Setup ClawdBot Securely: A Step-by-Step Hardening Guide for AI Assistants
Step-by-step guide to setting up ClawdBot securely on a VPS - SSH lockdown, Tailscale VPN, firewall rules, command whitelisting, sandbox mode, and prompt injection defense.
By Clay Agents Team
ClawdBot is an open-source AI assistant that runs on your own server and connects to messaging apps like Telegram, WhatsApp, or Discord. It can read emails, manage files, and run shell commands on your behalf. Because it has direct access to your server and API tokens, a misconfigured ClawdBot instance can expose API keys, email access, and file permissions directly to the internet.
This guide walks you through the complete security hardening process - from initial VPS setup to production deployment with maximum security.
Step 1: SSH Lockdown
Start with SSH hardening. Disable password authentication and require SSH keys only. Change the default SSH port from 22. Configure fail2ban to block brute-force attempts. Set AllowUsers to your specific username. These steps alone eliminate the majority of automated attacks that target VPS instances.
Step 2: Tailscale VPN Setup
Tailscale creates a private VPN mesh network that makes your ClawdBot server reachable only from your own devices. Without it, the ClawdBot gateway port is exposed to the public internet, allowing anyone to potentially message your bot and issue commands to your server. With Tailscale, SSH, web ports, and the ClawdBot gateway are restricted to the 100.64.0.0/10 Tailscale network range.
Step 3: Command Whitelisting and Sandbox Mode
Configure ClawdBot's command whitelist to allow only approved commands. This prevents prompt injection attacks from executing arbitrary system commands. Enable sandbox mode for risky operations - it adds an additional approval layer before executing shell commands. Scope all API tokens to minimum required permissions.
Step 4: Prompt Injection Defense
Prompt injection is a real threat - in one documented case, a hidden instruction in an email caused ClawdBot to delete all emails including the trash folder. Defense requires multiple layers: use Claude Opus 4.5 which Anthropic trained to resist prompt injection (approximately 99% resistance in internal testing), enable command whitelisting, run risky operations in sandbox mode, and scope all API tokens to minimum permissions.
Frequently Asked Questions
What is ClawdBot and why does it need security hardening?
ClawdBot is an open-source AI assistant that runs on your own server and connects to messaging apps. Because it has direct access to your server and API tokens, a misconfigured instance can expose your infrastructure to the internet.
How do you protect ClawdBot from prompt injection attacks?
Use Claude Opus 4.5 (trained to resist prompt injection), enable command whitelisting, run risky operations in sandbox mode, and scope all API tokens to minimum permissions.
Why should you use Tailscale with ClawdBot?
Tailscale creates a private VPN mesh network that makes your ClawdBot server reachable only from your own devices, preventing public internet access to the gateway port.
What are the most common ClawdBot setup errors?
Common errors: "no auth configured" (re-run clawdbot onboard), bot not responding (approve pairing via clawdbot pairing list), "node: command not found" (install Node.js 22+), gateway won't start (run clawdbot doctor).
Should you add ClawdBot to group chats?
No. Never add ClawdBot to group chats - every person in that group can issue commands to your server. Configure ClawdBot with dmPolicy: allowlist and restrict messaging to only your own Telegram ID.