Back to Blog
Security2026-01-27

Hardening Your Moltbot Instance: A Security Deep Dive

Moltbot has shell access, API tokens, and messaging platform connections. Securing it properly is critical. This guide covers practical hardening techniques.

1Configure Firewall Rules

The Moltbot Gateway should never be exposed directly to the internet. Bind it to localhost and use strict firewall rules to prevent unauthorized access.

# Bind Gateway to localhost
moltbot gateway --bind 127.0.0.1 --port 3777

# UFW rules (Ubuntu/Debian)
sudo ufw deny in on eth0 to any port 3777
sudo ufw allow from 127.0.0.1 to any port 3777

# Verify
sudo ufw status verbose

2Run in Docker with Limited Capabilities

For maximum isolation, run Moltbot inside a Docker container with restricted capabilities. This limits the blast radius if the agent is compromised.

docker run -d \
  --name moltbot \
  --cap-drop ALL \
  --cap-add NET_BIND_SERVICE \
  --security-opt no-new-privileges:true \
  --read-only \
  --tmpfs /tmp \
  -v moltbot-data:/home/moltbot/.moltbot \
  moltbot/moltbot:latest

3Never Store Secrets in Plaintext

Use the encrypted vault for all sensitive data. Avoid environment variables and plaintext config files for API keys and tokens. Regularly rotate credentials.

# Use vault for all secrets
moltbot vault set ANTHROPIC_API_KEY sk-ant-...
moltbot vault set TELEGRAM_BOT_TOKEN ...

# List stored secrets (names only)
moltbot vault list

# Rotate a key
moltbot vault set ANTHROPIC_API_KEY sk-ant-new-key...

4Set Up Log Monitoring

Enable audit logging and set up alerts for suspicious activity. Monitor for unexpected command executions, failed authentication attempts, and unusual API calls.

# Enable verbose audit logging
moltbot config set logging.audit true
moltbot config set logging.level info

# Stream logs in real-time
moltbot logs --follow --level warn

5Stay Updated

Moltbot is rapidly evolving, and security patches are released frequently. Subscribe to the GitHub repository's security advisories and update promptly when patches are available.

# Check for updates
npm outdated -g moltbot

# Update to latest
npm update -g moltbot@latest

# Subscribe to security advisories
# https://github.com/moltbot/moltbot/security/advisories

Security is an Ongoing Process

Self-hosted AI agents with system access represent a new category of software with unique security challenges. Treat your Moltbot instance as privileged infrastructure. Review logs regularly, keep software updated, and always test new skills in a sandbox before deploying to production.