Security
Best practices for keeping your OpenClaw installation safe and secure. Protect your data and prevent unauthorized access.
Run a Security Audit
OpenClaw includes a built-in security audit tool. Run it regularly to check your configuration:
openclaw security audit --deepPerforms a comprehensive security check of your installation
Security Essentials
- Never share auth-profiles.json
This file contains sensitive credentials. Keep it private and never commit it to version control.
- Use the pairing mechanism
Always verify pairing requests before approving. This prevents unauthorized access to your agents.
- Keep OpenClaw updated
Regular updates include security patches. Run
npm update -g openclawperiodically. - Use Sandbox mode for untrusted contexts
The default sandbox mode isolates agent actions. Only disable it for trusted agents.
Is OpenClaw Safe?
Understand OpenClaw's security model, data handling, and privacy features.
Avoid OpenClaw Scams
Learn to identify and avoid phishing attempts, fake packages, and social engineering attacks.
Keep OpenClaw Local Only
Configure OpenClaw to run exclusively on your local machine without external access.
Security Disclaimer
This is a community resource. For official security advisories and the latest security updates, always refer to the official OpenClaw documentation.