If you're considering using OpenClaw as your AI assistant framework, one of the first questions you might ask is: is it safe?
The short answer is yes — OpenClaw is open-source and self-hostable, which means you have full control over your data and infrastructure. But like any software, security depends on how you set it up. This guide covers everything you need to know.
What Makes OpenClaw Secure
OpenClaw has several inherent security advantages over closed-source AI platforms:
- Open-source code: The entire codebase is publicly auditable. Anyone can inspect it for vulnerabilities, backdoors, or privacy concerns. No black boxes.
- Self-hostable: You can run OpenClaw on your own server. Your data stays on your infrastructure — it's never sent to OpenClaw's servers (because there aren't any central servers).
- No telemetry or tracking: OpenClaw doesn't phone home. There's no usage tracking, analytics, or data collection built into the software.
- Encrypted communications: All API calls to model providers use HTTPS/TLS encryption in transit.
- Active community: As an open-source project, security issues are found and patched quickly by the community.
Common Security Risks and How to Avoid Them
While OpenClaw itself is secure, misconfigurations can introduce vulnerabilities. Here are the most common risks and how to avoid them:
1. Exposed API Keys
Your AI model API keys (OpenRouter, OpenAI, etc.) are valuable credentials. If exposed, someone could run up charges on your account.
- Never commit API keys to git repositories
- Use environment variables or a secure
.envfile - Set spending limits on your API provider accounts
- Rotate keys immediately if you suspect they've been exposed
2. Open Gateway Without Auth
The OpenClaw gateway is the entry point for all requests. Running it without authentication means anyone with the URL can use your AI agent and consume your API credits.
- Always configure a gateway auth token:
"gateway": { "auth": { "token": "your-secret-token" } } - Use a long, random token (UUID or 32+ character string)
- Never use
"auth": "none"in production
3. Weak DM Policy on Telegram
Telegram bots are publicly searchable. If you set dmPolicy: "open" on Telegram, anyone on the internet can find and use your bot.
- Always use
"dmPolicy": "pairing"for Telegram — this requires users to pair through your web gateway first - For Discord,
"open"is safe because Discord bots are invite-only (users must already be in your server)
4. Unpatched Versions
Running outdated versions of OpenClaw means you're missing security patches and bug fixes.
- Keep OpenClaw updated to the latest stable release
- Watch the GitHub repository for security advisories
- Use the
:latestDocker tag and pull regularly
5. Malicious Skills
OpenClaw skills can execute code and access external services. Installing skills from untrusted sources is a risk.
- Only install skills from ClawHub (the official skill marketplace) or trusted developers
- Review skill source code before installing
- Be cautious of skills that request broad permissions
6. Insecure Docker Configuration
If you self-host with Docker, a misconfigured container can expose your host system.
- Set resource limits (
--memory=2g --memory-swap=3g) to prevent resource exhaustion - Don't run containers as root — OpenClaw runs as the
nodeuser by default - Don't expose unnecessary ports to the public internet
- Use Docker's built-in network isolation
OpenClaw Launch vs Self-Hosting: Security Comparison
How does the security picture differ between using OpenClaw Launch (managed) and self-hosting?
| Security Feature | OpenClaw Launch (Managed) | Self-Hosted |
|---|---|---|
| Container isolation | Each user gets an isolated container | You must configure isolation yourself |
| Gateway auth | Pre-configured with random token | You must set it up manually |
| Software updates | Managed — always up to date | You must update manually |
| Backups | Daily automated backups | You must configure your own |
| DDoS protection | Cloudflare protection included | You must set up your own |
| Resource limits | Pre-configured per plan | You must set limits yourself |
| SSL/TLS | Auto-HTTPS via Caddy | You must configure certificates |
| Server hardening | Managed by our team | Your responsibility |
Data Privacy
Understanding where your data goes is critical for security-conscious users:
- Your conversations stay on your server (or your OpenClaw Launch container). OpenClaw does not send conversation data to any central service.
- AI model providers (OpenRouter, OpenAI, Google, etc.) process your prompts to generate responses. Check each provider's data policy. Most do not use API data for training.
- BYOK (Bring Your Own Key) means you control the API relationship directly with the provider — OpenClaw Launch never sees or stores your API keys.
- No analytics or tracking is built into OpenClaw itself. What you say to your AI stays between you and your chosen model provider.
Security Best Practices Checklist
Follow this checklist to keep your OpenClaw deployment secure:
- Always use gateway authentication — set a strong, random auth token
- Use
dmPolicy: "pairing"for Telegram — never"open" - Never commit API keys to git — use environment variables
- Set spending limits on your AI model provider accounts
- Keep OpenClaw updated — pull the latest Docker image regularly
- Only install trusted skills — review source code before installing
- Use resource limits on Docker containers
- Enable HTTPS — use a reverse proxy like Caddy or Nginx with TLS
- Use strong passwords for any web-facing accounts
- Monitor logs for unusual activity or unexpected API usage
Let OpenClaw Launch Handle Security for You
If you don't want to worry about server hardening, container isolation, auth configuration, and software updates — OpenClaw Launch handles all of it.
Every instance runs in an isolated Docker container with pre-configured gateway auth, daily backups, Cloudflare DDoS protection, and auto-HTTPS. Security is managed so you can focus on building your AI assistant.
Learn more about our security practices or get started from $3/month.