OpenClaw Security Guide: Protect Your AI Agent

The Gateway Token

OpenClaw's gateway authenticates connections using a token. If it's missing or exposed, anyone can connect to your agent. Run openclaw config get gateway.auth.token to check yours. If it's not set, generate one with openclaw doctor --generate-gateway-token. Never expose your gateway on a public IP without auth.

Filesystem Sandboxing

By default, OpenClaw can read and write anywhere on your system. Restrict it: openclaw config set tools.fs.workspaceOnly true. This limits file access to a designated workspace folder. Consider creating a dedicated macOS user account for OpenClaw to fully isolate it from your main user data.

Channel Security

Lock your Telegram bot to approved contacts only: openclaw config set channels.telegram.groupPolicy 'allowlist'. Without this, anyone who discovers your bot can interact with it — and potentially access your connected tools and data.

Third-Party Skills

Only install skills from trusted sources. Skills run with your agent's permissions. A malicious skill can exfiltrate data, run arbitrary commands, or inject prompts. Review skill code before installing, and remove any skills you're not actively using.

Dedicated User Account

Create a separate system user for OpenClaw. On macOS: sudo dscl . -create /Users/openclaw-agent. Install and run OpenClaw from this account. This isolates it from your personal files and credentials. Share only specific project folders via a shared workspace directory.

Regular Audits

Run openclaw security audit --deep periodically. This checks for exposed ports, missing auth, overly permissive filesystem access, and known vulnerabilities in your configuration.