1. Home
  2. Safe Deployment Guide
Security Protocol v1.4.2 — 100% COMPLETE

OpenClaw Safe Deployment Guide

The definitive security manual for protecting your machine, network, and data while running autonomous AI agents.

TL;DR: Never expose port 18789 to the internet. Use strong auth. Run in Docker sandbox. Keep API keys in environment variables.

01. Understanding the Risks Before You Start

Critical Warning

OpenClaw is Dangerous by Default. It represents a fundamental shift from passive AI assistants to autonomous agents with independent action capabilities. This creates security challenges that most users fail to appreciate until compromise occurs.

The Lethal Trifecta

  • Comprehensive Data Access: Full filesystem access, browser control, and messaging integration.
  • Continuous External Input: Processes emails, documents, and web content without filtering.
  • Unrestricted Action: Autonomous shell command execution with user privileges.

Critical Vulnerabilities

  • Plaintext Credentials: API keys often stored unencrypted in JSON files at ~/.openclaw/credentials/.
  • Prompt Injection: Malicious instructions in emails can override safety controls.
  • Exposed Gateway: 1,800+ public gateways found on Shodan, 62% without authentication.

The "Grandpa Test" (What to protect): Personal documents, photos, financial records, API keys (Cloud, email, etc), internal network access, and the physical device itself.

02. Quick Safety Checklist (Non-Negotiable)

1. Localhost-only Gateway

Config: gateway.host: 127.0.0.1. Verify with netstat -tlnp | grep 18789. Failure leads to remote unauthorized access.

2. Token Authentication

Config: gateway.auth.token: <48+ char random>. Verify with openclaw doctor. Prevents admin compromise.

3. Weekly Audits

Command: openclaw security audit --deep. Detects silent misconfigurations and privilege escalation paths.

4. Sandbox Mode

Config: sandbox: all. Options: all or non-main. Isolates malicious code execution from the host.

03. Local Machine Deployment

Warning

Deployment on your primary personal machine is NOT recommended for production use. It is essentially giving a junior developer with a drinking problem root access to your digital life.

Windows (WSL2 Required)

Native Windows is unsupported. Use WSL2 or Docker Desktop. Configure .wslconfig to limit CPU/RAM. Block port 18789 inbound via PowerShell firewall rules.

macOS Setup

Docker Desktop (LinuxKit) is preferred over Homebrew for better isolation. FileVault is mandatory for full-disk encryption. Use the macOS Keychain for API key storage where possible.

Linux Setup

Docker provides the strongest kernel-level isolation. Use UFW to explicitly deny port 18789. Ensure AppArmor or SELinux default profiles are active.

Universal Local Practices: Hardware isolation (dedicated Pi 4 or old laptop), Network lockdown (disable mDNS), and the 3-2-1 Backup rule (3 copies, 2 media, 1 offsite).

04. VPS/Cloud Hardening (Recommended)

Provides the best balance of security and isolation from your personal data.

Ubuntu Server Hardening

1. Create Non-Root User

sudo adduser openclaw-admin
sudo usermod -aG sudo openclaw-admin
sudo adduser --system --group --disabled-login openclaw
sudo sed -i 's/^#*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config

2. Key-only SSH & UFW Firewall

# UFW Configuration
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow from <your-ip> to any port 2222 # Custom SSH port
sudo ufw deny 18789/tcp
sudo ufw enable

Docker Security Implementation

docker run -d \
--name openclaw \
--user 1000:1000 \
--cap-drop ALL \
--cap-add CHOWN --cap-add SETGID --cap-add SETUID \
--network none \
--read-only \
--tmpfs /tmp:rw,noexec,nosuid,size=100m \
--memory 512m --cpus 1.0 \
--security-opt no-new-privileges:true \
-v /opt/openclaw/config:/config:ro \
openclaw/gateway:latest

05. Private Server Deployment (Maximum)

  • Physical Security: Locked racks, TPM 2.0, Secure Boot, BIOS password, disabled USB ports.
  • Disk Encryption: LUKS encrypted root + TPM sealing for unattended boot.
  • Auditd Logging: 
    -w /opt/openclaw/ -p wa -k openclaw-mod
-a always,exit -F arch=b64 -S execve

06. Application Security (Configs & Scripts)

Config Hardening

  • Set mdns.enabled: false to prevent information leakage on your network.
  • Use environment variables: token: "${GATEWAY_TOKEN}".
  • Set strict file permissions: chmod 600 ~/.openclaw/config/*.json.

Prompt Injection Defense

  • Sanitization: Strip HTML and limit character counts in inputs.
  • Context Isolation: Separate trusted system prompts from untrusted user/web data.
  • Human-in-the-loop: Always require explicit confirmation for destructive operations (delete, mass mail, etc).

07. Monitoring & Incident Response

Alert Thresholds

  • CPU: >80% sustained (crypto-mining check).
  • Auth Failures: >3 attempts (Immediate IP block).
  • Network Bursts: >100 MB/hour.
  • File Integrity: ANY change to config files.

Incident Response Playbook

  1. Isolation: Stop the service and disconnect network immediately.
  2. Evidence: Snapshot disks and export logs.
  3. Rotation: Revoke and regenerate ALL API keys from all providers.
  4. Recovery: Clean install from verified backups.

08. Maintenance & Recovery

Follow the 3-2-1 Rule: 3 copies of data, at least 2 different media types, and 1 copy offsite.

  • Config Backups: Use GPG or age to encrypt archives before cloud storage.
  • Compromise Recovery: Assume all secrets are exposed. Start with a clean server and fresh OS. Verify data integrity with sha256sum.

09. Command Cheat Sheet

Ubuntu Security

sudo ufw status verbose
sudo fail2ban-client status
sudo aa-status # AppArmor

Docker Security

docker inspect --format='{{.HostConfig.SecurityOpt}}' [container]
docker inspect --format='{{.HostConfig.CapDrop}}' [container]

OpenClaw Specialized Commands

openclaw doctor              # Health check
openclaw security audit      # Standard audit
openclaw security audit --deep # Deep analysis
openclaw security audit --fix  # Auto-fix issues
openclaw config validate     # Syntax check