🛡️ Security Checklist

Essential hardening for your OpenClaw installation

1,987+

OpenClaw instances detected on the public internet — many with security issues

🔔 Latest: Update to 2026.2.1

Released Feb 2, 2026 — includes multiple security fixes:

Path traversal fixes — WhatsApp accountId, MEDIA path extraction, message-tool filePath
LFI prevention — Restricted local path extraction in media parser
Exec hardening — Blocked LD*/DYLD* env overrides for host exec
Browser relay secured — Chrome extension CDP sessions now protected
TLS 1.3 minimum — Now required for TLS listeners

npm update -g openclaw && ocl gateway restart

📰 Coverage: The Hacker News · The Register

Gateway Binding CRITICAL

By default, OpenClaw binds to all interfaces (0.0.0.0), making it accessible from the internet if your firewall allows it.

✓

Bind to loopback only

Unless you need remote access, bind to localhost so only local connections work.

# In your config.yaml or via CLI:
gateway:
  bind: "0.0.0.0"  # ❌ BAD - exposed to network
  bind: "loopback"  # ✅ GOOD - localhost only
  bind: "127.0.0.1" # ✅ GOOD - same as loopback

✓

Check current binding

Run this to see what your gateway is bound to:

openclaw config get gateway.bind
# Or check what's listening:
lsof -i :3000 | grep LISTEN
netstat -an | grep 3000

Authentication CRITICAL

Control who can interact with your gateway and through which channels.

✓

Set DM policy to "pairing"

Require manual approval before new devices/users can interact.

# In config.yaml:
gateway:
  dmPolicy: "pairing"  # ✅ Requires approval
  dmPolicy: "open"     # ❌ Anyone can message

✓

Whitelist allowed user IDs

Only allow specific user IDs to interact with your bot.

# In your channel config:
telegram:
  allowedUsers:
    - "123456789"  # Your Telegram user ID
    - "987654321"  # Family member, etc.

✓

Set a gateway token

If exposing API endpoints, require authentication.

gateway:
  token: "your-secret-token-here"

Tool & Shell Access HIGH

Control what the AI can do on your system.

✓

Enable sandbox mode for group chats

Limit tool access when in shared/group contexts.

# In AGENTS.md, add guidelines:
## Group Chat Rules
- Never run shell commands in group chats
- No file access outside designated folders
- Ask before any external actions

✓

Review tool allowlist

Check which tools are enabled and disable any you don't need.

openclaw config get tools
# Disable dangerous tools if not needed:
tools:
  exec: false  # No shell commands
  browser: false  # No browser control

✓

Use confirmation prompts for destructive actions

Configure OpenClaw to ask before deleting files or running certain commands.

Network Security HIGH

Secure your network access properly.

✓

Use Tailscale or Cloudflare Tunnel for remote access

Never expose your gateway port directly to the internet. Use a secure tunnel instead.

# ❌ DON'T: Open port 3000 on your router
# ❌ DON'T: Use ngrok without auth

# ✅ DO: Use Tailscale (encrypted mesh VPN)
tailscale up
# Access via: http://100.x.x.x:3000 (Tailscale IP)

# ✅ DO: Use Cloudflare Tunnel
cloudflared tunnel --url http://localhost:3000

→ Full Tailscale setup guide

✓

Check firewall rules

Ensure your firewall isn't allowing external access to the gateway port.

# macOS:
sudo pfctl -sr | grep 3000

# Linux (ufw):
sudo ufw status

# Linux (iptables):
sudo iptables -L -n | grep 3000

API Keys & Credentials HIGH

Protect your API keys and credentials.

✓

Store API keys securely

Use environment variables or the system keychain, not plaintext files.

# ❌ DON'T: Put keys in config.yaml
anthropic:
  apiKey: "sk-ant-..."  # Bad!

# ✅ DO: Use environment variables
export ANTHROPIC_API_KEY="sk-ant-..."

# ✅ DO: Use macOS Keychain
security add-generic-password -a $USER -s anthropic-api-key -w "sk-ant-..."

✓

Use scoped API keys where possible

Create dedicated API keys with limited permissions for OpenClaw.

✓

Rotate keys if compromised

If you suspect your OpenClaw was accessed, rotate all API keys immediately.

Skill Security MEDIUM

Be careful when installing third-party skills.

✓

Audit skills before installing

Read ALL files in a skill, not just SKILL.md. Look for hidden scripts, curl commands, or external URLs.

# After installing, check the skill folder:
ls -la ~/.openclaw/skills/[skill-name]/
cat ~/.openclaw/skills/[skill-name]/*

# Look for red flags:
grep -r "curl\|wget\|bash -c" ~/.openclaw/skills/[skill-name]/

✓

Check skill source/author

Only install skills from trusted sources. Don't trust download counts — they can be faked.

🔍 Quick Security Audit

Run this command to check your current security status:

openclaw doctor --security

# Or manually check key settings:
echo "=== Gateway Binding ==="
openclaw config get gateway.bind

echo "=== DM Policy ==="
openclaw config get gateway.dmPolicy

echo "=== Listening Ports ==="
lsof -i -P | grep openclaw

Related Guides

Tailscale Setup — Secure remote access
Cloudflare Tunnel — Alternative to Tailscale
Official Security Docs