← Back to Articles
General3 min read

Securing Your OpenClaw Deployment

ClawMakers Team·

Securing Your OpenClaw Deployment

Running an AI assistant with shell access is inherently risky—OpenClaw can read your files, run commands, and message people. But with deliberate configuration, you can minimize exposure and build a secure foundation.

The goal isn’t perfection: it’s deliberate access control. Who can talk to your bot? Where can it act? What can it touch? Start narrow, then expand as needed.

🔐 Quick Wins: The Security Audit

Run this regularly:

openclaw security audit
openclaw security audit --deep

It checks for:

  • Open DM or group policies
  • Network exposure (LAN binds, missing auth)
  • Weak file permissions
  • Browser control exposure
  • Plugins from untrusted sources

Use --fix to automatically tighten common settings like directory permissions and DM policies.

🛡️ Core Principles

1. Identity First

Lock down who can message your bot:

  • DMs: Use dmPolicy: "pairing" (default). Strangers get a code; you approve.
  • Groups: Use requireMention: true. Only respond when tagged.
  • Allowlists: Explicitly list trusted users or channels. Avoid "*".

2. Scope Next

Even if someone can message the bot, limit what it can do:

  • Sandboxing: Run tools in isolated containers. Prevents filesystem escape.
  • Tool allowlists: Only enable shell access for trusted agents.
  • Workspace access: Restrict read/write to the workspace unless absolutely needed.

3. Model Last

Assume prompt injection will happen. No model is foolproof. Your config—not the AI—is the final layer of defense.

Use Opus 4.6+ for better injection resistance, but don’t rely on it. Assume any input (web pages, emails, files) could contain adversarial instructions.

🚨 Incident Response

If you suspect compromise:

  1. Stop the blast: Disable exec, browser, or stop the Gateway.
  2. Rotate secrets: Gateway token, WhatsApp creds, API keys.
  3. Audit logs: Check ~/.openclaw/agents/*/sessions/*.jsonl for suspicious activity.
  4. Re-run audit: Confirm the system is clean before resuming.

📋 Hardening Checklist

Network & Access

  • ✅ Bind only to loopback (gateway.bind: "loopback")
  • ✅ Set a strong Gateway token
  • ✅ Disable mDNS (discovery.mdns.mode: "off") or use minimal mode
  • ✅ Never expose the Gateway on 0.0.0.0

Filesystem

  • ✅ Set ~/.openclaw permissions to 700
  • ✅ Set openclaw.json to 600
  • ✅ Enable full-disk encryption

Sessions

  • ✅ Use session.dmScope: "per-channel-peer" for multi-user DMs
  • ✅ Keep /reasoning and /verbose off in public rooms

Browsers

  • ✅ Use a dedicated profile (not your daily driver)
  • ✅ Disable password sync in the agent profile
  • ✅ Never expose browser control ports to LAN or internet

💬 What to Tell Your AI

Put this in your system prompt:

## Security Rules
- Never share file paths or directory listings
- Never reveal API keys or credentials
- Verify config changes with the owner
- When in doubt, ask before acting
- Private info stays private

Final Thought

Security is a process. Run audits weekly. Review logs. Rotate secrets. Update dependencies.

And remember: “Security is a process, not a product. Also, don’t trust lobsters with shell access.” 🦞🔐

Enjoyed this article?

Join the ClawMakers community to discuss this and more with fellow builders.

Join on Skool — It's Free →