OpenClaw Security: 13 Practical Steps to Lock Down Your AI Agent

A detailed Reddit post from r/clawdbot provides 13 specific security recommendations for hardening OpenClaw AI agent deployments. The post emphasizes that many users run OpenClaw locally with default settings, leaving their files, APIs, and system commands exposed to potential compromise.

Key Security Steps

• Separate Machine: Run OpenClaw on a $5/month VPS (Hetzner, DigitalOcean, Linode) or spare machine, not your personal laptop.
• Non-root User: Create a dedicated user with limited permissions instead of running as root.
• Change Default Port: Switch from default port 8080 to a random number between 10000 and 65535.
• Tailscale Installation: Use Tailscale to make your server invisible to the internet, allowing only approved devices to connect.
• SSH Keys & Fail2ban: Disable password login, use SSH keys only, and install fail2ban to ban IPs after three failed login attempts for 24 hours.
• Firewall with UFW: Close all unnecessary ports. With Tailscale, you only need SSH accessible.
• User Allowlisting: Configure OpenClaw to only respond to specific Telegram accounts; others get no response.
• Self-Audit: Ask your bot: "audit your own security setup and tell me what needs fixing." For systematic checks, use SecureClaw, an open-source plugin by Adversa AI that runs 55 automated security checks against OpenClaw installations.
• Real-time Alerts: Configure alerts for failed logins, config changes, or new SSH connections.
• DMs Only: Restrict bot access to direct messages only. If group access is needed, run a separate instance with restricted permissions.
• Docker Sandboxing: Run subagents inside Docker containers by setting agents.defaults.sandbox: true in your config. This isolates tool execution to prevent prompt injection attacks. Vet third-party skills from ClawHub before running them.
• Daily Security Audit Cron: Set up a cron job to run full security audits daily to catch config drift or accidental port openings.
• Keep Updated: Maintain OpenClaw updates or use managed services like StartClaw if you prefer not to handle DevOps tasks.

The post positions Docker sandboxing as the most critical step, noting that subagents browsing webpages could be tricked via prompt injection attacks without proper isolation.