Security Guide

Moltbot Security Best Practices

Moltbot is a powerful tool with system-level access. Follow these best practices to deploy it safely and minimize risk.

Threat Model

Prompt Injection

Malicious actors could craft messages on connected platforms (e.g., Telegram, Twitter) to manipulate Moltbot into executing unintended commands.

Mitigation: Enable DM pairing, restrict connected accounts, and avoid connecting public-facing social media accounts to Moltbot.

Credential Exposure

API keys, tokens, and secrets stored locally could be accessed by malware or through misconfigured file permissions.

Mitigation: Use encrypted vault storage, set strict file permissions (chmod 600), and never store secrets in plaintext configuration files.

Supply Chain Attacks

Malicious skills from MoltHub or compromised npm packages could execute arbitrary code on your system.

Mitigation: Only install skills from verified authors, review skill source code, and run untrusted skills in sandbox mode.

Network Exposure

Running the Gateway with default settings behind a reverse proxy can expose the admin panel to the internet without authentication.

Mitigation: Bind Gateway to localhost only, use IP whitelisting, enable authentication, and never expose the admin port publicly.

Best Practices

Use a Dedicated Machine

Run Moltbot on a dedicated server, VM, or secondary machine—not your primary workstation with access to crypto wallets, password managers, and sensitive data.

Network Isolation

Bind the Gateway to localhost and use firewall rules to restrict incoming connections. Never expose admin ports directly to the internet.

# Bind to localhost only
moltbot gateway --bind 127.0.0.1

# UFW firewall rules
ufw deny in on eth0 to any port 3777

Configure Access Control

Enable DM pairing for all messaging channels. Set explicit allowlists for Telegram, WhatsApp, and other platforms to prevent unauthorized access.

# In config.yaml
channels:
  telegram:
    dmPolicy: pairing
    allowlist:
      - your_telegram_id

Secure Secret Management

Always use the encrypted vault for API keys and tokens. Avoid storing secrets in environment variables or plaintext config files.

# Store secrets in encrypted vault
moltbot vault set ANTHROPIC_API_KEY sk-ant-...
moltbot vault set TELEGRAM_BOT_TOKEN 123456:ABC...

Enable Sandbox Mode

Run non-primary sessions in Docker containers with limited filesystem and network access. This isolates potentially risky operations.

Review Audit Logs

Regularly review Moltbot's operation logs to detect unusual activity. Set up alerts for unexpected command executions or access attempts.

# View recent logs
moltbot logs --tail 100

# Filter by severity
moltbot logs --level warn

Keep Updated

Install updates promptly. Security patches are released frequently as the project matures. Subscribe to the GitHub security advisories.

npm update -g moltbot@latest

Backup Configuration

Regularly backup your Moltbot configuration and vault. Store backups encrypted and in a separate location from your running instance.

Security Deployment Checklist

☐Running on dedicated/isolated machine☐Gateway bound to localhost only☐Firewall rules configured☐DM pairing enabled on all channels☐Secrets stored in encrypted vault☐Sandbox mode enabled for non-primary sessions☐Audit logging enabled and monitored☐Running latest version with security patches

Ready to Experience Moltbot?

Join 60,000+ developers and traders, start using your personal AI assistant

Install Moltbot Now View Source Code