自托管 OpenClaw 安全配置
它不是面向所有 AI 场景的“大而全”安全站点,而是围绕自托管 OpenClaw 的高频错误配置、暴露面和技能边界来设计。
M78Armor妙手甲堡
为想把 OpenClaw 安全做到位的团队而建。这个页面讲清楚五件事:这条产品线现在有什么、3 个免费产品和 Core 的关系、它不会假装成什么、为什么叫 M78 / 妙手甲堡,以及购买或支持问题该去哪里。
Built for teams that want to secure OpenClaw properly. This page explains five things clearly: what exists in the product line today, how the 3 free products relate to Core, what the product does not pretend to be, why the name M78 exists, and where to go for ordering or support.
3 个免费产品 + 1 个核心付费产品 · 本地运行 · 清晰留档
3 free products + 1 core paid product · runs locally · leaves a clear record
Operating model
OPERATING MODEL
这条产品线围绕什么来构建
What the line is built around
M78Armor 的范围故意收得很窄。它服务的是自己运行 OpenClaw、需要更短路径完成安全配置检查、收敛和留档的团队。现在的产品线也围绕这个目标展开:先解决安装与诊断,再进入真正的本地执行阶段。
M78Armor is intentionally narrow. It is built for teams running self-hosted OpenClaw and needing a shorter path from security-configuration review to remediation, convergence, and documentation. The product line follows that sequence: solve installation and diagnosis first, then move into actual local execution.
Self-hosted OpenClaw security configuration
This is not a broad AI-security website for every use case. It is built around self-hosted OpenClaw exposure, misconfiguration patterns, and skill boundaries.
技术审查加上可执行指引
这套流程把暴露面审查、边界收紧、操作指引和留档结构放在一起。目标不是讲大词,而是让团队更容易检查、修改、验证,并在事后说清楚。
Technical review with usable guidance
The workflow combines exposure review, boundary tightening, operator guidance, and evidence structure. The objective is not inflated language. The objective is a deployment that is easier to inspect, change, verify, and explain afterwards.
更小的动作,更清楚的记录
M78Armor 关注的是最先影响局面的那几步:暴露面、认证、运行边界、技能控制,以及做完之后拿得出来的记录材料。
Smaller actions, clearer records
M78Armor is built around the decisions that usually matter first: exposure, authentication, runtime boundaries, skill controls, and the records a team may need once the changes are made.
当前产品线
CURRENT PRODUCT LINE
3 个免费产品,加 1 个核心付费产品
3 free products, plus 1 core paid product
当前公开产品线已经收敛为 4 项:3 个免费资产负责安装、诊断和手工检查;1 个付费产品负责真正的本地执行。
The public product line is now intentionally reduced to 4 items: 3 free assets for installation, diagnosis, and manual inspection; 1 paid product for actual local execution.
免费检查清单
用于手工检查路径。适合先看清问题的团队。
Free Checklist
The manual inspection path for teams that want to understand the issues first.
m78setup.sh
用于把 OpenClaw 安装起来。它降低安装阻力,但不替代后续安全配置收敛。
m78setup.sh
The installation path for getting OpenClaw running, without replacing later configuration work.
妙手甲堡 安全配置检查
用于只读审计。它告诉你哪里有问题,但不替你执行修正。
m78armor security configuration check
The read-only audit path. It tells you where the problems are, but does not execute remediation.
M78Armor Core / 妙手甲堡 核心版
用于本地修正、备份、回滚和留档。它是当前唯一的付费产品。
M78Armor Core
The local execution path for remediation, backup, rollback, and documentation. It is the only paid product in the current public line.
从免费资产到 Core
FROM FREE ASSETS TO CORE
什么时候免费产品够用,什么时候该升级到 Core
When the free products are enough, and when Core makes sense
免费产品适合先解决安装、诊断和手工检查。真正耗时间的,通常不是“知道要查什么”,而是后面的本地修正、回滚准备、重复检查和留档。M78Armor Core 就是为这个阶段设计的。
The free products are for installation, diagnosis, and manual inspection first. The real time cost usually starts after that: local remediation, rollback preparation, repeated checks, and keeping a clear record of what changed. M78Armor Core is built for that stage.
还没装起来
先用 m78setup.sh。
Still need to get OpenClaw running
Start with m78setup.sh.
想先看清问题
先用免费检查清单。
Want to inspect issues first
Start with the Free Checklist.
想先做只读审计
先用 妙手甲堡 安全配置检查。
Want read-only audit first
Start with m78armor security configuration check.
已经知道问题在哪
升级到 M78Armor Core,把本地修正、备份、回滚和留档跑通。
Already know where the problems are
Move to M78Armor Core for local remediation, backup, rollback, and documentation.
Trust boundary
TRUST BOUNDARY
这条产品线不会假装成什么
What the product line does not pretend to be
它不是托管服务。
它不会替买家接管环境责任。
它不是 OpenClaw 官方产品。
它不承诺一键安全或一键合规。
它不会把配置、日志或密钥上传到云端服务。
它不是“完整安全平台”。
It is not a hosting service.
It does not take operational responsibility away from the buyer.
It is not an official OpenClaw product.
It does not promise one-click security or one-click compliance.
It does not upload configuration, logs, or secrets to a cloud service.
It is not a "complete security platform."
Why the name exists
WHY THE NAME EXISTS
为什么叫 M78 / 妙手甲堡
What Move 78 represents
Move 78 代表人在关键时刻的判断力
Move 78 represents human judgement under pressure
Move 78 指的是李世石对 AlphaGo 那盘棋中的著名转折手。它提醒我们:即使面对被算法、算力和概率压到近乎无解的局面,人类的创造力、直觉与判断力,仍然可能改写结果。
Move 78 refers to the famous turning move from the Lee Sedol versus AlphaGo match. It is a reminder that human ingenuity and judgement can still change the position even when algorithmic dominance looks overwhelming.
这也是 M78Armor 想表达的品牌含义:在复杂局面里,靠正确的技术判断和精确的动作,仍然可以把安全位置扭回来。
That is the connotation behind M78Armor: precise intervention, sound judgement, and the refusal to accept that a messy position must stay messy.
这个名字不是为了讲传奇,而是为了说明一种工程态度。自托管 OpenClaw 的安全,往往不是靠大口号解决,而是靠在关键时点做对几步:收暴露面、收认证边界、管技能来源、把过程留档。
The name is not there to tell a myth. It signals an engineering mindset. In self-hosted OpenClaw security, the outcome often changes because someone makes the right technical move at the right moment: close exposure, tighten authentication, control skills, and leave a clear record behind.
中国定位与合规边界
PRC POSITIONING AND COMPLIANCE BOUNDARY
面向中国运维场景的产品定位
Product positioning for PRC operator environments
以下表述用于帮助买家理解 M78Armor 做什么、不做什么,以及它和数据、合规边界之间的关系。目标是把产品定位讲清楚,而不是扩大产品能力。
This section helps buyers understand what M78Armor does, what it does not do, and how it relates to data handling and compliance boundaries. The point is precise product positioning, not inflated capability claims.
防御性服务器安全配置自动化工具
M78Armor 是面向服务器本地配置收敛的防御性自动化工具。它更接近把安全基线要求打包成可执行运维脚本,而不是做成持续监控平台。
Defensive server security-configuration automation
M78Armor is a defensive automation tool for converging local server configuration. It is closer to packaging a hardening baseline into an executable operations workflow than building a continuous monitoring platform.
不是扫描器、不是 VPN、不是入侵检测系统
它不会主动探测网络、不会监控流量、不会生成告警。它的作用范围是服务器本地配置文件,不涉及网络层流量操作。
Not a scanner, VPN, or intrusion detection system
It does not actively probe networks, monitor traffic, or generate alerts. Its operating scope is local server configuration files rather than network-layer traffic functions.
100% 本地执行,零数据外传
M78Armor 不收集数据,不做外部遥测,也不把用户数据传输出本地环境。所有操作都在用户自己的服务器或终端本地完成,配置、日志和密钥不会离开本地环境。
100% local execution, zero data export
M78Armor does not collect data, does not run external telemetry, and does not transmit user data out of the local environment. Operations stay on the user's own server or endpoint.
可参考等保 2.0 思路,但不替代法律判断
产品配置基线可参考等保 2.0 风格的整改思路,帮助团队准备内部检查、配置收敛和整改留档。这里对 CSL / PIPL / DSL / 等保的提及仅作信息说明,不构成法律意见;最终分类、销售口径和平台类目应以持牌法律顾问及平台合规团队意见为准。
Can reference MLPS 2.0 thinking, but does not replace legal classification
The configuration baseline can reference MLPS 2.0 style remediation thinking and help teams prepare internal checks, tighter configuration work, and documentation. References to CSL / PIPL / DSL / MLPS are informational only and do not constitute legal advice. Final classification, channel wording, and platform-category decisions should be confirmed with licensed counsel and platform compliance teams.
Support
SUPPORT
购买路径和支持路径
Ordering path and support path
主要购买路径是 order.html。3 个免费产品服务于不同阶段,但当前唯一的付费产品是 M78Armor Core。
The main purchase path is order.html. The 3 free products serve different stages, but the only paid product on the current public line is M78Armor Core.
先走哪一条路径
如果你还在安装阶段,先看 m78setup.sh。
如果你还在问题识别阶段,先看免费检查清单或 妙手甲堡 安全配置检查。
如果你已经准备执行本地修正,进入 M78Armor Core 的订购页。
Which path to take first
If you are still in the installation stage, start with m78setup.sh.
If you are still identifying issues, start with the Free Checklist or m78armor security configuration check.
If you are ready for local remediation, go to the M78Armor Core order page.
如何联系支持
书面支持、交付确认、下载问题、退款沟通或一般支持,请使用 support@m78armor.com。
How to contact support
Use support@m78armor.com for written questions, delivery confirmation, download issues, refund communication, or general support.
FAQ
FAQ
常见问题
Frequently Asked Questions
为什么公开产品线里只有一个付费产品?+
因为当前目标是先把直接数字购买路径跑通。M78Armor Core 是核心执行产品,负责本地修正、备份、回滚和留档。
3 个免费产品会不会替代 Core?+
不会。它们负责安装、诊断和手工检查。Core 负责真正的本地执行阶段。
M78Armor 是不是“完整安全解决方案”?+
不是。它是聚焦型安全配置工具包,目标是把最先该做的本地动作做对,而不是假装解决全部安全问题。
M78Armor 会不会把我的数据传输出去?+
不会。产品线按本地优先原则设计,不把配置、日志或密钥作为外传数据处理。
Why is there only one paid product in the public line?+
Because the current objective is to keep the direct digital purchase path simple. M78Armor Core is the core execution product for local remediation, backup, rollback, and documentation.
Do the 3 free products replace Core?+
No. They cover installation, diagnosis, and manual inspection. Core covers the actual local execution stage.
Is M78Armor a complete security solution?+
No. It is a focused security-configuration toolkit designed to get the most important local actions done correctly, not to pretend it solves every security problem.
Does M78Armor send my data anywhere?+
No. The product line is built around a local-first principle and does not treat configuration, logs, or secrets as exported data.