OpenClaw Production Deployment: The Complete Security Checklist (2026)
You've built something useful with OpenClaw locally. Now you want to deploy it to production—for your team, your customers, or your own workflows.
This guide covers everything you need to secure an OpenClaw deployment. Use it as a checklist before going live.
Why Production Security Matters
OpenClaw isn't a chatbot. It's an agent with real capabilities:
- Shell access — Can run commands on your server
- File access — Can read and write to your filesystem
- Network access — Can call external APIs
- Credential access — Holds your API keys for Anthropic, OpenAI, etc.
Security researcher Maor Dayan found 42,665 exposed OpenClaw instances—93.4% were vulnerable to exploitation. Most were deployed with default settings.
The default configuration is designed for local development, not production. If you deploy without changes, you're exposed.
The Production Security Checklist
Level 1: Network Security
1.1 Bind to Loopback Only
Default OpenClaw binds to 0.0.0.0 (all interfaces). Change to 127.0.0.1:
{
"gateway": {
"host": "127.0.0.1",
"port": 3000
}
}
This ensures the gateway only accepts local connections.
1.2 Disable mDNS
OpenClaw advertises itself on local networks via mDNS. Disable it:
{
"gateway": {
"mdns": false
}
}
1.3 Disable Control UI (or Restrict Access)
The Control UI provides full access to your agent. Disable it for production:
{
"gateway": {
"controlUI": false
}
}
If you need the UI, ensure it's behind authentication and not publicly accessible.
1.4 Configure Reverse Proxy
Use nginx, Caddy, or Traefik to handle external traffic:
server {
listen 443 ssl;
server_name your-agent.example.com;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
1.5 Enable Token Authentication
Even behind a proxy, require token authentication:
{
"gateway": {
"authToken": "your-secure-token-here"
}
}
All requests must include this token. Don't rely on the proxy alone.
Level 2: Credential Security
2.1 Don't Store Credentials in Plaintext
By default, OpenClaw stores credentials at ~/.openclaw/credentials/ in plaintext.
Options:
- Use environment variables
- Use a secrets manager (AWS Secrets Manager, HashiCorp Vault)
- Use Clawctl's encrypted vault
2.2 Rotate Credentials Regularly
Set a rotation schedule:
- API keys: Every 90 days
- Database passwords: Every 90 days
- After any potential exposure: Immediately
2.3 Use Least-Privilege Credentials
Don't use admin-level API keys. Create keys with only the permissions your agent needs.
2.4 Monitor Credential Usage
Check your Anthropic/OpenAI dashboards for unexpected usage. Set up billing alerts.
Level 3: Audit Logging
3.1 Enable Comprehensive Logging
Log all agent actions, not just HTTP requests:
- Tool invocations
- File operations
- Shell commands
- External API calls
- Conversation history
3.2 Make Logs Searchable
You need to answer "what did the agent do on Tuesday at 3pm?" Structure your logs for search.
3.3 Enable Log Export
Enterprise customers will ask for audit exports. Support CSV and JSON formats.
3.4 Set Retention Policies
- Minimum: 90 days
- Enterprise standard: 365 days
- Compliance (SOC2, HIPAA): Check specific requirements
Level 4: Network Egress Control
4.1 Implement Domain Allowlist
Your agent shouldn't be able to call arbitrary URLs. Restrict to known domains:
- api.anthropic.com
- api.openai.com
- Your specific integrations
4.2 Use a Proxy
Route all outbound traffic through a proxy (Squid, Envoy) that enforces the allowlist.
4.3 Log All Egress Attempts
Even blocked requests should be logged for security monitoring.
4.4 Block Sensitive Destinations
Explicitly block:
- Internal network ranges (10.x, 192.168.x)
- Metadata endpoints (169.254.169.254)
- Known malicious domains
Level 5: Approval Workflows
5.1 Identify High-Risk Actions
Actions that should require approval:
- Sending emails (especially bulk)
- Deleting files
- Running shell commands
- Modifying databases
- Calling unfamiliar APIs
- Financial transactions
5.2 Implement Human-in-the-Loop
When a high-risk action is attempted:
- Block the action
- Notify the appropriate person
- Wait for approval or denial
- Log the decision
5.3 Set Timeouts
What happens if no one approves? Define defaults:
- Auto-deny after X minutes
- Escalate to secondary approver
- Queue for later review
5.4 Create Auto-Approve Rules
For trusted patterns, allow auto-approval:
- Emails to known domains
- API calls to approved endpoints
- File operations in designated directories
Level 6: Container and Isolation
6.1 Run in Containers
Don't run OpenClaw directly on your host. Use Docker:
FROM node:20-slim
WORKDIR /app
COPY . .
RUN npm ci --production
USER node
CMD ["npm", "start"]
6.2 Use Non-Root User
Never run as root. Create a dedicated user with minimal permissions.
6.3 Limit Resources
Set memory and CPU limits to prevent runaway agents:
deploy:
resources:
limits:
cpus: '2'
memory: 4G
6.4 Use Read-Only Filesystem
Mount the container filesystem as read-only where possible. Only allow writes to specific directories.
Level 7: Monitoring and Alerting
7.1 Monitor for Anomalies
Alert on:
- Unusual API usage patterns
- High volume of blocked actions
- Multiple failed authentication attempts
- Egress to new domains
- Credential access from new IPs
7.2 Set Up Health Checks
Monitor that your agent is running and responsive:
curl -f http://localhost:3000/health || exit 1
7.3 Create Incident Response Playbook
Document what to do when:
- Agent is compromised
- Credentials are leaked
- Unusual behavior is detected
- Customer reports an issue
Quick Reference: Production vs. Development
| Setting | Development | Production |
|---|---|---|
| Gateway bind | 0.0.0.0 | 127.0.0.1 |
| mDNS | Enabled | Disabled |
| Control UI | Enabled | Disabled |
| Auth token | Optional | Required |
| Credentials | Plaintext OK | Encrypted |
| Audit logging | Optional | Required |
| Egress control | None | Allowlist |
| Approvals | None | High-risk actions |
| Container | Optional | Required |
| Monitoring | Optional | Required |
The 60-Second Alternative
This checklist represents 40-60 hours of work to implement properly.
Clawctl provides all of these security controls by default:
- Loopback binding + token auth
- Encrypted credential vault
- Comprehensive audit logging
- Network egress allowlist
- 70+ high-risk actions blocked
- Container isolation
- Monitoring and alerting
Deploy via the web portal at clawctl.com/checkout — 60 seconds from signup to secured production deployment.
Next Steps
- Audit your current deployment against this checklist
- Prioritize based on your risk profile
- Implement incrementally or migrate to a managed solution
- Test your security controls regularly