{ "ok": true, "sample": "OpenClaw NEAR AI Worker static audit proof excerpt", "scope_reviewed": [ "worker/Dockerfile", "worker/entrypoint.sh", "deploy/docker-compose.yml", "compose-api/src/main.rs", "compose-api/src/compose.rs", "oauth-service/src/main.rs" ], "top_findings": [ { "severity": "High", "title": "Production worker grants unconditional passwordless sudo", "evidence": [ "worker/Dockerfile:42-45", "README.md:313-315" ], "remediation": "Remove NOPASSWD:ALL from production and move root/debug access to an explicit debug profile." }, { "severity": "High", "title": "Gateway defaults to LAN exposure while host ports are published", "evidence": [ "deploy/docker-compose.yml:16", "deploy/docker-compose.yml:27-30", "README.md:306" ], "remediation": "Default to loopback, bind local ports to 127.0.0.1, and require explicit LAN opt-in." }, { "severity": "Medium", "title": "Gateway auth token is passed in CLI process arguments", "evidence": [ "worker/entrypoint.sh:226", "worker/entrypoint.sh:236", "worker/entrypoint.sh:243" ], "remediation": "Use token-file, stdin, or env support in the CLI instead of argv." }, { "severity": "Medium", "title": "Container egress firewall misses internal/link-local ranges", "evidence": [ "compose-api/src/main.rs:1282", "compose-api/src/main.rs:1287" ], "remediation": "Block link-local metadata, CGNAT, IPv6 local ranges, and allowlist required Docker bridge destinations." } ], "positive_controls": [ "Digest-pinned Node base image", "OpenClaw config written with chmod 600", "SSH password auth and root login disabled", "OAuth token endpoint validation tests cover private/link-local cases" ], "boundary": "This is a short public proof excerpt. Complete custom reports are delivered only after funded order, escrow assignment, or payment proof." }