Frequently Asked Questions
Everything you need to know about Clawctl — the secure, managed runtime for OpenClaw AI agents.
What is Clawctl?
Clawctl is a secure, managed runtime for OpenClaw AI agents. It provides sandboxed execution, encrypted secrets management, human-in-the-loop approvals, and full audit trails — enabling teams to deploy autonomous AI agents in production without risking leaked credentials, rogue behavior, or failed compliance audits.
It’s the same OpenClaw you know, now with enterprise-grade security applied automatically.
How is Clawctl different from self-hosting OpenClaw?
Here's what happens when you self-host OpenClaw: your dashboard is exposed to the internet (42,000+ instances found on Shodan in January 2026), your API keys sit in plaintext files, there's zero authentication, and when something goes wrong — you have no idea what happened. Security teams block this for good reason. Clawctl fixes all of it automatically: sandboxed containers, encrypted secrets vault, network egress controls, human approvals for 70+ high-risk actions, and complete audit logs. You keep building features. We handle the security nightmares.
How long does it take to deploy?
60 seconds. Seriously. Head to clawctl.com/checkout, pick your plan, and pay with Stripe. On the success page, you'll get your API key and dashboard access. Your agent is live with security defaults, audit logging, and approval workflows already running. No YAML files to configure. No reverse proxy nightmares. No Docker security hardening guides. Just a secured agent, ready to work.
How much does Clawctl cost?
Less than your last incident cost you. Starter is $49/month (1 agent, 100 runs/day, 7-day audit trail) — perfect for shipping your first production agent safely. Team is $299/month (5 agents, 1K runs/day, 90-day retention) for growing teams. Business is $999/month (25 agents, 10K runs/day, 365-day retention, RBAC) for companies with compliance requirements. Compare that to a single API key leak, a security contractor, or the enterprise deal you lost because you couldn't answer the security questionnaire.
Is Clawctl a fork of OpenClaw?
No fork. No rewrite. No lock-in. Clawctl wraps the official OpenClaw you already know with a secure runtime layer. We generate a hardened configuration file automatically — loopback binding, token auth, prompt injection defenses, the works. When OpenClaw releases updates, Clawctl incorporates them after security validation. You're still running real OpenClaw. It's just not running naked anymore.
What security features does Clawctl provide?
Everything that keeps you from waking up to a Shodan screenshot on Twitter. Sandboxed execution in isolated Docker containers — each agent lives in its own world. Encrypted secrets vault — your API keys never touch disk unencrypted. Network egress control — agents can only reach domains you approve. Human-in-the-loop approvals for 70+ high-risk actions — no surprise $84,000 Stripe transfers. Prompt injection defenses enabled by default. Full audit logging with search and export. Policy enforcement across tools, filesystem, and network. This isn't a checklist. It's what "production-grade" actually means.
What is human-in-the-loop approval?
Picture this: your agent decides to execute rm -rf / at 2am. Or send 4,000 emails to customers. Or make a $50,000 wire transfer. With raw OpenClaw, you find out when customers start complaining. With Clawctl, high-risk actions get blocked until you say yes. We register 70+ dangerous action types by default: shell commands, financial transactions, email sending, database drops, sensitive file access. You can approve once, create auto-approve rules for trusted patterns, or deny. You decide what executes. Not the LLM.
Is OpenClaw safe to run in production?
Not by default. Here's the uncomfortable truth: OpenClaw binds to 0.0.0.0 (exposed to the entire internet), stores API keys as plaintext in ~/.openclaw/credentials/, has no authentication on its admin interface, and keeps no audit trail. In January 2026, researchers found 42,665 exposed instances — 93.4% were vulnerable to exploitation. Two instances leaked months of private conversations just from the WebSocket handshake. You need either hours of manual hardening (and hope you didn't miss anything) or a managed runtime like Clawctl. We built this because we wanted to deploy OpenClaw too — and couldn't stomach the risk.
What is the 'lethal trifecta' in AI agent security?
Simon Willison coined this term, and it should scare you. The lethal trifecta is when an agent has: (1) access to private data — files, credentials, APIs, (2) exposure to untrusted content — user prompts, web inputs, plugin outputs, and (3) ability to communicate externally — HTTP calls, email, shell commands. Any single capability is manageable. All three together without isolation? That's how agents get hijacked to exfiltrate data, drain API budgets, or attack your infrastructure. Every OpenClaw instance has all three by default. Clawctl breaks the lethal trifecta by enforcing boundaries between these capabilities — so your agent stays powerful without becoming a liability.
Does Clawctl support compliance requirements like SOC2?
Compliance teams love asking questions you can't answer about AI agents. Clawctl gives you the answers. Complete audit trails exportable as CSV/JSON for your auditors. Up to 365-day log retention for historical analysis. Policy versioning with rollback so you can prove what rules were in place when. RBAC for admin/operator/auditor roles — least privilege, documented. SIEM webhook integration for your existing security stack. When your enterprise prospect sends that security questionnaire, you'll have real answers instead of "we're working on it." SOC2 Type I certification targeted for October 2026.
Can I migrate my existing OpenClaw instance to Clawctl?
Already running an OpenClaw instance that keeps you up at night? We've got you. Sign up at clawctl.com/checkout and we'll help you migrate your existing deployment. Your agent keeps running with the same workflows, same capabilities, same everything — except now it's actually secured. No rebuild. No downtime. Just peace of mind.
What happens if I cancel my subscription?
We don't hold your data hostage. Your agents are paused (not deleted), and all your data — configs, policies, audit logs — stays intact for 30 days. Changed your mind? Reactivate anytime within the grace period and pick up exactly where you left off. After 30 days, data is permanently deleted per our retention policy. No exit fees. No hidden penalties. No begging emails (okay, maybe one).
Can I run multiple agents?
Absolutely — and each one runs in complete isolation. Starter gives you 1 agent (perfect for your first production deployment). Team gives you 5 agents (for the team building AI-powered products). Business gives you 25 agents (for serious scale). Enterprise? Unlimited. Here's the key: each agent runs in its own isolated container with its own policies, its own secrets, and its own audit trail. One compromised agent can't touch another. Scale without stacking risk.
What LLMs does Clawctl support?
Every LLM OpenClaw supports: Claude, GPT-4, Gemini, Llama, Mistral, and others. You bring your own API keys — we never mark them up or resell tokens. Your keys go into our encrypted vault, get injected at runtime, and never touch disk unencrypted. Switch models anytime. Your bill stays between you and the provider. Clawctl handles the security wrapper; you keep full control of the intelligence layer.
What if my agent tries to do something dangerous?
That's exactly what Clawctl is built for. When your agent attempts a high-risk action — executing a shell command, sending an email, making an HTTP POST to an unapproved domain, accessing a sensitive file — the action is blocked instantly. You get a notification. You review the request with full context (what the agent was trying to do, and why). You approve, deny, or create an auto-approve rule. The action only proceeds with your explicit permission. No surprises. No 4,000-email incidents. No explaining to customers what happened.
How do I know what my agent actually did?
Every prompt. Every tool call. Every response. Every blocked action. Logged, searchable, exportable. When a customer asks "what did the agent do with my data?" — you pull the audit log and show them exactly. When security asks "can you prove the agent didn't access production secrets?" — you export the evidence. When something weird happens and you need to debug — you search the audit trail and find it in seconds. This isn't just observability. It's defensibility.
Why should I pay for this instead of hardening OpenClaw myself?
You absolutely can harden OpenClaw yourself. Here's what that looks like: configure Docker networking to bind only to loopback. Set up a reverse proxy with proper authentication. Create an encrypted secrets management system. Build an approval workflow for dangerous actions. Implement egress filtering. Write audit logging. Keep it all working through OpenClaw updates. Maintain it at 3am when something breaks. We did the math: that's 60+ hours of work for a senior engineer, plus ongoing maintenance. Clawctl does it all in 60 seconds for $49/month. Your call — but we know how we'd rather spend our time.
Is this vendor lock-in?
Zero lock-in. Here's why: Clawctl wraps OpenClaw — we don't replace it. Your agent code stays the same. Your prompts stay the same. Your workflows stay the same. If you leave, you take everything with you and run raw OpenClaw again (just... unsecured). We don't hold your code hostage. We don't own your agent logic. We don't even store your LLM API keys in a way that locks you in — you can revoke them anytime. The only thing you'd lose is the security layer. That's not lock-in. That's value.
What if OpenClaw changes or shuts down?
Fair concern. Here's our take: OpenClaw has 180K+ GitHub stars, millions of weekly users, and serious momentum. It's not going anywhere soon. But if it does change dramatically, Clawctl adapts — we already track OpenClaw releases and validate updates before incorporating them. If OpenClaw pivots hard or forks, we'll support the version that makes sense for production users. And if the unthinkable happens and OpenClaw disappears? The runtime layer we built works with other agents too. Your investment in secure agent operations isn't wasted. We're betting on the category, not just one project.
We're just a startup — do we really need this?
Especially if you're a startup. Here's the math: you're 4 engineers shipping fast. One of you spends a week hardening OpenClaw for production. That's 25% of your engineering capacity gone. Then OpenClaw updates and breaks something — another day. Then your first enterprise prospect asks for a security questionnaire — you can't answer it, deal stalls. We've seen this movie. The startups that deploy agents successfully either hire a security contractor ($10-20K), lose a deal ($50K+ ACV), or have an incident that costs way more. $49/month is rounding error compared to any of those outcomes. Ship now, secured, and keep building your product.
Our security team can handle this internally.
Maybe. But should they? Your security team has a backlog of critical work: IAM policies, vulnerability remediation, compliance audits, incident response. Do they really want to become experts in AI agent security — a field that's evolving weekly? Clawctl is built by people who obsess over agent security full-time. We track every CVE, every new attack vector, every OpenClaw update. When the next prompt injection technique drops, we patch it. Your security team gets to check the box and move on to higher-priority work. We've had security teams recommend Clawctl because it's one less thing they have to own.
We're not in production yet — why pay now?
Because the security habits you build now carry into production. Here's what happens when you wait: you develop locally with bad habits (plaintext keys, no approvals, no audit trail). Then you scramble to add security at the last minute. Things break. The launch slips. Or worse — you ship insecure and fix it later (you won't). Starting with Clawctl means you're production-ready from day one. The audit trail starts building now. The approval workflows are already muscle memory. When you flip the switch to production, nothing changes except the traffic. That's the point.
Can I trust you with my API keys?
Healthy skepticism. Here's exactly what happens: your API keys go into our encrypted vault — AES-256 encryption at rest in PostgreSQL. They're never written to disk unencrypted. At runtime, keys are injected into your container's environment — they exist in memory only. We can't see them. We can't use them. We can't access your LLM accounts. You can rotate or revoke them anytime from your provider's dashboard — Clawctl just stops working until you update them. If you're still uncomfortable, Enterprise plans support customer-managed keys via your own KMS. But honestly? Your keys are safer in our vault than in that .env file on your server.
$49/month feels expensive for a wrapper.
Let's do the math. A senior engineer costs $150-200/hour. Hardening OpenClaw yourself: 60+ hours minimum ($9,000-12,000). Ongoing maintenance: 2-4 hours/month ($300-800/month). Security contractor to audit it: $5,000-15,000. Now the scary part: one leaked API key and someone else is running Claude on your dime — we've seen bills hit $5,000-20,000 before the owner noticed. One rogue agent incident, one failed enterprise audit, one data breach: $10,000-100,000+ in direct and opportunity cost. Or: $49/month. That's $588/year to never think about agent security again. Your API keys stay encrypted. Your agent stays controlled. Your bill stays yours. The question isn't whether Clawctl is expensive. It's whether your time and your API budget are better protected by us or by hope.
What if Clawctl gets hacked?
We take this seriously — it's literally our job. Defense in depth: tenant isolation means a breach of one customer can't reach another. Your secrets are encrypted at rest and in transit. We don't store your LLM API keys in a way we can read them. Our infrastructure runs on Coolify with automatic security updates. We monitor for anomalies 24/7. But let's be real: no system is unhackable. The question is whether you're better off with our security team watching your agent infrastructure, or going it alone with a Docker container and good intentions. We're betting you'd rather have us in the foxhole with you.
Do I have to change how I use OpenClaw?
Nope. Same agent. Same prompts. Same tools. Same everything. Clawctl runs your existing OpenClaw — we just wrap it with security controls. You don't rewrite code. You don't learn a new framework. You don't change your workflow. The only difference: dangerous actions get blocked until you approve them, and everything gets logged. That's it. Your agent works exactly the same, except now it won't burn down your production environment at 2am. We call that an upgrade.
What's stopping me from just being careful?
Nothing. Except... when has "being careful" ever been a security strategy? The exposed OpenClaw instances on Shodan weren't deployed by careless people. They were deployed by busy people who meant to harden things later. The API key leaks weren't from negligence — they were from moving fast. The 4,000-email incident wasn't from incompetence — it was from an LLM doing exactly what it was designed to do, without guardrails. Being careful is necessary. It's not sufficient. Clawctl is the guardrail for when careful isn't enough — which is always, eventually.
Ready to deploy securely?
Get your OpenClaw agent running in 60 seconds with security built in.
Still have questions? Contact support