# Security Scan — 2026-04-06

## File Permissions

## Exposed Keys in Markdown
  None found

## OpenClaw Security Audit
OpenClaw security audit
Summary: 0 critical · 5 warn · 1 info
Run deeper: openclaw security audit --deep

WARN
gateway.trusted_proxies_missing Reverse proxy headers are not trusted
  gateway.bind is loopback and gateway.trustedProxies is empty. If you expose the Control UI through a reverse proxy, configure trusted proxies so local-client checks cannot be spoofed.
  Fix: Set gateway.trustedProxies to your proxy IPs or keep the Control UI local-only.
tools.exec.auto_allow_skills_enabled autoAllowSkills is enabled for exec approvals
  Implicit skill-bin allowlisting is enabled at:
- defaults.autoAllowSkills
- agents.oliver.autoAllowSkills
- agents.main.autoAllowSkills
- agents.coder.autoAllowSkills
This widens host exec trust beyond explicit manual allowlist entries.
  Fix: Disable autoAllowSkills in exec approvals and keep manual allowlists tight when you need explicit host-exec trust.
tools.exec.allowlist_interpreter_without_strict_inline_eval Interpreter allowlist entries are missing strictInlineEval hardening
  Interpreter/runtime allowlist entries were found without strictInlineEval enabled:
- agents.coder.allowlist: node*
  Fix: Set tools.exec.strictInlineEval=true (or per-agent tools.exec.strictInlineEval=true) when allowlisting interpreters like python, node, ruby, perl, php, lua, or osascript.
models.weak_tier Some configured models are below recommended tiers
  Smaller/older models are generally more susceptible to prompt injection and tool misuse.
- openrouter/anthropic/claude-haiku-4-5 (Haiku tier (smaller model)) @ agents.list.main.model
  Fix: Use the latest, top-tier model for any bot with tools or untrusted inboxes. Avoid Haiku tiers; prefer GPT-5+ and Claude 4.5+.
security.trust_model.multi_user_heuristic Potential multi-user setup detected (personal-assistant model warning)
  Heuristic signals indicate this gateway may be reachable by multiple users:
- channels.telegram.groupPolicy="allowlist" with configured group targets
Runtime/process tools are exposed without full sandboxing in at least one context.
Potential high-impact tool exposure contexts:
- agents.defaults (sandbox=off; runtime=[exec, process]; fs=[read, write, edit, apply_patch]; fs.workspaceOnly=false)
- agents.list.main (sandbox=off; runtime=[exec, process]; fs=[read, write, edit, apply_patch]; fs.workspaceOnly=false)
- agents.list.oliver (sandbox=off; runtime=[exec, process]; fs=[read, write, edit, apply_patch]; fs.workspaceOnly=false)
- agents.list.scout (sandbox=off; runtime=[off]; fs=[read, write, edit, apply_patch]; fs.workspaceOnly=false)
- agents.list.coder (sandbox=off; runtime=[exec, process]; fs=[read, write, edit, apply_patch]; fs.workspaceOnly=false)
- agents.list.marketer (sandbox=off; runtime=[off]; fs=[read, write, edit, apply_patch]; fs.workspaceOnly=false)
OpenClaw's default security model is personal-assistant (one trusted operator boundary), not hostile multi-tenant isolation on one shared gateway.
  Fix: If users may be mutually untrusted, split trust boundaries (separate gateways + credentials, ideally separate OS users/hosts). If you intentionally run shared-user access, set agents.defaults.sandbox.mode="all", keep tools.fs.workspaceOnly=true, deny runtime/fs/web tools unless required, and keep personal/private identities + credentials off that runtime.

INFO
summary.attack_surface Attack surface summary
  groups: open=0, allowlist=1
tools.elevated: enabled
hooks.webhooks: disabled
hooks.internal: disabled
browser control: enabled
trust model: personal assistant (one trusted operator boundary), not hostile multi-tenant on one shared gateway

## Git History Check
de7392c Nightly backup 2026-04-06
a560f70 Nightly backup 2026-04-05
b630e0d Nightly backup 2026-04-03
9d72db4 Manual backup 2026-04-02
c196c21 Initial Oliver workspace snapshot

## Permissions Auto-Fixed
  chmod 600 applied to .env and .key files
## New Files This Week
/Users/oliverai/.openclaw/workspace-oliver/WEALTH.md
/Users/oliverai/.openclaw/workspace-oliver/USER.md
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/95/f39f8ad82780725ac7024971f16fc80c6839a0
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/67/0ffaa1ef8f3604bed30c62c0085a5c50ae36cf
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/5f/089d3f2f8ff1741bbbb081e7d01b47a79a9d29
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/b5/c8542b7fb18b263826c1672f08e74a7dd5e233
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/b5/424c47c799636cc2964bb66f55262c133d72bb
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/d9/7a1e55b90822289ea5b8091cfaaa9918360d05
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/bb/db7f663753cd4f7ebb60050b2e5cdbab2578f9
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/a5/28dc4548e135b1cec3297de5c4b43dde4e169d
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/ab/b284bfb099342b35434e1e206e1a75b91fe4e7
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/eb/70324e8fa6ef6645e414083f7c063b78a1dff9
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/11/8804f9d7df4097c0ce076d96629008149548e5
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/89/5899a925e6e4e10591c454ef5f5f1444eb9657
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/74/f6738e58a8982d65581403b74bbd3473f8c77f
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/17/c4cdb341cbad44e91d0c9263575f2437052cf3
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/10/1eeb9fea9f170b4efb64d651fef65469caa397
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/4c/92a8570de8248182421d09773ecd3a95fe66bd
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/00/816ca7de6d409d336dc1b002ff52e211cfc383
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/08/031edec51651a86ab3be94ea3193ad4fb904d0
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/64/d927cae45ecd34e42edca33015152a21e8930c
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/b8/71a00bd58458f72f25ae60b9d7f9613b5c0d62
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/b7/d3b6bc571e5c8eba5230e0fc2453293912c9a9
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/de/7392ce8a0eb09707bf093c148e86d90dabb946
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/e6/9de29bb2d1d6434b8b29ae775ad8c2e48c5391
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/f1/05d78c96203c7a1744f9fecdb0a910eb17fa82
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/f8/e719e7d4b54c4dfc7498753ff9b35f5fb36a48
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/70/65633c4f8afc2783ee88eede626ff2fc3269f4
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/76/ef864ac24c3fce1f0059ad5d43863c0229c355
/Users/oliverai/.openclaw/workspace-oliver/.git/objects/8e/f03957366107d21c2aa477361ad008d6db658c
/Users/oliverai/.openclaw/workspace-oliver/.git/logs/HEAD
/Users/oliverai/.openclaw/workspace-oliver/.git/logs/refs/heads/main
/Users/oliverai/.openclaw/workspace-oliver/.git/logs/refs/remotes/origin/main
/Users/oliverai/.openclaw/workspace-oliver/.git/refs/heads/main
/Users/oliverai/.openclaw/workspace-oliver/.git/refs/remotes/origin/main
/Users/oliverai/.openclaw/workspace-oliver/.git/index
/Users/oliverai/.openclaw/workspace-oliver/.git/COMMIT_EDITMSG