps to a specific defense in this repo
|
|
- [ ] Security scan results included and show Grade B or higher
|
|
- [ ] README security section references evidence, not just claims
|
|
- [ ] All changes committed and pushed to Forgejo
|
|
|
|
## Estimated scope
|
|
|
|
6 files modified/created. One session. No dependencies added.
|