OpenClaw Security
Architecture, privacy model, and responsible disclosure. Written for IT teams evaluating OpenClaw — not marketing fluff.
OpenClaw runs on your infrastructure. Your data never leaves your network. API keys are stored locally. The code is open source and auditable. No telemetry. The main risks are the same as any tool with API key access to your accounts — scope your keys, restrict access, and only install trusted skills.
The Security Model
Security by architecture, not by policy.
OpenClaw runs on hardware you control. Your Mac Mini, VPS, or Docker container. No dependency on our servers for core functionality.
Conversations, files, and context are stored locally in ~/clawd by default. Nothing is sent to getopenclaw.ai servers.
Your Anthropic, OpenAI, or Gemini API keys are stored in ~/.openclaw on your machine. They are never transmitted to us.
The entire codebase is public at github.com/openclaw/openclaw. Security teams can review what the code actually does.
OpenClaw does not phone home. There is no usage analytics, error reporting, or telemetry sent to any third party.
The execution sandbox limits what code can run and what system resources it can access.
Known Security Considerations
Honest list of what to watch for. Being transparent here builds more trust than pretending the risks don't exist.
External content (emails, web pages) processed by OpenClaw could include instructions designed to manipulate the AI's behavior. Mitigation: review what skills you install, avoid processing untrusted content with elevated permissions.
If your machine is compromised, API keys in ~/.openclaw could be accessed. Mitigation: use scoped API keys with spend limits, rotate regularly, consider running on an isolated machine.
Skills run with your user's system permissions. Only install skills from trusted sources. Review skill code before installing.
Anyone who can message your bot on Telegram or WhatsApp can interact with it. Configure allowlists to restrict access to your user IDs only.
When you use Claude, GPT, or Gemini, your prompts are sent to those providers and subject to their privacy policies. For maximum privacy, use a local model via Ollama.
Credential Security
API keys are stored in ~/.openclaw/openclaw.json on your local machine. File permissions follow your OS defaults — you should verify these are restricted to your user.
For enterprise deployments, consider running OpenClaw under a dedicated service account with restricted file system access. API keys should use the minimum scope required — most integrations only need read access to function.
Rotate API keys periodically. If you suspect a compromise, immediately revoke the key in your AI provider's dashboard and generate a new one.
Vulnerability Disclosure
If you find a security vulnerability in OpenClaw, please report it responsibly before public disclosure.
security@getopenclaw.ai
48-hour acknowledgment
We do not currently have a bug bounty program. We commit to: acknowledging reports within 48 hours, keeping you informed during the fix process, and crediting you in the disclosure if you want that.
Security FAQ
Does OpenClaw send my data to Anthropic or OpenAI?
When you use Claude or GPT as your AI provider, your prompts are sent to Anthropic or OpenAI's API (same as using their services directly). OpenClaw itself does not receive your conversations. For maximum privacy, use a local model via Ollama — your data never leaves your machine.
Can I audit the source code?
Yes. The full codebase is at github.com/openclaw/openclaw. It's open source under an MIT-compatible license. Security researchers can review, fork, and audit freely.
Is OpenClaw SOC 2 certified?
No. Since OpenClaw runs on your own infrastructure, SOC 2 compliance is your responsibility as the operator. The self-hosted model means you control the environment, so you can meet your own compliance requirements.
How do I restrict who can access my OpenClaw instance?
In your OpenClaw config, set allowFrom to a list of specific user IDs for your messaging channels. This ensures only you (and approved users) can interact with the assistant. See the configuration guide for details.
Does OpenClaw have a CVE database entry?
Publicly disclosed CVEs are tracked at github.com/openclaw/openclaw/security/advisories. If you've found a vulnerability, use the responsible disclosure process below rather than public disclosure.
What happens to my data if I uninstall?
Uninstalling the npm package does not delete your data. Your workspace (~clawd) and config (~/.openclaw) remain on disk until you explicitly remove them. See the uninstall guide for full cleanup steps.
Need help with enterprise deployment?
Talk to a Consultant