OpenClaw Host Hardening

Overview

Assess and harden the host running OpenClaw, then align it to a user-defined risk tolerance without breaking access. Use OpenClaw security tooling as a first-class signal, but treat OS hardening as a separate, explicit set of steps.

Core rules

• Recommend running this skill with a state-of-the-art model (e.g., Opus 4.5, GPT 5.2+). The agent should self-check the current model and suggest switching if below that level; do not block execution.
• Require explicit approval before any state-changing action.
• Do not modify remote access settings without confirming how the user connects.
• Prefer reversible, staged changes with a rollback plan.
• Never claim OpenClaw changes the host firewall, SSH, or OS updates; it does not.
• If role/identity is unknown, provide recommendations only.
• Formatting: every set of user choices must be numbered so the user can reply with a single digit.
• System-level backups are recommended; try to verify status.

Workflow (follow in order)