Security hardening guide for production Nanobot deployments.
WhatsApp Security Vulnerability:
Versions < v0.1.3.post7 have a critical WhatsApp security vulnerability (CVSS 10.0 Critical) that allows unauthenticated session hijack via the WebSocket bridge.
Vulnerability Details:
Action Required:
allowFrom settings are properly configuredAuthorization Bypass Vulnerability:
Versions < v0.1.4.post3 have a critical authorization bypass vulnerability (CVSS 9.0 Critical) that allows attackers to bypass allowFrom access controls via |-separated sender ID injection.
Vulnerability Details:
is_allowed authorization check in nanobot/channels/base.pyattacker|allow@email.com to bypass allowlist restrictions, gaining unauthorized access to bot functionalityAttack Scenario:
attacker|allow@email.comis_allowed check splits by | and finds allow@email.com in allowlistAction Required:
allowFrom configurations are working as expected# Check your version
nanobot --version
# Upgrade via pip
pip install --upgrade nanobot-ai
# Or via uv
uv tool upgrade nanobot-ai
Note: Both vulnerabilities are patched in v0.1.4.post5 (latest). Upgrade to this version for complete protection.
Nanobot is an ultra-lightweight Python AI agent with multiple messaging platform integrations. Proper security configuration is essential for production deployments.
{
"gateway": {
"bindAddress": "127.0.0.1",
"port": 18790
}
}
Best Practices:
# Allow only necessary ports
sudo ufw allow 22/tcp # SSH
sudo ufw allow 443/tcp # HTTPS (via reverse proxy)
sudo ufw deny 18790/tcp # Deny direct gateway access
# Enable firewall
sudo ufw enable
Nginx Example:
server {
listen 443 ssl http2;
server_name nanobot.example.com;
ssl_certificate /etc/ssl/certs/nanobot.example.com.crt;
ssl_certificate_key /etc/ssl/private/nanobot.example.com.key;
# Strong SSL configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
location / {
proxy_pass http://localhost:18790;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Rate limiting
limit_req zone=onepersecond burst=5 nodelay;
}
}
# Rate limiting zone
http {
limit_req_zone $binary_remote_addr zone=onepersecond:10m rate=1r/s;
}
Configuration File Permissions:
# Secure config directory
chmod 750 ~/.nanobot
chown $USER:$USER ~/.nanobot
# Secure config file
chmod 640 ~/.nanobot/config.json
Never Store Secrets In:
For Docker deployments, use Docker secrets or env files:
# Create env file
echo "OPENROUTER_API_KEY=sk-or-v1-your-key" > ~/.nanobot/.env
chmod 600 ~/.nanobot/.env
# docker-compose.yml
services:
nanobot-gateway:
env_file:
- ~/.nanobot/.env
Rotation Schedule:
allowFrom to restrict which users can interact{
"channels": {
"telegram": {
"enabled": true,
"token": "YOUR_TOKEN",
"allowFrom": ["YOUR_USER_ID"],
"privacy": {
"groups": false,
"channels": false
}
}
}
}
{
"channels": {
"discord": {
"enabled": true,
"token": "YOUR_TOKEN",
"allowFrom": ["YOUR_USER_ID"],
"intents": {
"messages": true,
"messageContent": true,
"guilds": true
}
}
}
}
{
"channels": {
"slack": {
"enabled": true,
"token": "xoxb-YOUR-TOKEN",
"appToken": "xapp-YOUR-TOKEN",
"allowFrom": ["YOUR_USER_ID"]
}
}
}
Minimal Slack Scopes:
chat:write - Send messagesim:read - Read DMsim:history - Read message historyallowFrom{
"channels": {
"email": {
"enabled": true,
"imap": {
"host": "imap.example.com",
"port": 993,
"ssl": true,
"username": "bot@example.com",
"password": "app-specific-password"
},
"smtp": {
"host": "smtp.example.com",
"port": 587,
"tls": true,
"username": "bot@example.com",
"password": "app-specific-password"
}
}
}
}
services:
nanobot-gateway:
image: nanobot
read_only: true
tmpfs:
- /tmp
- /root/.nanobot
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
user: "1000:1000"
deploy:
resources:
limits:
cpus: '1'
memory: 1G
services:
nanobot-gateway:
networks:
- nanobot-internal
networks:
nanobot-internal:
internal: true
driver: bridge
{
"tools": {
"restrictToWorkspace": true,
"exec": {
"pathAppend": "",
"allowedCommands": ["ls", "cat", "echo"]
},
"mcpServers": {
"filesystem": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-filesystem", "/home/user/documents"],
"readOnly": true
}
}
}
}
{
"logging": {
"level": "info",
"security": true,
"audit": true
}
}
# Configure logrotate
cat > /etc/logrotate.d/nanobot << EOF
/var/log/nanobot/*.log {
daily
rotate 7
compress
delaycompress
missingok
notifempty
create 0640 $USER $USER
}
EOF
# Backup configuration
tar -czf nanobot-backup-$(date +%Y%m%d).tar.gz ~/.nanobot
# Store securely with encryption
gpg --encrypt --recipient your-key nanobot-backup-*.tar.gz
~/.nanobot directoryallowFrom for all channels# Find failed attempts
docker compose logs nanobot-gateway | grep -i "error\|failed\|denied"
# Find access patterns
docker compose logs nanobot-gateway | grep -oE "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort | uniq -c | sort -rn
# Check API errors
docker compose logs nanobot-gateway | grep -i "api\|provider"
Any questions?
Feel free to contact us. Find all contact information on our contact page.