Audit the gateway's security posture

configuration & security

// what it does

openclaw security audit checks config for risky settings; --deep adds a live gateway probe and --fix applies safe remediations — flipping open group policies to allowlists, restoring redaction, and tightening file permissions to 600 for files and 700 for directories. Run it after config changes and before exposing any network surface.

// shell

$ openclaw security audit --deep
$ openclaw security audit --fix
$ openclaw security audit --json

// gotcha

--fix is conservative by design: it will not set tokens or change your bind mode, and it cannot second-guess an intentional dmPolicy: open. Read the audit output rather than assuming a clean --fix means safe.

// resources