README.md

Explain Clawdbot (Gemini Analysis)

This directory contains a breakdown of the Clawdbot framework, generated by Gemini agents for a beginner audience.

Table of Contents

1. What is Clawdbot?

   • A plain English explanation of the project.
   • Why it matters and who it is for.
   • The "Lobster" analogy.

2. How It Works (Technical Overview)

   • The Architecture: Gateway, Channels, Agents.
   • Data flow diagrams.
   • Key concepts: Sandboxing and Plugins.

3. Installation & Setup Guide

   • Scenario A: Standalone Mac Mini (Home Assistant).
   • Scenario B: Isolated VPS (Secure Cloud Bot).
   • Step-by-step instructions for both.

4. Privacy & Security

   • Data locality and ownership.
   • The "Pairing" system for access control.
   • Docker sandboxing for safe code execution.

5. Configuration Reference

   • clawdbot.json structure.
   • Critical security settings.
   • Environment variable overrides.

6. Security Audit Report (2026)

   • Analysis of 512 security findings by Argus Security.
   • Key risks: Plaintext token storage, webhook signature bypass, and race conditions.
   • Link to full remediation plan and active discussion.

7. Independent Security Audit (Saad Khalid)

   • Critical RCE: "Logic Bomb" allows agents to rewrite Docker startup commands via config.patch.
   • Auth Bypass: Agents can self-approve dangerous commands (missing role check in exec.approval.resolve).
   • Data Risks: Arbitrary file overwrite (nodes:screen_record) and arbitrary read (logs.tail).
   • Protocol Flaws: Token manipulation via pipe injection and environment variable hijacking (LD_PRELOAD).
   • Note: The reported DNS Rebinding (SSRF) appears mitigated in the current version via pinned dispatchers.