How to Run OpenClaw Safely
Practical Security Lessons From the Last 30 Days
OpenClaw's recent growth has surfaced a hard truth: Most of the security issues aren't bugs—they're deployment mistakes. This post focuses on how to think about safety. Not blame.
Skip the hardening? Deploy with secure defaults in 60 seconds →
1. Never Expose It Directly to the Internet
If OpenClaw is reachable from the public internet, you're already in the danger zone.
Best practice: Bind to localhost. Put it behind a secure gateway. Restrict access with authentication. Assume scanners will find it. If Shodan can see it, attackers already have.
2. Treat Inputs as Hostile
Emails, websites, chats, documents—all are attack surfaces. Don't let the agent blindly follow instructions. Restrict what actions it can take automatically. Log everything. Prompt injection isn't clever hacking. It's social engineering for machines.
3. Skills = Code Execution
Installing a skill is equivalent to running a random script on your machine. Before adding a skill: review the repo, pin versions, avoid auto-updates, prefer first-party or audited tools. Convenience is how supply-chain attacks win.
4. Minimize Permissions Ruthlessly
Ask: Does this agent really need shell access? Email write access? Browser control? Most setups are wildly over-privileged. Least privilege isn't optional here—it's survival.
5. Isolation Beats Cleverness
Sandboxing is hard. But isolation works. Separate environments. Dedicated machines or containers. No shared credentials. No access to personal accounts. If functionality breaks when sandboxed, that's a signal, not an excuse.
The Direction Is Improving—But You're Still Responsible
OpenClaw has shipped security improvements. OAuth flows are improving. Community hardening guides exist. Recent releases show real progress. But no open-source agent can save you from unsafe deployment choices. That part is on the operator.
The Bottom Line
OpenClaw represents the future: AI that doesn't just talk—it acts. But the future doesn't come with training wheels. Run it thoughtfully, it's a superpower. Run it recklessly, it's a liability. Handle with care.
Deploy with Clawctl guardrails → | Security risks overview → | All security threats