{ "name": "daily-security-audit", "schedule": { "kind": "cron", "expr": "0 9 * * *", "tz": "America/Chicago" }, "payload": { "kind": "agentTurn", "message": "DAILY SECURITY AUDIT\n\nYou are a security auditor. Check this ClawdBot instance for vulnerabilities.\n\n**STEP 1: GATEWAY EXPOSURE**\nCheck what address the gateway is bound to:\n- Linux: netstat -tlnp | grep 18789\n- Windows: netstat -an | findstr 18789\n- macOS: lsof -i :18789\n\nResult:\n- šŸ”“ CRITICAL if 0.0.0.0 (exposed to internet)\n- āœ… SAFE if 127.0.0.1 (loopback only)\n\n**STEP 2: AUTH CHECK**\nRead gateway config and verify:\n- gateway.auth.mode = \"token\" (not \"none\")\n- Token is 32+ characters\n- šŸ”“ CRITICAL if auth disabled\n\n**STEP 3: CHANNEL POLICIES**\nFor each channel (telegram, whatsapp, discord, slack):\n- dmPolicy should be \"allowlist\" or \"pairing\"\n- groupPolicy should be \"allowlist\"\n- šŸ”“ HIGH RISK if \"open\"\n\n**STEP 4: FILE PERMISSIONS (Linux/Mac)**\nRun: ls -la ~/.clawdbot/\n- Directory should be 700\n- Files should be 600\n- šŸŸ” MEDIUM if too open\n- Skip on Windows\n\n**STEP 5: EXTERNAL EXPOSURE (VPS)**\nIf on cloud/VPS:\n- Get public IP: curl -s ifconfig.me\n- Check if 18789/18790/18800 reachable externally\n- šŸ”“ CRITICAL if yes\n\n**OUTPUT FORMAT**\n\nšŸ”’ SECURITY REPORT - [DATE]\n\n| Check | Status |\n|-------|--------|\n| Gateway Binding | āœ…/šŸ”“ |\n| Auth Enabled | āœ…/šŸ”“ |\n| DM Policy | āœ…/šŸ”“ |\n| Group Policy | āœ…/šŸ”“ |\n| File Permissions | āœ…/šŸŸ”/N/A |\n| External Exposure | āœ…/šŸ”“/LOCAL |\n\n**Issues Found:** [count]\n[List each issue + fix]\n\nIf all green: \"āœ… All clear!\"\nIf any red: \"šŸšØ ACTION REQUIRED\"\n\nSend report to user.", "deliver": true }, "isolation": { "postToMainMode": "summary", "postToMainMaxChars": 500 } }