skills for everythingsecurity-hardening
Harden OpenClaw security configuration. Use when: (1) Setting up security for new OpenClaw installation, (2) Configuring exec approvals and allowlists, (3) Securing gateway access, (4) Setting up tool policies, (5) User asks about OpenClaw security or hardening.
SKILL.md
| Name | security-hardening |
| Description | Harden OpenClaw security configuration. Use when: (1) Setting up security for new OpenClaw installation, (2) Configuring exec approvals and allowlists, (3) Securing gateway access, (4) Setting up tool policies, (5) User asks about OpenClaw security or hardening. |
name: security-hardening description: Harden OpenClaw security configuration. Use when: (1) Setting up security for new OpenClaw installation, (2) Configuring exec approvals and allowlists, (3) Securing gateway access, (4) Setting up tool policies, (5) User asks about OpenClaw security or hardening.
OpenClaw Security Hardening Skill
This skill provides a comprehensive guide for securing your OpenClaw installation.
Security Checklist
| Area | Configuration | Status |
|---|---|---|
| 🌐 Gateway | Bind to loopback | Required |
| 🔑 Auth | Token/password authentication | Required |
| 📱 Channels | Allowlist policy | Recommended |
| ⚡ Exec | Allowlist + approvals | Recommended |
| 🛡️ Elevated | Allowlist only | Recommended |
| 🧰 Tools | Deny dangerous tools | Optional |
1. Gateway Security
Bind to Loopback (Required)
Never expose the gateway to public networks without authentication.
{
"gateway": {
"mode": "local",
"bind": "loopback", // Only localhost access
"port": 18789,
"auth": {
"mode": "token",
"token": "<strong-random-token>"
}
}
}
Generate a strong token:
openssl rand -hex 24
Remote Access (If needed)
For remote access, use Tailscale instead of exposing the gateway:
{
"gateway": {
"tailscale": {
"mode": "serve" // or "funnel" for public access
}
}
}
2. Channel Security
Allowlist Policy (Recommended)
Restrict who can interact with your agent:
{
"channels": {
"telegram": {
"dmPolicy": "allowlist",
"allowFrom": [123456789], // Your Telegram user ID
"groupPolicy": "allowlist",
"allowGroups": [] // Specific group IDs
},
"whatsapp": {
"dmPolicy": "allowlist",
"allowFrom": ["+1234567890"]
}
}
}
3. Exec Approvals
Configure Exec Approvals File
Create ~/.openclaw/exec-approvals.json:
{
"version": 1,
"defaults": {
"security": "allowlist",
"ask": "on-miss",
"askFallback": "deny",
"autoAllowSkills": true
},
"agents": {
"main": {
"security": "allowlist",
"ask": "on-miss",
"askFallback": "deny",
"autoAllowSkills": true,
"allowlist": [
{ "pattern": "/opt/homebrew/bin/*" },
{ "pattern": "/usr/bin/*" },
{ "pattern": "/bin/*" },
{ "pattern": "/usr/local/bin/*" }
]
}
}
}
Security Modes
| Mode | Description |
|---|---|
deny | Block all exec requests |
allowlist | Allow only allowlisted commands |
full | Allow everything (dangerous!) |
Ask Modes
| Mode | Description |
|---|---|
off | Never prompt |
on-miss | Prompt when not in allowlist |
always | Always prompt |
4. Tool Policies
Exec Tool Configuration
{
"tools": {
"exec": {
"host": "sandbox", // Default to sandbox
"security": "allowlist", // Require allowlist
"ask": "on-miss", // Prompt for unknown commands
"safeBins": ["jq", "grep", "cat", "echo"] // Safe stdin-only tools
}
}
}
Elevated Access Control
Only allow elevated access from specific users:
{
"tools": {
"elevated": {
"enabled": true,
"allowFrom": {
"telegram": ["123456789"],
"whatsapp": ["+1234567890"]
}
}
}
}
Deny Dangerous Tools
For high-security environments, deny certain tools:
{
"agents": {
"defaults": {
"tools": {
"deny": ["gateway", "browser"]
}
}
}
}
5. Approval Forwarding
Forward exec approval requests to your chat channel:
{
"approvals": {
"exec": {
"enabled": true,
"mode": "both",
"targets": [
{ "channel": "telegram", "to": "123456789" }
]
}
}
}
Approve via chat:
/approve <id> allow-once
/approve <id> allow-always
/approve <id> deny
6. Verification
Run Security Audit
openclaw security audit --deep
Check Configuration
openclaw doctor --non-interactive
Expected Output
- 0 critical issues
- No channel security warnings
Quick Setup Script
Run the included setup script:
./scripts/harden.sh
Common Issues
"Permission denied" errors
Your exec allowlist may be too restrictive. Add the needed binary paths.
Can't run commands
Check if security is set to deny. Change to allowlist.
Approval timeout
If no UI is available, requests will time out. Set askFallback appropriately.
Security Best Practices
- Principle of least privilege - Only allow what's needed
- Regular audits - Run
openclaw security auditperiodically - Monitor logs - Check
~/.openclaw/logs/for suspicious activity - Keep updated - Run
openclaw updateregularly - Backup config - Keep your
openclaw.jsonbacked up