guide

How to Secure Your OpenClaw Deployment

Learn how to secure your OpenClaw deployment with authentication, access controls, sandboxing, and monitoring. Protect your AI agents from prompt injection and unauthorized access.

OpenClaw agents can execute shell commands, read files, and access network services. This guide covers essential security configurations to protect your deployment from unauthorized access and prompt injection attacks.

⚠️Never expose an unauthenticated OpenClaw gateway on 0.0.0.0. Always use token authentication and proper access controls.

Step 1: Run a Security Audit

Start by running OpenClaw's built-in security audit to identify vulnerabilities:

bash
# Standard audit
openclaw security audit

# Deep audit with live probing
openclaw security audit --deep

# Auto-fix common issues
openclaw security audit --fix

Step 2: Configure Gateway Authentication

Always require authentication for gateway access. Generate a strong random token:

json
{
  "gateway": {
    "mode": "local",
    "bind": "loopback",
    "port": 18789,
    "auth": {
      "mode": "token",
      "token": "your-long-random-token-here"
    }
  }
}

Step 3: Lock Down Channel Access

Use 'pairing' or 'allowlist' mode for DM access. Never use 'open' unless building a public bot:

json
{
  "channels": {
    "whatsapp": {
      "dmPolicy": "pairing",
      "groups": {
        "*": { "requireMention": true }
      }
    },
    "telegram": {
      "dmPolicy": "allowlist",
      "allowFrom": ["123456789", "987654321"]
    }
  }
}

Step 4: Enable Sandboxing

Run agent code in Docker containers to isolate from your host system:

json
{
  "agents": {
    "defaults": {
      "sandbox": {
        "mode": "all",
        "scope": "agent",
        "workspaceAccess": "ro"
      }
    }
  }
}

Sandbox scope options:

1

agent

Each agent gets its own container. Recommended for most deployments.

2

session

Each conversation session gets a fresh container. Maximum isolation.

3

shared

Single container for all agents. Use only for trusted environments.

Step 5: Restrict Tools

Limit which tools your agents can use. Disable dangerous tools for untrusted inputs:

json
{
  "tools": {
    "deny": [
      "web_search",
      "web_fetch",
      "browser"
    ],
    "elevated": {
      "allowFrom": []
    }
  }
}

Step 6: Enable Logging Redaction

Prevent sensitive data from appearing in logs:

json
{
  "logging": {
    "redactSensitive": "tools",
    "redactPatterns": [
      "Bearer [a-zA-Z0-9-._]+",
      "sk-[a-zA-Z0-9]+",
      "password=\\S+"
    ]
  }
}

Step 7: Choose Secure Models

Larger, newer models are more resistant to prompt injection. Anthropic Claude Opus 4.5 is recommended for tool-enabled bots.

⚠️Avoid using smaller models (Sonnet, Haiku) for tool-enabled agents or untrusted inboxes. They're more susceptible to prompt injection attacks.

Complete Secure Configuration

json
{
  "gateway": {
    "mode": "local",
    "bind": "loopback",
    "port": 18789,
    "auth": {
      "mode": "token",
      "token": "your-secure-token"
    }
  },
  "channels": {
    "whatsapp": {
      "dmPolicy": "pairing",
      "groups": { "*": { "requireMention": true } }
    },
    "telegram": {
      "dmPolicy": "pairing",
      "groups": { "*": { "requireMention": true } }
    }
  },
  "agents": {
    "defaults": {
      "sandbox": { "mode": "all", "scope": "agent" },
      "model": { "primary": "anthropic/claude-opus-4-5" }
    }
  },
  "tools": {
    "deny": ["browser"],
    "elevated": { "allowFrom": [] }
  },
  "logging": {
    "redactSensitive": "tools"
  }
}

Enterprise security, zero configuration

clawd.new deploys OpenClaw with VPC isolation, automatic security updates, and enterprise-grade protection.

Deploy Securely →

Related Articles

guide

How to Install OpenClaw

faq

What is OpenClaw?

faq

Is OpenClaw Free?

OpenClaw Security Best Practices - Complete Guide (2025) | clawd.new