Is this checklist enough by itself?

It is enough for a first manual pass. It does not replace later fixes, backup, rollback, or keeping your own change records.

Do I need to buy anything before using the checklist?

No. The checklist is the free manual review path.

When should I move to M78Armor Core?

Move to Core when manual review is no longer enough and you need backup-first local fixes with rollback.

⚠ 近期 OpenClaw / ClawHub 安全事件表明：恶意技能投递、默认暴露和配置漂移都可能把安装后的实例带进更大的麻烦

⚠ Recent OpenClaw / ClawHub security incidents show the same pattern: malicious skill delivery, default exposure, and configuration drift can turn a working install into a bigger mess

OpenClaw Hermes

免费清单 OpenClaw 安全加固清单

Free Checklist OpenClaw Security Hardening Checklist

这是一份安装后的手动收口清单。它有用，不是因为词多，而是因为顺序对：先看暴露面，再看认证，然后看技能信任、权限、文件保护，最后再核版本风险。很多安装后的问题，都是检查顺序错了。

This is a manual post-install close-out checklist. It is useful because the order is right: exposure first, auth second, then skill trust, permissions, file protection, and version risk last. A lot of post-install trouble starts when people check the right things in the wrong order.

下载 PDF Download PDF 下载 DOCX Download DOCX

手动第一轮。按对的顺序检查。

Manual first pass. Check things in the right order.

定位

POSITIONING

这份清单是什么，不是什么

What this checklist is, and what it is not

它是手工第一轮检查清单。作用是先把实例看清，不是假装一页免费内容就能把后面的动作都做完。

It is the manual first-pass checklist. The job is to make the instance clear first, not to pretend a free page can finish the whole job for you.

范围

先手动判断

帮你靠人工确认当前实例里最常见的配置风险，但不替你执行修改。

SCOPE

Manual first pass

It helps you confirm the most common configuration risks on the current instance, but it does not execute changes for you.

交付

PDF + DOCX

下载就能用，不需要先下单，也不需要先走付费路径。

DELIVERY

PDF + DOCX

Download it and use it. No order step. No paid gate in front of the checklist.

边界

不是自动化工具

它不替你修配置，不做备份，不准备回滚，也不帮你生成结构化结果。

BOUNDARY

Not the automation layer

It does not remediate configuration, create backups, prepare rollback, or generate structured output.

升级点

Core 是下一步

当手工检查已经不够，而你下一步真的是本地执行时，再进入 M78Armor Core。

NEXT STEP

Core is the next step

Move into M78Armor Core only when manual review stops being enough and the next job is actual local execution.

检查覆盖

CHECKLIST COVERAGE

清单重点检查什么

What the checklist reviews

不是泛泛建议，而是按顺序检查自托管 OpenClaw 最容易出问题的点：暴露、认证、技能信任、权限、文件保护、版本风险。

Not generic advice. It inspects the points self-hosted OpenClaw teams most often get wrong in sequence: exposure, auth, skill trust, permissions, file protection, then version risk.

公网入口与绑定地址
检查是否仍把实例直接暴露在公网，是否存在多余入口或未收口的控制面。

Public entry points and binding
Review whether the instance is still directly internet-exposed and whether unnecessary entry points or control surfaces remain open.

认证、密钥与默认凭据
核对认证是否启用、密钥是否够强、是否还存在弱口令或默认配置残留。

Authentication, secrets, and defaults
Confirm that authentication is enabled, secrets are strong enough, and default or weak settings are no longer present.

技能来源、批准与信任边界
先看技能从哪来、谁能装、默认信任开到多大。很多后续问题，根子就在这里。

Skill sources, approvals, and trust boundary
Check where skills come from, who can install them, and how wide the default trust boundary is. A lot of later mess starts here.

运行权限、沙箱与执行边界
看清实例到底拿了多大权限，沙箱有没有放得太松，执行边界有没有开得过宽。

Runtime permissions, sandboxing, and execution boundary
Make clear how much privilege the instance has, whether sandboxing is too loose, and whether the execution boundary is wider than it needs to be.

配置文件、密钥文件与长期文件保护
检查配置、密钥、SOUL.md、MEMORY.md 等是否得到合理保护与权限控制。

Configuration, secrets, and long-lived file protection
Review whether configuration files, secrets, SOUL.md, MEMORY.md, and similar files are protected with sensible access controls.

版本状态与已知漏洞暴露
最后再核版本风险。先把边界和权限看清，再判断当前版本是不是还落在已知 CVE 暴露范围里。

Version status and known CVE exposure
Check version risk last. Once the boundaries and permissions are clear, confirm whether the deployed version still sits inside known CVE exposure ranges.

何时够用

WHEN IT IS ENOUGH

什么时候这份免费清单已经够用

When the free checklist is enough — and when it stops being enough

免费清单解决的是“先看清，而且按对顺序看”。它不解决“把动作做完”。

The checklist solves the “see it clearly, in the right order” stage. It does not solve the “finish the work” stage.

够用的情况

你现在需要的是判断，不是执行

你可以接受手工逐项检查，有时间排查配置，暂时也不需要备份、回滚准备或结构化留档。

这种情况下，免费清单已经有价值。

ENOUGH FOR NOW

You need judgement more than execution

You can tolerate manual review, have time to troubleshoot, and do not yet need backup, rollback readiness, or structured records.

In that case, the free checklist already has real value.

该升级的时候

手工路径开始拖慢你

你不想一遍遍重复同样的手工流程，或者你已经需要更短的本地修正、备份、回滚和结果留档路径。

这时进入 M78Armor Core 更合理。

TIME TO MOVE UP

The manual path is starting to slow you down

You do not want to repeat the same review again and again, or you now need a shorter local-first path for remediation, backup, rollback readiness, and clearer records.

That is when M78Armor Core makes sense.

已经走完手动路径？

DONE WITH THE MANUAL PATH?

手动第一轮做完了，下一步别从头再来

Finished the manual first pass? Do not start blind on the next round

如果下一步是本地修正、备份和回退，那就别再从头手工走一遍。M78Armor Core 就是给这个阶段准备的。

If the next step is local fixes, backup, and rollback, do not start from scratch by hand again. M78Armor Core is built for that stage.

2+ 小时

手动完成清单

＜ 2 分钟

M78Armor Core 自动完成

¥88

一次性，永久使用

2+ hours

Manual checklist work

< 2 min

M78Armor Core automated

¥88

One-time, yours forever

查看 Core 修正与回退 See Core fixes and rollback

公开产品线

PUBLIC PRODUCT LINE

这份清单在产品线里的位置

Where this checklist sits in the product line

公开产品线很简单：3 个免费工具负责安装或检查，1 个付费产品负责修正和回退。

The public line is simple: three free tools handle installation or review, and one paid product handles fixes and rollback.

免费

免费安全加固清单

¥0 free

手工检查路径。先帮助你判断问题范围。

FREE

Free hardening checklist

¥0 free

The manual review path that defines the problem space first.

免费

m78setup.sh

¥0 free

安装路径。解决的是安装摩擦，而不是后续安全配置执行。

FREE

m78setup.sh

¥0 free

The installation path. It reduces setup friction, not the later execution work.

免费

m78armor security configuration check

¥0 free

本地只读检查路径。告诉你哪里有问题，但不替你做本地修改。

FREE

m78armor security configuration check

¥0 free

The local read-only check. It shows the problems without making local changes.

付费执行产品

M78Armor Core

¥88 one-time

当前唯一的付费产品。真正进入本地修正、备份、回退和留档阶段时再用它。

查看修正与回退

PAID EXECUTION PRODUCT

M78Armor Core

¥88 one-time

The only paid product on the site. Use it when the job turns into local fixes, backup, rollback, and documentation.

See fixes and rollback

常见问题

FAQ

关于免费清单的常见问题

Common questions about the free checklist

下载免费清单前需要提交邮箱吗？+

不需要。它是公开的免费手动检查路径，目的就是让你先看清问题。

Do I need to submit an email address before downloading it?+

No. It is the public free manual review path, designed to let you understand the problem before you pay for execution.

只用这份清单够不够？+

对第一次手动检查来说够用。但它不替代修正、备份、回滚准备或结构化留档。

Is the checklist enough on its own?+

It is enough for a first manual pass. It does not replace remediation, backup, rollback readiness, or structured records.

它和 m78armor security configuration check 的差别是什么？+

免费清单是手工检查表；后者是本地只读检查工具。一个靠人工走完检查，一个输出本地只读结果。

How is it different from m78armor security configuration check?+

The checklist is a manual review sheet. The other product is the read-only check. One is walked manually. The other produces local read-only output.

什么时候该从清单升级到 Core？+

当你已经判断清楚问题，接下来真正需要的是更短的本地修正、备份、回滚准备和结果留档路径时。

When should I upgrade from the checklist to Core?+

When the issues are already clear and what you now need is a shorter local-first path for remediation, backup, rollback readiness, and documentation.