Security Checklist
AI agents that control browsers and file systems introduce unique security risks. Use this checklist to harden your OpenClaw deployment before going into production.
Why This Matters
Unlike traditional software, AI agents make autonomous decisions about what files to read, what commands to run, and what packages to install. A compromised skill or misconfigured sandbox can escalate into a full system compromise. This checklist covers the most critical attack surfaces.
The Checklist
#1Skill Source Verification
Only install skills from trusted GitHub repositories with verified READMEs and active maintainers.
Blindly install skills by name without checking the source repo — LLMs can hallucinate package names.
Before adding a skill, inspect its GitHub repo, check the author's history, and verify the skill ID matches the official registry. Fake or typo-squatted skill names are a real attack vector.
#2Browser Sandbox Configuration
Keep browser.evaluateEnabled set to false unless your workflow explicitly requires JavaScript execution.
Enable evaluateEnabled globally — this allows the agent to run arbitrary JS in the browser context.
The browser sandbox is your primary defense against agent-injected scripts. If you must enable JS evaluation, restrict it to specific domains and audit the agent's actions via logs.
#3API Key Security
Store API keys in environment variables (e.g. DEEPSEEK_API_KEY=sk-...) and rotate them monthly.
Hardcode API keys in clawhub.json or commit them to version control.
Use .env files excluded from git, or a secrets manager. If a key leaks, revoke it immediately from the provider's dashboard. See our Data Privacy guide for more.
#4Agent Permission Minimization
Restrict file system access to the project directory. Audit agent operation logs after each session.
Give the agent unrestricted access to your home directory or system paths.
Configure dataPath and working directories to the narrowest scope possible. Review ~/.openclaw/logs periodically to catch unexpected file reads or writes.
#5Supply Chain Risk Mitigation
Verify npm packages exist before installing. Use lockfiles and audit dependencies with npm audit.
Let the agent install arbitrary packages without review — it may hallucinate non-existent package names.
Agents can suggest installing packages that don't exist (or worse, typo-squats of real packages). Always verify on npmjs.com before running npm install on agent-suggested packages.
Further Reading
- Data Privacy & Sovereignty — understand what data goes where
- Skill System — how skills are loaded and verified
- Config Wizard — generate a secure config in seconds