Official Docs N/A

Official Security Documentation

Comprehensive official security documentation covering OpenClaw's threat model, access control, authentication modes, sandboxing, DM pairing policies, tool permissions, and incident response. Details the security audit command, credential storage locations, and hardening best practices.

Details

Author / Organization OpenClaw Team

Type Official Docs

Severity N/A

Fix Available No

Recommendations Use DM pairing codes. Run in Docker. Bind to 127.0.0.1. Use Tailscale VPN

Key Findings

Official security model: Open mode (default, not recommended), DM pairing (recommended), Network isolation. Docker sandbox config, tool permissions

#Official #Documentation #Best Practices #Configuration #hardening

Related Resources

21,639 Exposed OpenClaw Instances Found

Censys security scan identified 21,639 OpenClaw instances exposed to public internet without authentication. Over 30% running on Alibaba Cloud. Represents massive attack surface with private messages, API keys, and OAuth credentials accessible. 21x growth in under one week demonstrates rapid adoption and exposure.

What Security Teams Need to Know About OpenClaw

Enterprise security assessment with detection guidance. Covers visibility via Falcon platform, discovery of OpenClaw deployments, removal workflows, prompt injection threats, and runtime protection with Falcon AIDR. Demonstrates blocking prompt injection attacks and provides enterprise-scale detection/response capabilities.

OpenClaw Vulnerability Notification

Academic institution advisory warning students and staff about OpenClaw security risks. Covers CVE-2026-25253 RCE vulnerability, discovery timeline, impact assessment, and recommendations for academic environments. Emphasizes need for automatic downloads disabled and package review before application.