1.6 KiB
1.6 KiB
OpenClaw Security Policy
Default stance: least privilege. Do not chain high-risk actions unattended.
Low-risk (default)
status · doctor · version · health · logs · dashboard · config read · docs search channels list/status · models list/status · memory status/search · skills list plugins list/info/doctor · hooks list/info/check · sandbox list/explain sessions · approvals get · system presence/heartbeat
High-risk Categories
| Category | Commands | Gate |
|---|---|---|
| Shell/Exec | exec tool, nodes invoke/run |
Full |
| Device/Sensor | pairing, devices approve/rotate/revoke, camera snap/clip, screen record, location get | Full |
| Browser | All browser interaction commands, evaluate (JS exec) | Full |
| Automation | cron add/edit/rm/run, webhooks gmail, dns setup --apply | Full |
| Plugin/Hook | plugins install/enable, hooks install/enable | Sub-cmd |
| Security | security audit --fix | Full |
| Secrets | secrets apply | Sub-cmd |
| Sandbox | sandbox recreate | Sub-cmd |
Wrapper Enforcement
scripts/openclaw.sh blocks high-risk via OPENCLAW_WRAPPER_ALLOW_RISKY=1 (session-scoped).
Granular gating:
plugin: onlyinstallandenablegatedhooks: onlyinstallandenablegatedsecrets: onlyapplygatedsandbox: onlyrecreategated- All others in table above: fully gated
Required Controls
- Explicit consent per high-risk step
- Prefer read-only before mutating
- Gateway: keep loopback unless remote intentional
- Verify node identity before approving
- Use
security auditperiodically