ClawBridge is a desktop automation agent that controls mouse, keyboard, and browser on the user's actual machine. A security flaw in ClawBridge can mean full machine compromise — this is fundamentally different from a typical web application.

• Desktop UI (mouse, keyboard, screenshots)
• Browser sessions (including logged-in sites)
• Local files (via browser or desktop automation)
• Network (via browser navigation)

• Prompt injection: Malicious content on websites or in documents could influence agent behavior
• Memory poisoning: Task results flow into agent memory, which influences future tasks
• Privilege inheritance: The agent runs with the same privileges as the user

• Action whitelist (computer-use engine has no shell/bash tool)
• Key combo blocklist (Win+R, Ctrl+Alt+Delete, Alt+F4, etc. blocked in engine and replay)
• Supervised mode with human approval for high-risk actions
• Safety scanning for credentials, PII, and injection patterns
• Safety redaction on personality/memory context before LLM injection
• Policy modes (permissive, guarded, strict)
• Replay concurrency lock (asyncio.Lock prevents race conditions)
• Gateway localhost-only binding (127.0.0.1)
• Minimal subprocess environment (no env variable leakage)
• Audit logging of all task events
• Dashboard authentication (token-based, CSRF protection)
• WebSocket origin validation (blocks cross-origin hijacking)
• CORS restricted to localhost origins only
• Rate limiting on login and task submission endpoints
• Security response headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy)
• Host binding guard (refuses 0.0.0.0 without auth token)

If you discover a security vulnerability in ClawBridge, please report it responsibly:

1. Do NOT open a public GitHub issue for security vulnerabilities
2. Use GitHub Private Vulnerability Reporting — go to the Security tab in the repo and click Report a vulnerability
3. Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

We aim to acknowledge reports within 48 hours and provide a fix or mitigation plan within 7 days.

1. Set a dashboard token: Add DASHBOARD_TOKEN=<random-string> to your .env file
2. Use supervised mode for sensitive tasks: Set SUPERVISED_MODE=true in .env
3. Use strict policy mode when handling sensitive data: Set POLICY_MODE=strict
4. Don't paste API keys into task prompts — configure them in .env instead
5. Review agent actions — check the audit log in the dashboard regularly
6. Keep dependencies updated: Run npm install -g openclaw@latest periodically