Security Audit Checklist
Complete security audit checklist for Moltbot deployments. Interactive guide covering inbound access, tool permissions, network exposure, and browser controls.
Security Audit Checklist
Use this comprehensive checklist to audit your Moltbot security configuration. We recommend running this audit:
- Weekly for development environments
- Before production deployments
- After any configuration changes
- When adding new team members
Pro tip: Run
moltbot security auditfor automated checks that complement this manual review.
1. Inbound Access Audit
Control who can send messages to your agent.
DM Policies
- DM policies enabled -
dmPolicies.enabled: true - Deny by default active -
dmPolicies.denyByDefault: true - Allowlist reviewed - Only current team members listed
- No wildcard entries - Specific emails, no
*@domain.com
Group Allowlists
- Group policies enabled -
groupPolicies.enabled: true - Allowed groups minimal - Only necessary groups
- Mention gating active -
mentionGating: true
Verification Command
moltbot config show --section=access
# Review output for unexpected allowlist entries2. Tool Blast Radius
Limit potential damage from compromised sessions.
Elevated Tools Inventory
Check if these high-risk tools are enabled and properly restricted:
- Bash execution - Is
bashtool limited? - Computer control - Is
computertool sandboxed? - MCP tools - Are MCP servers vetted?
- File system access - Are paths restricted?
Sandbox Configuration
- Sandbox enabled - Running in isolated environment
- Resource limits set - CPU, memory, disk quotas
- Network isolation - Outbound connections limited
Tool Allowlist Review
moltbot tools list --elevated
# Should show only necessary elevated permissions3. Network Exposure Audit
Minimize attack surface from network access.
Gateway Binding
- Local binding - Gateway bound to
127.0.0.1 - No 0.0.0.0 binding - Never expose to all interfaces
- Port is non-standard - Not using obvious ports like 80, 443
Authentication
- Auth token enabled - Token-based authentication active
- Token is strong - At least 256-bit random token
- Token rotated recently - Within rotation policy period
- Token not in code - Using environment variables
Remote Node Audit
- Remote nodes inventoried - Know all connected nodes
- Unused nodes removed - No stale connections
- Secure tunnel used - Tailscale or similar, not public ports
Verification Commands
# Check binding
netstat -tlnp | grep moltbot
# Verify no public exposure
nmap -p YOUR_PORT YOUR_PUBLIC_IP
# Should show filtered/closed
# List remote nodes
moltbot nodes list4. Browser Control Audit
If your agent has browser access, verify these controls.
Remote Access Review
- Browser access justified - Needed for actual tasks
- Read-only when possible - Use read-only browser tools
- URL restrictions - Allowlist of permitted domains
Download Directory Configuration
- Downloads restricted - Specific directory, not ~/
- Directory is sandboxed - Isolated from sensitive files
- Auto-execute disabled - No automatic file execution
Verification
moltbot config show --section=browser
# Check download paths and restrictions5. Disk Hygiene
Protect sensitive files from agent access.
Permission Verification
# Check config file permissions (should be 600)
stat -c "%a %n" ~/.config/moltbot/*
# Check directory permissions (should be 700)
stat -c "%a %n" ~/.config/moltbot/- Config files: 600 - Owner read/write only
- Directories: 700 - Owner access only
- No world-readable files - Nothing with group/other access
Sensitive File Scan
- No secrets in config - Tokens use env vars
- No credentials cached - Clear old auth data
- .gitignore updated - Config excluded from repos
Symlink Check
# Find all symlinks in Moltbot directories
find ~/.config/moltbot -type l -ls
find ~/.local/share/moltbot -type l -ls
# Should return empty or expected links only- No suspicious symlinks - All links are expected
- Symlink following disabled -
followSymlinks: false
6. Plugin Review
Third-party plugins are a common attack vector.
Installed Extensions List
moltbot plugins list- All plugins recognized - No unknown plugins
- Unused plugins removed - Minimal plugin set
- Plugins from trusted sources - Verified publishers
Trust Assessment
For each installed plugin:
| Plugin | Source | Last Updated | Trusted? |
|---|---|---|---|
| core | official | current | ✅ |
| git | official | current | ✅ |
| … | … | … | … |
- Trust level set correctly -
verified-onlyrecommended - No deprecated plugins - All actively maintained
7. Model Hygiene
The AI model choice affects security posture.
Current Model Check
moltbot config show --section=model- Using recommended model - Opus 4.5 for complex tasks
- Not using small models - Avoid for sensitive operations
- Model version current - Latest patches applied
Prompt Injection Resistance
Different models have varying resistance to prompt injection:
| Model | Injection Resistance | Recommendation |
|---|---|---|
| Opus 4.5 | ⭐⭐⭐⭐⭐ | Production |
| Sonnet 4.5 | ⭐⭐⭐⭐ | Development |
| Haiku 4 | ⭐⭐ | Quick tasks only |
- Production uses Opus 4.5 - Best instruction-following
- Fallback model configured - Safe defaults if primary fails
Audit Results Summary
After completing this checklist:
Score Your Audit
| Section | Items Checked | Items Passed | Score |
|---|---|---|---|
| Inbound Access | 7 | _ | _% |
| Tool Blast Radius | 7 | _ | _% |
| Network Exposure | 10 | _ | _% |
| Browser Control | 6 | _ | _% |
| Disk Hygiene | 7 | _ | _% |
| Plugin Review | 5 | _ | _% |
| Model Hygiene | 5 | _ | _% |
| Total | 47 | _ | _% |
Risk Levels
- 90-100%: Excellent - Production ready
- 70-89%: Good - Address gaps before production
- 50-69%: Fair - Significant improvements needed
- Below 50%: Critical - Do not deploy until addressed
Automated Audit Script
Save time with this automated verification:
#!/bin/bash
# moltbot-audit.sh
echo "=== Moltbot Security Audit ==="
echo ""
# Check file permissions
echo "1. Checking file permissions..."
if [ "$(stat -c %a ~/.config/moltbot/config.json)" == "600" ]; then
echo " ✅ Config file permissions correct"
else
echo " ❌ Config file permissions incorrect"
fi
# Check gateway binding
echo "2. Checking gateway binding..."
if netstat -tlnp 2>/dev/null | grep moltbot | grep -q "127.0.0.1"; then
echo " ✅ Gateway bound to localhost"
else
echo " ⚠️ Gateway may be publicly exposed"
fi
# Check for symlinks
echo "3. Checking for symlinks..."
SYMLINKS=$(find ~/.config/moltbot -type l 2>/dev/null | wc -l)
if [ "$SYMLINKS" -eq 0 ]; then
echo " ✅ No symlinks found"
else
echo " ⚠️ Found $SYMLINKS symlinks - review manually"
fi
# Run built-in audit
echo "4. Running built-in security audit..."
moltbot security audit
echo ""
echo "=== Audit Complete ==="Next Steps
- Failed items? See our Gateway Hardening Guide for fixes
- Need monitoring? Check our Security Tools recommendations
- Questions? Review Prompt Injection Defense
Schedule this audit regularly. Security threats evolve—your defenses should too.
Frequently Asked Questions
How often should I run a security audit?
Run audits weekly for development environments, before production deployments, after configuration changes, and when adding new team members.
What does the moltbot security audit command check?
It checks file permissions, gateway binding, authentication status, tool permissions, and common misconfigurations automatically.
What's a good security audit score?
90-100% is excellent and production-ready. 70-89% is good but address gaps before production. Below 70% requires significant improvements before deployment.