自托管 OpenClaw 安装后问题
它不去管所有 AI 安全问题,只盯着 OpenClaw 安装后最容易变乱的那几个点:暴露面、认证、权限和技能边界。
M78Armor妙手甲堡
M78Armor 只盯 OpenClaw 安装后最容易乱掉的那几件事。你不需要再看一堆大而全的说法。先把实例看清,再决定怎么改。
M78Armor stays on the problems that show up after OpenClaw is installed. You do not need another big platform promise. You need a local way to see the instance clearly and decide what to change next.
先看清实例,再决定要不要动手。
See the instance clearly. Then decide what to change.
M78Armor 现在保留两个独立套件层:OpenClaw 继续放在根站,Hermes 继续放在 /hermes/,两条购买路径不合并。
M78Armor now keeps two separate suite silos: OpenClaw stays at the root site, Hermes stays at /hermes/, and the conversion paths stay separate.
为什么这样做
WHY IT STAYS FOCUSED
为什么只盯这一段
Why it stays focused
M78Armor 只管 OpenClaw 安装后的检查、修正和回退,不把别的问题硬塞进来。
M78Armor stays on the part that usually goes wrong after OpenClaw is installed: review, fixes, backup, and rollback. It does not try to cover everything else.
Post-install OpenClaw problems
It does not try to cover every AI security problem. It stays on the points that most often turn an OpenClaw install into a mess: exposure, auth, permissions, and skill boundaries.
先看清,再动手
这套流程先让你看清,再决定怎么改。不是讲概念,而是把检查、修改、复核和留档说清楚。
See it clearly, then act
The workflow helps you see the problem first and then decide what to change. It is practical, and a team can actually run it.
改动更小,记录更清楚
M78Armor 关注的是最先影响局面的那几步:先把实例看清,收紧该收的地方,留住回退办法,再把记录留好。
Smaller actions, clearer records
M78Armor is built around the decisions that usually matter first: see the instance clearly, tighten what needs tightening, keep a way back, and leave a clear record.
当前产品线
PRODUCT LINE
3 个免费产品,加 1 个核心付费产品
3 free products, plus 1 core paid product
公开产品线很简单:3 个免费工具负责安装或检查,1 个付费产品负责本地修正、备份和回退。
The public line is simple: three free tools handle installation or review, and one paid product handles fixes, backup, and rollback.
免费检查清单
手工检查路径。先把实例看清,再决定下一步。
Free Checklist
The manual review path. See the instance clearly before deciding what to do next.
m78setup.sh
先把 OpenClaw 跑起来。它解决安装,不负责后面的收尾。
m78setup.sh
Gets OpenClaw running. It solves installation, not the fix work that comes after.
妙手甲堡 安全配置检查
本地只读检查。把明显风险挑出来,但不写入配置。
m78armor security configuration check
The local read-only check. It makes obvious risk visible without writing changes.
M78Armor Core / 妙手甲堡 核心版
本地修正、备份、回退和留档路径。公开付费入口只有它。
M78Armor Core
The local fixes, backup, rollback, and documentation path. It is the only paid product on the public site.
从免费资产到 Core
FROM FREE TO CORE
什么时候免费产品够用,什么时候该升级到 Core
When the free products are enough, and when Core makes sense
免费产品负责安装、手工检查和只读检查。真正容易失控的,是后面的修正、备份、回退准备和留档。Core 只管这一步。
The free products cover installation, manual review, and read-only checks. The part that usually gets messy is later: fixes, backup, rollback readiness, and records. Core handles that step.
还没装起来
OpenClaw 还没跑起来,就先上 m78setup.sh。先把实例拉起来。
Still need to get OpenClaw running
Start with m78setup.sh if OpenClaw is not running yet. Get the instance up first.
想先手工看一遍
想先按顺序看清问题,就先用免费检查清单。
Want a manual first pass
Start with the Free Checklist if you want to review things in the right order first.
想先做本地只读检查
想先看清明显风险,但先不写配置,就先用妙手甲堡 安全配置检查。
Want a local read-only check first
Start with m78armor security configuration check if you want obvious risk made clear before writing changes.
已经知道问题在哪
当问题已经看清,下一步是动手修正,而且你不想盲改时,再进 M78Armor Core。
Already know where the problems are
Move to M78Armor Core once the problems are clear and the next job is making changes without guessing.
边界
BOUNDARY
这条产品线不会假装成什么
What the product line does not pretend to be
它不是托管服务。
它不会替买家接管环境责任。
它不是 OpenClaw 官方产品。
它不承诺一键安全或一键合规。
它不会把配置、日志或密钥上传到云端服务。
它不是“完整安全平台”。
It is not a hosting service.
It does not take operational responsibility away from the buyer.
It is not an official OpenClaw product.
It does not promise one-click security or one-click compliance.
It does not upload configuration, logs, or secrets to a cloud service.
It is not a "complete security platform."
名称由来
WHY THE NAME EXISTS
为什么叫 M78 / 妙手甲堡
What Move 78 represents
Move 78 代表人在关键时刻的判断力
Move 78 represents human judgement under pressure
Move 78 指的是李世石对 AlphaGo 那盘棋中的著名转折手。它提醒我们:即使面对被算法、算力和概率压到近乎无解的局面,人类的创造力、直觉与判断力,仍然可能改写结果。
Move 78 refers to the famous turning move from the Lee Sedol versus AlphaGo match. It is a reminder that human ingenuity and judgement can still change the position even when algorithmic dominance looks overwhelming.
这也是 M78Armor 想表达的品牌含义:在复杂局面里,靠正确的技术判断和精确的动作,仍然可以把安全位置扭回来。
That is the connotation behind M78Armor: precise intervention, sound judgement, and the refusal to accept that a messy position must stay messy.
这个名字不是为了讲传奇,而是为了说明一种工程态度。自托管 OpenClaw 的安全,往往不是靠大口号解决,而是靠在关键时点做对几步:收暴露面、收认证边界、管技能来源、把过程留档。
The name is not there to tell a myth. It signals an engineering mindset. In self-hosted OpenClaw security, the outcome often changes because someone makes the right technical move at the right moment: close exposure, tighten authentication, control skills, and leave a clear record behind.
中国定位与合规边界
PRC POSITIONING AND COMPLIANCE BOUNDARY
面向中国运维场景的产品定位
Product positioning for PRC operator environments
下面这些话只做一件事:把 M78Armor 做什么、不做什么,以及它和数据、合规边界的关系讲清楚。
This section does one job: it makes the scope, the non-scope, and the data and compliance boundary explicit before you buy.
防御性服务器安全配置自动化工具
M78Armor 是面向服务器本地配置收敛的防御性自动化工具。它更接近把安全基线要求打包成可执行运维脚本,而不是做成持续监控平台。
Defensive server security-configuration automation
M78Armor is a defensive automation tool for converging local server configuration. It is closer to packaging a hardening baseline into an executable operations workflow than building a continuous monitoring platform.
不是扫描器、不是 VPN、不是入侵检测系统
它不会主动探测网络、不会监控流量、不会生成告警。它的作用范围是服务器本地配置文件,不涉及网络层流量操作。
Not a scanner, VPN, or intrusion detection system
It does not actively probe networks, monitor traffic, or generate alerts. Its operating scope is local server configuration files rather than network-layer traffic functions.
100% 本地执行,零数据外传
M78Armor 不收集数据,不做外部遥测,也不把用户数据传输出本地环境。所有操作都在用户自己的服务器或终端本地完成,配置、日志和密钥不会离开本地环境。
100% local execution, zero data export
M78Armor does not collect data, does not run external telemetry, and does not transmit user data out of the local environment. Operations stay on the user's own server or endpoint.
可参考等保 2.0 思路,但不替代法律判断
产品配置基线可参考等保 2.0 风格的整改思路,帮助团队准备内部检查、配置收敛和整改留档。这里对 CSL / PIPL / DSL / 等保的提及仅作信息说明,不构成法律意见;最终分类、销售口径和平台类目应以持牌法律顾问及平台合规团队意见为准。
Can reference MLPS 2.0 thinking, but does not replace legal classification
The configuration baseline can reference MLPS 2.0 style remediation thinking and help teams prepare internal checks, tighter configuration work, and documentation. References to CSL / PIPL / DSL / MLPS are informational only and do not constitute legal advice. Final classification, channel wording, and platform-category decisions should be confirmed with licensed counsel and platform compliance teams.
支持与联系
SUPPORT
购买路径和支持路径
Ordering path and support path
主要购买入口是 order.html。3 个免费产品各管安装或检查;公开付费入口只有 M78Armor Core,卖的是把事做完的那一步。
The main purchase path is order.html. The three free products cover installation or review. The only paid entry on the public site is M78Armor Core, and it is for getting the work done.
先走哪一条路径
如果你还在安装阶段,先看 m78setup.sh。
如果你还在手工检查或只读检查阶段,先看免费检查清单或 妙手甲堡 安全配置检查。
如果你已经准备本地修正,而且想先备份、留住回退路,就进 M78Armor Core 的订购页。
Which path to take first
If you are still in the installation stage, start with m78setup.sh.
If you are still in the manual or read-only review stage, start with the Free Checklist or m78armor security configuration check.
If you are ready to make local fixes and want backup first with a rollback path kept open, go to the M78Armor Core order page.
如何联系支持
书面支持、交付确认、下载问题、退款沟通或一般支持,请使用 support@m78armor.com。
How to contact support
Use support@m78armor.com for written questions, delivery confirmation, download issues, refund communication, or general support.
常见问题
FAQ
常见问题
Frequently Asked Questions
为什么公开产品线里只有一个付费产品?+
因为付费只放在真正动手的那一步。安装、手工检查和只读检查继续免费;需要修正、备份、回退和留档时,再进入 Core。
3 个免费产品会不会替代 Core?+
不会。它们负责安装或检查。Core 负责修正、备份、回退这一段。
M78Armor 是不是“完整安全解决方案”?+
不是。它是窄范围、本地优先的配置工具,不是假装包办全部安全问题的平台。
M78Armor 会不会把我的数据传输出去?+
不会。默认不上传配置、日志或密钥。产品线按本地优先原则设计。
Why is there only one paid product in the public line?+
Because payment starts only when the work turns into actual fixes. Installation, manual review, and read-only checks stay free. Move into Core when you need backup, rollback, and records as well.
Do the 3 free products replace Core?+
No. They cover installation or review. Core is for fixes, backup, and rollback.
Is M78Armor a complete security solution?+
No. It is a narrow local-first configuration tool, not a pretend all-in-one platform.
Does M78Armor send my data anywhere?+
No. Configuration, logs, and secrets are not uploaded by default. The product line is built around a local-first boundary.