35 lines
1.2 KiB
Markdown
35 lines
1.2 KiB
Markdown
# OpenClaw Security Policy
|
|
|
|
Last verified: 2026-02-17.
|
|
|
|
## Purpose Constraint
|
|
This skill exists to operate OpenClaw safely as a CLI wrapper plus documentation aid.
|
|
It is not a blanket authorization for privileged or autonomous actions.
|
|
|
|
## Approval Model
|
|
- Low-risk read operations may run by default.
|
|
- High-risk operations require explicit user approval for each action.
|
|
- Do not chain high-risk actions into unattended workflows by default.
|
|
|
|
## High-risk Categories
|
|
- Shell execution features (`exec`) that can run arbitrary commands
|
|
- Elevated privilege flows
|
|
- Sub-agent delegation with inherited environment/context
|
|
- Plugin install from external sources
|
|
- Cron add/remove/force-run operations
|
|
- Browser automation on arbitrary remote sites
|
|
- Device pairing and sensor access (camera/audio/location)
|
|
|
|
## Required Controls
|
|
- Principle of least privilege
|
|
- Explicit, contextual consent before each high-risk step
|
|
- Prefer read-only checks before any mutating action
|
|
- Use trusted plugin sources only
|
|
- Keep gateway bound to loopback unless remote access is intentional
|
|
|
|
## Wrapper Enforcement
|
|
`bash scripts/openclaw.sh` blocks high-risk command groups unless:
|
|
- `OPENCLAW_WRAPPER_ALLOW_RISKY=1`
|
|
|
|
This opt-in is session-scoped and should be set only when required.
|