openclaw/docs/cli/security.md
Jon Shapiro 92697edb7c fix(venice): add compat settings to prevent HTTP 400 errors
Venice's API doesn't support certain OpenAI-compatible parameters that
Clawdbot sends by default:

- `store`: Venice returns HTTP 400 with no body when this is present
- `developer` role: Not supported by Venice's API

This adds VENICE_COMPAT settings (supportsStore: false,
supportsDeveloperRole: false) to all Venice model definitions, both
from the static catalog and dynamically discovered models.

Fixes issues reported in PR #1666 where users experienced silent
failures (HTTP 400, no body) when using Venice models.

Co-authored-by: jonisjongithub <jonisjongithub@users.noreply.github.com>
Co-authored-by: Clawdbot <bot@clawd.bot>
2026-01-26 17:56:01 -08:00

718 B

summary read_when
CLI reference for `clawdbot security` (audit and fix common security footguns)
You want to run a quick security audit on config/state
You want to apply safe “fix” suggestions (chmod, tighten defaults)

clawdbot security

Security tools (audit + optional fixes).

Related:

Audit

clawdbot security audit
clawdbot security audit --deep
clawdbot security audit --fix

The audit warns when multiple DM senders share the main session and recommends session.dmScope="per-channel-peer" for shared inboxes. It also warns when small models (<=300B) are used without sandboxing and with web/browser tools enabled.