Production-ready security with approval gates, egress filtering, and audit logging. The Clawctl default.
Deploy in 5 minThis is what your OpenClaw config looks like. Deploy it on Clawctl in 5 min.
# Clawctl Security Profile — Standard (Default)
# Good for: production, small teams, most use cases
{
"security": {
"level": "standard",
"auth": true,
"twoFactor": true,
"approvals": {
"enabled": true,
"blocked_actions": 70
},
"egress": {
"filter": true,
"allowed_domains": ["api.anthropic.com", "api.openai.com"]
},
"audit": { "retention_days": 90 },
"secrets": { "encryption": "aes-256" }
}
}70+ risky actions blocked by default
Network egress filtering
Encrypted API key storage
Full audit trail with search
2FA enabled
Production deployments
Small to medium teams
Most business use cases
Any deployment touching real data
Enhanced security with strict egress filtering and additional approval gates for sensitive operations.
Yes. Every Clawctl deployment starts with standard security. No configuration needed.
Shell execution, file deletion, network POST/PUT/DELETE, credential operations, browser automation, database drops, financial transactions, and more.
Yes. Add or remove blocked actions, adjust egress rules, and configure approval workflows.
5 min to deploy. $49/month. Full security included. No DevOps required.
Get Started with ClawctlMinimal Security Profile
Basic security for development and testing. Relaxed restrictions, full tool access, minimal approval gates.
Enterprise SOC 2 Profile
Enterprise security with SIEM export, 365-day retention, RBAC, and SOC 2 compliance evidence.
HIPAA-Compliant Profile
Security profile for healthcare organizations handling protected health information (PHI).