Sandbox hardening read-only investigation
過去レポートのView/ソース規律バックフィルで生成したView。
Generated: 2026-05-10T12:40:29+09:00
This report is read-only. It does not change firewall, services, config, packages, or Gateway state.
openclaw status
Exit: 0
OpenClaw status
Overview
┌──────────────────────┬───────────────────────────────────────────────────────────────────────────────────────────────┐
│ Item │ Value │
├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────┤
│ OS │ macos 26.2 (arm64) · node 22.22.0 │
│ Dashboard │ http://127.0.0.1:18789/ │
│ Tailscale exposure │ off │
│ Channel │ stable (default) │
│ Update │ pnpm · up to date · npm latest 2026.5.7 │
│ Gateway │ local · ws://127.0.0.1:18789 (local loopback) · reachable 81ms · auth token · MacBookPro │
│ │ (192.168.0.200) app 2026.5.7 macos 26.2 │
│ Gateway self │ MacBookPro (192.168.0.200) app 2026.5.7 macos 26.2 │
│ Gateway service │ LaunchAgent installed · loaded · running (pid 15846, state active) │
│ Node service │ LaunchAgent not installed │
│ Agents │ 1 · no bootstrap files · sessions 12 · default main active 2m ago │
│ Memory │ enabled (plugin memory-core) · not checked │
│ Plugin compatibility │ none │
│ Probes │ skipped (use --deep) │
│ Events │ none │
│ Tasks │ 0 active · 0 queued · 0 running · 9 issues · audit clean · 242 tracked │
│ Heartbeat │ 30m (main)
...[truncated]openclaw security audit --deep
Exit: 0
OpenClaw security audit
Summary: 0 critical · 1 warn · 1 info
Run deeper: openclaw security audit --deep
WARN
gateway.trusted_proxies_missing Reverse proxy headers are not trusted
gateway.bind is loopback and gateway.trustedProxies is empty. If you expose the Control UI through a reverse proxy, configure trusted proxies so local-client checks cannot be spoofed.
Fix: Set gateway.trustedProxies to your proxy IPs or keep the Control UI local-only.
INFO
summary.attack_surface Attack surface summary
groups: open=0, allowlist=0
tools.elevated: enabled
hooks.webhooks: disabled
hooks.internal: disabled
browser control: enabled
trust model: personal assistant (one trusted operator boundary), not hostile multi-tenant on one shared gateway
STDERR:
[skills] Skipping escaped skill path outside its configured root: source=agents-skills-personal root=~/.agents/skills reason=symlink-escape requested=~/.agents/skills/x-browser resolved=~/.claude/plugins/nuchi-skills/skills/x-browseropenclaw update status
Exit: 0
OpenClaw update status
┌──────────┬───────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ Item │ Value │
├──────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Install │ pnpm │
│ Channel │ stable (default) │
│ Update │ pnpm · up to date · npm latest 2026.5.7 │
└──────────┴───────────────────────────────────────────────────────────────────────────────────────────────────────────┘docker info
Exit: 0
Client:
Version: 28.2.2
Context: desktop-linux
Debug Mode: false
Plugins:
ai: Ask Gordon - Docker Agent (Docker Inc.)
Version: v0.5.1
Path: /Users/aiharataketo/.docker/cli-plugins/docker-ai
buildx: Docker Buildx (Docker Inc.)
Version: v0.19.2-desktop.1
Path: /Users/aiharataketo/.docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.31.0-desktop.2
Path: /Users/aiharataketo/.docker/cli-plugins/docker-compose
debug: Get a shell into any image or container (Docker Inc.)
Version: 0.0.37
Path: /Users/aiharataketo/.docker/cli-plugins/docker-debug
desktop: Docker Desktop commands (Beta) (Docker Inc.)
Version: v0.1.0
Path: /Users/aiharataketo/.docker/cli-plugins/docker-desktop
dev: Docker Dev Environments (Docker Inc.)
Version: v0.1.2
Path: /Users/aiharataketo/.docker/cli-plugins/docker-dev
extension: Manages Docker extensions (Docker Inc.)
Version: v0.2.27
Path: /Users/aiharataketo/.docker/cli-plugins/docker-extension
feedback: Provide feedback, right in your terminal! (Docker Inc.)
Version: v1.0.5
Path: /Users/aiharataketo/.docker/cli-plugins/docker-feedback
init: Creates Docker-related starter files for your project (Docker Inc.)
Version: v1.4.0
Path: /Users/aiharataketo/.docker/cli-plugins/docker-init
sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
Version: 0.6.0
Path: /Users/aiharataketo/.docker/cli-plugins/docker-sbom
scout: Docker Scout (Docker Inc.)
Version: v1.15.1
Path: /Users/aiharataketo/.docker/cli-plugins/docker-scout
Server:
Containers: 10
Running: 10
Paused: 0
Stopped: 0
Images: 11
Server Version: 27.4.0
Storage Driver: overlayfs
driver-type: io.containerd.snapshotter.v1
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
CDI spec directories:
/etc/cdi
/var/run/cdi
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 472731909fa34bd7bc9c087e4c27943f9835f111
runc version: v1.1.13-0-g58aa920
init version: de40ad0
Security Options:
seccomp
Profile
...[truncated]