OpenClaw Codex

Playbook

Security Hardening Guide

OpenClaw runs shell commands, controls browsers, and manages API keys. That power requires careful security. This playbook covers the essential steps to lock down a production gateway — from secrets management to skill vetting.

⚠️ Why This Matters

In early 2026, multiple security incidents were reported in the OpenClaw ecosystem:

  • One-click remote code execution flaws (CVE-2026-25253)
  • Plaintext credential storage in default configs
  • Malicious skills on ClawHub marketplace
  • API key leakage via agent logs and error messages

These are not theoretical risks. Hardening your gateway is not optional.

1. Secrets Management

Never store keys in shell history or service files

bash Dedicated secrets file with restricted permissions 
# Create secrets file
cat > ~/.config/openclaw/secrets.env << 'EOF'
OPENAI_API_KEY=sk-your-key-here
ANTHROPIC_API_KEY=sk-ant-your-key-here
EOF

# Lock down permissions (owner read-only)
chmod 600 ~/.config/openclaw/secrets.env

# Reference in systemd (NOT inline)
# EnvironmentFile=%h/.config/openclaw/secrets.env

Checklist

  • ☐ All API keys in a single secrets.env file, never in CLI args
  • ☐ File permissions set to 600 (owner read/write only)
  • secrets.env added to .gitignore
  • ☐ No keys in ~/.bash_history — use HISTCONTROL=ignorespace

2. File System Permissions

Restrict access to OpenClaw's data directories.

bash 
# Lock down OpenClaw data directory
chmod 700 ~/.openclaw
chmod 700 ~/.openclaw/extensions
chmod 600 ~/.openclaw/openclaw.json

# Lock down session data (contains conversation history)
find ~/.openclaw/sessions -type f -exec chmod 600 {} \;
find ~/.openclaw/sessions -type d -exec chmod 700 {} \;

3. Skill & Plugin Vetting

Community skills can execute arbitrary code. Treat every skill install like running an untrusted script.

Before installing any skill:

  • ☐ Read the source code — especially SKILL.md and any scripts/ directory
  • ☐ Check if it runs shell commands (exec, spawn, child_process)
  • ☐ Check if it makes network requests to external endpoints
  • ☐ Check if it accesses process.env (could leak your API keys)
  • ☐ Verify the author's reputation on GitHub / Discord
  • ☐ Prefer skills with recent commits and multiple contributors

Red flags:

  • 🚩 Obfuscated or minified code in a skill
  • 🚩 Skills that request broad file system access
  • 🚩 Skills that disable security features or override configs
  • 🚩 Newly created repos with no history or community engagement

4. Network Isolation

Don't expose the gateway port directly to the internet.

bash UFW firewall rules 
# Allow SSH only
ufw allow ssh

# Allow HTTP/HTTPS (for Nginx reverse proxy or Cloudflare)
ufw allow 80/tcp
ufw allow 443/tcp

# Do NOT open the gateway port (18789) to the internet
# ufw allow 18789/tcp  ← NEVER DO THIS

# Enable firewall
ufw enable
ufw status

Recommended architecture:

  • Option A: Cloudflare Tunnel (see Deploy recipe) — no open ports at all
  • Option B: Nginx reverse proxy on localhost with HTTPS + rate limiting
  • Never: Expose port 18789 directly to 0.0.0.0

5. Logging & Monitoring

Know what your agent is doing. Monitor for anomalies.

bash Useful log queries 
# Watch live logs
journalctl --user -u openclaw-gateway -f

# Search for errors
journalctl --user -u openclaw-gateway --since "1 hour ago" | grep -i error

# Check for shell command execution
journalctl --user -u openclaw-gateway --since today | grep -i "exec\|spawn\|shell"

# Check for failed authentication
journalctl --user -u openclaw-gateway --since today | grep -i "401\|403\|unauthorized"

What to watch for:

  • Unexpected exec or spawn calls (agent running commands you didn't expect)
  • External HTTP requests to unknown domains
  • Unusual API key usage patterns (high token burn)
  • Authentication failures from unknown IPs

6. Stay Updated

  • Subscribe to the OpenClaw releases RSS for security patches
  • Check the Changelog on this site for breaking changes
  • Join the OpenClaw Discord #security channel
  • Run npm audit periodically in your OpenClaw install directory
bash Safe update procedure 
# 1. Check current version
openclaw --version

# 2. Back up config
cp -r ~/.openclaw ~/.openclaw.bak.$(date +%Y%m%d)

# 3. Update
npm update -g openclaw

# 4. Restart
systemctl --user restart openclaw-gateway

# 5. Verify
systemctl --user status openclaw-gateway
curl -s http://127.0.0.1:18789/status

TL;DR Checklist

  • ☐ API keys in secrets.env with chmod 600
  • ~/.openclaw locked to 700
  • ☐ Gateway port NOT exposed to internet
  • ☐ Cloudflare Tunnel or Nginx reverse proxy for public access
  • ☐ Every skill/plugin source-reviewed before install
  • ☐ Firewall enabled (UFW or iptables)
  • ☐ Logs monitored for anomalies
  • ☐ Regular updates with backup-first strategy

Related