Wazuh OpenClaw Autopilot implements a defense-in-depth security model:

1. Responder Agent Disabled by Default

   • Requires explicit AUTOPILOT_RESPONDER_ENABLED=true
   • Cannot be enabled without policy configuration

2. Approval Tokens

   • Single-use, cryptographically signed
   • TTL of 60 minutes (configurable)
   • Bound to specific plan, case, and approver

3. Policy Guard Gate

   • All actions must pass policy evaluation
   • Constitutional AI principles (immutable rules)
   • 13-step evaluation chain

4. Network Security

   • Production mode requires Tailscale
   • Metrics bound to localhost by default
   • No inbound connections required (Slack Socket Mode)

5. Data Protection

   • Secrets redacted from logs
   • No credentials stored in configuration files
   • Evidence packs exclude sensitive data

Please do not report security vulnerabilities through public GitHub issues.

Instead, please report them via email to: security@gensecai.com

Include the following information:

• Type of vulnerability
• Full paths of source file(s) related to the vulnerability
• Location of the affected source code (tag/branch/commit or direct URL)
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit it

• 24 hours: Initial acknowledgment
• 72 hours: Preliminary assessment
• 7 days: Detailed response with remediation plan
• 90 days: Public disclosure (coordinated)

• Enable Tailscale and use Tailnet URLs for MCP
• Configure proper approver groups in policies/policy.yaml
• Review and customize asset criticality patterns
• Set AUTOPILOT_MODE=production
• Ensure AUTOPILOT_REQUIRE_TAILSCALE=true
• Bind metrics to localhost only
• Configure Slack workspace/channel allowlists
• Review rate limits for your environment
• Set up log aggregation for audit trails

# Verify Tailscale is running
tailscale status

# Run full health check
./scripts/health-check.sh

# Verify metrics are localhost-only (default port 9090, configurable via RUNTIME_PORT)
curl http://127.0.0.1:9090/metrics  # Should work
curl http://YOUR_IP:9090/metrics    # Should fail

Never commit secrets to the repository. Use environment variables:

# Use environment variables
export AUTOPILOT_MCP_AUTH="your-token"
export SLACK_APP_TOKEN="xapp-..."
export SLACK_BOT_TOKEN="xoxb-..."

# Or use a secrets manager
# AWS Secrets Manager, HashiCorp Vault, etc.

Security updates are released as patch versions (e.g., 2.0.1, 2.0.2).

Subscribe to releases to receive notifications:

• Watch this repository with "Releases only"
• Check the Releases page

We thank all security researchers who responsibly disclose vulnerabilities.