Anthony/openclaw-backups
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
openclaw-backups/archive/inactive-skills/openclaw-anything/references/security-policy.md

1.2 KiB
Raw Permalink Blame History

OpenClaw Security Policy

Last verified: 2026-02-17.

Purpose Constraint

This skill exists to operate OpenClaw safely as a CLI wrapper plus documentation aid. It is not a blanket authorization for privileged or autonomous actions.

Approval Model

  • Low-risk read operations may run by default.
  • High-risk operations require explicit user approval for each action.
  • Do not chain high-risk actions into unattended workflows by default.

High-risk Categories

  • Shell execution features (exec) that can run arbitrary commands
  • Elevated privilege flows
  • Sub-agent delegation with inherited environment/context
  • Plugin install from external sources
  • Cron add/remove/force-run operations
  • Browser automation on arbitrary remote sites
  • Device pairing and sensor access (camera/audio/location)

Required Controls

  • Principle of least privilege
  • Explicit, contextual consent before each high-risk step
  • Prefer read-only checks before any mutating action
  • Use trusted plugin sources only
  • Keep gateway bound to loopback unless remote access is intentional

Wrapper Enforcement

bash scripts/openclaw.sh blocks high-risk command groups unless:

  • OPENCLAW_WRAPPER_ALLOW_RISKY=1

This opt-in is session-scoped and should be set only when required.

Reference in New Issue View Git Blame Copy Permalink