Security

OpenClaw has access to your server, your APIs, and potentially your messages. Here’s how to limit the exposure.

Owner IDs: your first line of defense

The owners field in your config determines who can talk to your agent. Without it, anyone can send commands to your bot.

{
  "channels": [
    {
      "type": "telegram",
      "token": "...",
      "owners": [123456789]
    }
  ]
}

⚠️ Never leave owners empty. Your bot will either ignore everyone — or worse, respond to everyone, depending on the config.

Find your Owner ID

On Telegram, send /start to @userinfobot. It’ll return your numeric ID.

Securing the server

SSH access

# Disable password authentication
sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo systemctl restart sshd

# Change the SSH port (optional but recommended)
sudo sed -i 's/#Port 22/Port 2222/' /etc/ssh/sshd_config

💡 Use SSH keys only. Never passwords.

Firewall (UFW)

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 2222/tcp   # SSH (or 22 if using the default port)
sudo ufw allow 80/tcp     # HTTP
sudo ufw allow 443/tcp    # HTTPS
sudo ufw enable

Fail2ban

Block IPs that try to brute-force:

sudo apt install fail2ban -y
sudo systemctl enable fail2ban

Recommended config in /etc/fail2ban/jail.local:

[sshd]
enabled = true
port = 2222
maxretry = 3
bantime = 3600

Protecting your API keys

Never commit your keys

The file ~/.openclaw/openclaw.json contains your API keys. It should never end up in a Git repo.

# Check permissions
chmod 600 ~/.openclaw/openclaw.json

Key rotation

Get into the habit of regenerating your API keys every 3–6 months:

• Anthropic: console.anthropic.com
• OpenAI: platform.openai.com

If you suspect a leak, regenerate immediately.

MEMORY.md and sensitive data

The agent writes to MEMORY.md whatever it thinks is worth keeping. By default it avoids secrets — but check regularly:

# Scan for sensitive patterns
grep -iE '(password|secret|token|apikey|sk-|ghp_)' ~/.openclaw/workspace/MEMORY.md

💡 If you’re using your agent in a group chat, MEMORY.md is not loaded in shared sessions — only in direct conversations.

Reverse proxy and HTTPS

Never expose OpenClaw directly to the internet. Use a reverse proxy:

• Traefik (recommended with Docker)
• Nginx / Caddy

With Let’s Encrypt for automatic HTTPS:

# Traefik example (Docker labels)
labels:
  - "traefik.http.routers.app.tls=true"
  - "traefik.http.routers.app.tls.certresolver=letsencrypt"

Security headers

Add these headers in your reverse proxy:

X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src 'self'

Updates

Keep everything up to date — that’s the baseline:

# System
sudo apt update && sudo apt upgrade -y

# OpenClaw
openclaw update run

# Docker images
docker compose pull && docker compose up -d

💡 You can set up an OpenClaw cron job to automatically check for updates every week.

Security checklist

Before considering your install “production-ready”:

• Owner IDs configured
• SSH key-only (password disabled)
• Firewall active (UFW)
• Fail2ban installed
• HTTPS with valid certificate
• Security headers in place
• openclaw.json set to chmod 600
• No secrets in MEMORY.md
• Regular system updates