5 OpenClaw Security Risks (and How We Fix Them)
You're shipping OpenClaw. Raw deploy = credentials leak, no auth bypass, no audit, no stop button, rogue API calls. We've seen it. Here's what goes wrong and what we built.
Risk 1: Exposed Credentials
What happens: Default config + bad reverse proxy = your Anthropic/OpenAI keys visible to anyone who finds the instance. LLM bill goes $50 → $5k overnight. Someone else is using your keys.
Clawctl: Credentials injected at runtime. Never on disk. Gateway auth. Per-tenant isolation.
Risk 2: No Real Auth
What happens: OpenClaw trusts localhost. Your proxy makes every request look local. No password. Full control for anyone who hits the URL.
Clawctl: 256-bit token on every gateway connection. No localhost bypass. Rate limiting. Brute-force protection.
Risk 3: Zero Audit Trail
What happens: Raw OpenClaw doesn't log what it did. Something breaks. Security asks "what happened?" You have nothing. Review fails. Project blocked.
Clawctl: Every prompt, tool call, output logged. Searchable. Replay for debugging. Export for compliance.
Risk 4: No Kill Switch
What happens: Agent starts doing something bad. You have to SSH in, find the process, kill it. Or watch it delete prod data.
Clawctl: Click the Pause button in the dashboard. Human-in-the-loop for risky actions. Auto-pause when limits hit.
Risk 5: Rogue API Calls
What happens: Agent can call any domain. Exfiltrate data. Hit malicious APIs. Rack up bills. One prompt injection and you're explaining to legal.
Clawctl: Egress allowlist. You decide which domains. Enforced at infra. Blocked calls = alert.
Bottom Line
Raw OpenClaw in prod isn't brave. It's reckless. Same agent you love—wrapped so security says yes.