HomeSecurity Center

SECURITY
CENTER.

Security guidelines and actionable protection checklist for high-privilege agents. Follow these best practices to keep your deployments secure.

Critical Security Notice

OpenClaw agents can execute code and access APIs. Always review permissions before deployment and never expose API keys in public repositories or screenshots.

API Key Security

Protect your API credentials from unauthorized access

Storage Best Practices

Store API keys in environment variables (.env.local)

Never hardcode keys in code or config files

Add .env files to .gitignore immediately

Never output keys in logs or console

Never expose keys in screenshots or screen recordings

Rotation & Limits

• Rotate API keys regularly (every 90 days recommended)
• Set usage limits and budget alerts on provider dashboards
• Use read-only keys when write access isn't required
• Monitor API usage for unusual patterns

Minimal Permissions

Grant only the permissions required for each skill

File System Access

Restrict read/write to specific directories only

Network Access

Whitelist allowed domains and API endpoints

Database Permissions

Use separate credentials with limited scope

Cloud Hardening

Secure your cloud deployments with these practices

SSH Key Authentication

Disable password auth, use SSH keys only

Firewall Configuration

Close all ports except required services

Regular Updates

Keep system packages and dependencies updated

Monitoring & Alerts

Set up intrusion detection and log monitoring

View Deployment Guides

SECURITY CENTER.