LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-03-08 06:54:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,579 Commits 634 Branches 72 Tags
main
Commit Graph

43 Commits

Author SHA1 Message Date
Peter Steinberger
53a7e3b6e5 docs(security): clarify trusted operator control surfaces 2026-03-07 13:52:22 +00:00
Peter Steinberger
d4ec0ed3c7 docs(security): clarify trusted-local hardening-only cases 2026-03-02 23:28:54 +00:00
Peter Steinberger
cf5702233c docs(security)!: document messaging-only onboarding default and hook/model risk 2026-03-02 18:15:49 +00:00
Peter Steinberger
f8459ef46c docs(security): document sessions_spawn sandbox=require hardening 2026-03-02 01:29:19 +00:00
Agent
a374325fc2 docs(security): clarify local link-priming reports as out-of-scope 2026-03-01 22:34:32 +00:00
Peter Steinberger
58171c8918 docs(security): clarify parity-only command-risk reports 2026-02-26 22:37:12 +01:00
Peter Steinberger
f4391c1725 docs(security): clarify Teams fileConsent uploadUrl report scope 2026-02-26 17:58:38 +01:00
Peter Steinberger
9597cf1890 docs(security): scope obfuscation parity reports as hardening 2026-02-26 17:58:25 +01:00
Peter Steinberger
38c4944d76 docs(security): clarify trusted plugin boundary 2026-02-25 04:39:11 +00:00
Peter Steinberger
def993dbd8 refactor(tmp): harden temp boundary guardrails 2026-02-24 23:51:10 +00:00
Peter Steinberger
2d159e5e87 docs(security): document openclaw temp-folder boundary 2026-02-24 23:11:19 +00:00
Peter Steinberger
370d115549 fix: enforce workspaceOnly for native prompt image autoload 2026-02-24 14:47:59 +00:00
Peter Steinberger
f6afc8c5b6 docs(security): clarify host-side exec trust model defaults 2026-02-24 02:40:18 +00:00
Peter Steinberger
4032390572 docs(security): clarify trusted user-triggered local actions 2026-02-24 02:29:09 +00:00
Peter Steinberger
f0f886ecc4 docs(security): clarify gateway-node trust boundary in docs 2026-02-24 01:35:44 +00:00
Peter Steinberger
cfa44ea6b4 fix(security): make allowFrom id-only by default with dangerous name opt-in (#24907) 
* fix(channels): default allowFrom to id-only; add dangerous name opt-in

* docs(security): align channel allowFrom docs with id-only default
 2026-02-24 01:01:51 +00:00
Peter Steinberger
41b0568b35 docs(security): clarify shared-agent trust boundaries 2026-02-24 01:00:05 +00:00
Peter Steinberger
400220275c docs: clarify multi-instance recommendations for user isolation 2026-02-24 00:40:08 +00:00
Peter Steinberger
7d55277d72 docs: clarify operator trust boundary for shared gateways 2026-02-24 00:25:01 +00:00
Peter Steinberger
d68380bb7f docs(security): clarify exposed-secret report scope 2026-02-24 00:17:21 +00:00
Peter Steinberger
7b4d2cb5cb docs(security): clarify trusted-config dos scope 2026-02-23 23:57:26 +00:00
Peter Steinberger
9af3ec92a5 fix(gateway): add HSTS header hardening and docs 2026-02-23 19:47:29 +00:00
Peter Steinberger
b13fc7eccd docs(security): clarify workspace memory trust boundary 2026-02-22 11:22:29 +01:00
Peter Steinberger
de2e5c7b74 docs(security): clarify dangerous control-ui bypass policy 2026-02-22 10:11:46 +01:00
Peter Steinberger
17c9d550e9 docs: clarify sessionKey trust boundary in security policy 2026-02-22 08:21:53 +01:00
Peter Steinberger
810218756d docs(security): clarify trusted-host deployment assumptions 2026-02-21 12:53:12 +01:00
Peter Steinberger
2e421f32df fix(security): restore trusted plugin runtime exec default 2026-02-19 16:01:29 +01:00
Peter Steinberger
808a60d3bd docs: clarify intentional network-visible canvas model in security policy 2026-02-19 14:25:41 +01:00
Peter Steinberger
5e7c3250cb fix(security): add optional workspace-only path guards for fs tools 2026-02-14 23:50:24 +01:00
Peter Steinberger
24d2c6292e refactor(security): refine safeBins hardening 2026-02-14 19:59:13 +01:00
Peter Steinberger
6a386a7886 docs(security): clarify canvas host exposure and auth 2026-02-14 14:57:19 +01:00
Peter Steinberger
e21a7aad54 docs: recommend loopback-only gateway bind 2026-02-14 12:36:32 +01:00
Jamieson O'Reilly
0657d7c772 docs: expand vulnerability reporting guidelines in SECURITY.md 2026-02-10 15:39:04 +11:00
theonejvo
74fbbda283 docs: add security & trust documentation 
Add threat model (MITRE ATLAS), contribution guide, and security
directory README. Update SECURITY.md with trust page reporting
instructions and Jamieson O'Reilly as Security & Trust.

Co-Authored-By: theonejvo <theonejvo@users.noreply.github.com>
 2026-02-08 21:53:05 +11:00
Armin Ronacher
a767c584c7 Add prompt injection attacks to out of scope section 2026-01-31 13:17:24 +01:00
Peter Steinberger
2cdfecdde3 docs: clarify security scope 2026-01-30 21:51:28 +01:00
Peter Steinberger
9a7160786a refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
Peter Steinberger
6d16a658e5 refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
Peter Steinberger
83460df96f chore: update molt.bot domains 2026-01-27 12:21:01 +00:00
Peter Steinberger
8b56f0e68d docs: warn against public web binding 2026-01-27 03:30:34 +00:00
rhuanssauro
592930f10f security: apply Agents Council recommendations 
- Add USER node directive to Dockerfile for non-root container execution
- Update SECURITY.md with Node.js version requirements (CVE-2025-59466, CVE-2026-21636)
- Add Docker security best practices documentation
- Document detect-secrets usage for local security scanning

Reviewed-by: Agents Council (5/5 approval)
Security-Score: 8.8/10
Watchdog-Verdict: SAFE WITH CONDITIONS

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-26 13:39:14 +00:00
Dan Guido
48aea87028 feat: add prek pre-commit hooks and dependabot (#1720) 
* feat: add prek pre-commit hooks and dependabot

Pre-commit hooks (via prek):
- Basic hygiene: trailing-whitespace, end-of-file-fixer, check-yaml, check-added-large-files, check-merge-conflict
- Security: detect-secrets, zizmor (GitHub Actions audit)
- Linting: shellcheck, actionlint, oxlint, swiftlint
- Formatting: oxfmt, swiftformat

Dependabot:
- npm and GitHub Actions ecosystems
- Grouped updates (production/development/actions)
- 7-day cooldown for supply chain protection

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* docs: add prek install instruction to AGENTS.md

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-25 10:53:23 +00:00
Peter Steinberger
ca1902fb4e feat(security): expand audit and safe --fix 2026-01-15 05:31:43 +00:00