OpenClaw is powerful. That power comes with responsibility.
I've seen too many people deploy OpenClaw with default settings and wonder why their agent leaked API keys or ran destructive commands. Here's the security checklist I use for every deployment.
Before Installation
1. Dedicated User Account
Never run OpenClaw as root.
sudo useradd -m -s /bin/bash openclaw
sudo su - openclaw
2. Firewall Rules
Only open what you need.
sudo ufw default deny incoming
sudo ufw allow ssh
sudo ufw enable
3. SSH Key Authentication
Disable password login.
# In /etc/ssh/sshd_config
PasswordAuthentication no
PubkeyAuthentication yes
SOUL.md Security
4. Hard Boundaries
Every SOUL.md needs these:
## Security Boundaries
- NEVER execute rm -rf, DROP TABLE, or other destructive commands without explicit confirmation
- NEVER include real API keys, tokens, passwords, or PII in output
- NEVER commit directly to main/master branch
- NEVER modify files outside the project directory
- NEVER run commands with sudo unless explicitly approved
- NEVER access or transmit personal data without consent
5. Tool Restrictions
Limit what tools the agent can use:
## Allowed Tools
- File read/write within project directory only
- Web search for research
- Git operations (feature branches only)
## Blocked
- System administration commands
- Network configuration changes
- Package installation without approval
6. Output Sanitization
## Output Rules
- Replace real emails with [email]
- Replace real names with [name]
- Replace API keys with [API_KEY]
- Never log sensitive data to memory files
Runtime Security
7. API Key Management
Use environment variables, never hardcode:
export ANTHROPIC_API_KEY=sk-ant-...
8. Rate Limiting
Set spending limits on your API provider dashboard. Claude lets you set monthly caps.
9. Regular Updates
npm update -g openclaw
10. Log Monitoring
Check what your agent is doing:
tail -f ~/.openclaw/agents/*/sessions/*.jsonl
11. Backup Strategy
# Daily backup of agent memory and config
tar -czf openclaw-backup-$(date +%Y%m%d).tar.gz ~/.openclaw/
12. Network Isolation
If your agent doesn't need internet access for its tasks, restrict it:
# Only allow specific domains
sudo iptables -A OUTPUT -d api.anthropic.com -j ACCEPT
sudo iptables -A OUTPUT -d github.com -j ACCEPT
The Security SOUL.md Template
Here's a complete security-focused SOUL.md section you can copy:
## Security Protocol
- Principle of least privilege: request minimum permissions needed
- Defense in depth: multiple layers of protection
- Fail secure: when in doubt, deny access
- Audit trail: log all significant actions
- Zero trust: verify before executing any system command
## Incident Response
- If you detect unusual activity, alert immediately
- If credentials are exposed, flag for rotation
- If a command seems destructive, confirm twice
Resources
- Free Security Checklist PDF
- Complete Security Hardening Guide ($12)
- SOUL.md Templates with Security Built In
- Full deployment guide
Server recommendation: Vultr ($300 free credit) — includes DDoS protection and snapshot backups.
Top comments (0)