82b5aa3646
Maps the gap between the security assessment article and actual repo configuration. 6 tasks to make this repo demonstrable proof that Claude Code handles OpenClaw security challenges. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
3 KiB
Hardening Plan: Claude Code Complete Agent
Make this repo a demonstrable proof that Claude Code handles OpenClaw's security challenges — not just a claim, but evidence.
Context
security/openclaw-security-assessment.md documents 9 OpenClaw
CVEs and maps them to Claude Code mitigations. But the repo itself
doesn't yet demonstrate these mitigations. The hooks are demo
shell scripts, settings.json is basic, and no scan data exists.
Tasks
1. Harden settings.json
Replace the demo allow/deny lists with a production-quality permission model that maps to specific OpenClaw CVEs.
Current state: Basic glob patterns (Bash(ls:*), Bash(rm -rf *))
Target state: Scoped permissions with clear security rationale
File: .claude/settings.json
Reference: llm-security reference-config-generator.mjs output
for what Grade A looks like.
2. Upgrade hooks to production quality
The current hooks/pre-tool-use.sh and hooks/post-tool-use.sh
are demo bash scripts with grep-based pattern matching. Replace
with hooks that demonstrate real security patterns.
Option A: Document which llm-security hooks cover which CVEs and recommend users install the llm-security plugin.
Option B: Include lightweight standalone hooks in this repo that demonstrate the patterns (not the full llm-security suite).
Option A is more honest. Option B duplicates work.
Files: hooks/, .claude/settings.json (hook config)
3. Create CVE-to-mitigation mapping
Add a document that explicitly connects each OpenClaw CVE to the specific Claude Code feature or configuration that prevents it.
| CVE | Attack | Claude Code defense | Where configured |
|---|---|---|---|
| CVE-2026-22172 | Client self-declares scope | Single-user, no scope model | Architecture |
| CVE-2026-25253 | WebSocket hijack | No gateway/port | Architecture |
| CVE-2026-32048 | Sandbox child escape | Permission hooks | settings.json |
| CVE-2026-30741 | Prompt injection RCE | pre-prompt-inject-scan | llm-security plugin |
| ... | ... | ... | ... |
File: security/cve-mitigation-map.md
4. Run security scan and include results
Run /security posture and /security scan against the repo.
Include the results as documentation (not raw JSON — formatted
summary with grade).
File: security/scan-results.md
5. Update security/README.md
Add the new documents to the index. Rewrite the intro to position the security/ directory as evidence, not just docs.
6. Update README.md security section
Reference the scan results and CVE mapping. The security section should answer: "How do I know this is actually secure?"
Verification
settings.jsonhas scoped permissions (notBash(*))- Each OpenClaw CVE maps to a specific defense in this repo
- Security scan results included and show Grade B or higher
- README security section references evidence, not just claims
- All changes committed and pushed to Forgejo
Estimated scope
6 files modified/created. One session. No dependencies added.