OpenClaw Hardening Guide

guideintermediate10 min readVerified Mar 8, 2026

Step-by-step guide to hardening your OpenClaw deployment with authentication, network isolation, sandboxing, and audit logging.

openclawsecurityhardeningproductiondocker

OpenClaw Hardening Guide

This guide takes you from a default OpenClaw installation (which is not safe for production) to a hardened deployment. Follow these steps in order -- each one reduces your attack surface.

Step 1: Update to the Latest Version#

Before anything else:

npm update -g openclaw
openclaw --version
# Must be 2026.2.26 or later

Step 2: Enable Authentication#

The single most important step. Authentication is disabled by default.

# Generate a strong token
openclaw config set gateway.token "$(openssl rand -hex 32)"

# Verify authentication is required
openclaw security audit
Warning

Treat your Gateway token with the same security as a Domain Admin password. Do not hardcode it in deployment scripts. Use environment variables or a secrets manager.

## Step 3: Network Isolation

Bind to Localhost#

{
  "gateway": {
    "host": "127.0.0.1",
    "port": 18789
  }
}

Use a VPN for Remote Access#

If you need remote access, use a VPN or SSH tunnel -- never expose port 18789 directly:

# SSH tunnel example
ssh -L 18789:localhost:18789 your-server

Firewall Rules#

# Block external access to the Gateway port
sudo ufw deny 18789
# or
sudo iptables -A INPUT -p tcp --dport 18789 -j DROP

Step 4: Run as Non-Root#

Never run OpenClaw as root:

# Create a dedicated user
sudo useradd -r -s /bin/bash -m openclaw
sudo su - openclaw

# Install and configure as this user
npm install -g openclaw@latest
openclaw onboard

File Permissions#

Lock down the OpenClaw state directory:

chmod 700 ~/.openclaw
chmod 600 ~/.openclaw/openclaw.json

Step 5: Docker Hardening#

If running in Docker, apply these restrictions:

docker run -d \
  --name openclaw \
  --restart unless-stopped \
  --user 1000:1000 \
  --read-only \
  --tmpfs /tmp \
  --cap-drop ALL \
  --security-opt no-new-privileges \
  --network none \
  -v openclaw-data:/home/openclaw/.openclaw \
  openclaw/openclaw:latest

Key flags explained:

  • --user 1000:1000 -- Run as non-root
  • --read-only -- Filesystem is read-only except for mounted volumes
  • --cap-drop ALL -- Remove all Linux capabilities
  • --security-opt no-new-privileges -- Prevent privilege escalation
  • --network none -- No network access (add specific network access as needed)
Info

If your agent needs internet access (for LLM APIs, web browsing, etc.), replace --network none with specific network policies. The principle is to restrict, then selectively allow.

## Step 6: Enable Sandboxing

Always enable sandbox mode for tool execution:

{
  "sandbox": {
    "enabled": true,
    "disableNetworkAccess": true
  }
}

Running without sandboxing allows commands to execute with fewer restrictions. Malicious or compromised prompts could access your system or network.

Step 7: Minimize Tool Access#

Only enable the MCP tools OpenClaw actually needs:

{
  "tools": {
    "enabled": ["web-browser", "gmail-reader", "calendar"],
    "disabled": ["shell", "file-editor", "python-exec"]
  }
}

Every enabled tool is a capability that could be abused. Remove unnecessary tools to reduce the attack surface. Review permissions regularly as your setup evolves.

Step 8: Secrets Management#

Never store secrets in plain text in the config file. Use environment variables at minimum:

{
  "models": {
    "providers": {
      "anthropic": {
        "apiKey": "$ANTHROPIC_API_KEY"
      }
    }
  }
}

For production deployments, use a proper secrets manager like HashiCorp Vault or AWS Secrets Manager. Any secret that has touched a context window should be treated as potentially compromised.

Step 9: Lock Down DM Policies#

{
  "dmPolicy": "pairing",
  "groupPolicy": "mention-only"
}
  • pairing -- Unknown contacts must confirm with a one-time code
  • Never use open -- it lets anyone message the bot

Step 10: Enable Audit Logging#

{
  "logging": {
    "level": "info",
    "auditLog": true,
    "logDirectory": "/var/log/openclaw"
  }
}

Without logging, security incidents are invisible. Track what OpenClaw executes, when it runs, and who triggered it.

Step 11: Run Security Audits Regularly#

# Check system health
openclaw doctor

# Security-specific audit
openclaw security audit

# Auto-fix common issues
openclaw security audit --fix

Run these after every config change, skill installation, or version update.

Production Checklist#

Before going live, verify:

  • [ ] Version 2026.2.26 or later
  • [ ] Gateway token set (strong, random, 32+ characters)
  • [ ] Bound to localhost or behind VPN
  • [ ] Running as non-root user
  • [ ] File permissions 700 on ~/.openclaw
  • [ ] Sandbox mode enabled
  • [ ] Unnecessary tools disabled
  • [ ] Secrets in environment variables (not config files)
  • [ ] DM policy set to pairing
  • [ ] Audit logging enabled
  • [ ] Firewall rules blocking port 18789 externally
  • [ ] openclaw security audit passes with no critical findings

Next Steps#

PreviousMessaging Platform SetupNextLLM Provider Comparison