Security Checklist

An interactive RMF-style assessment tool for OpenClaw deployments. Walk through every hardening control, mark compliance status, and track your security posture.

How it works: Select a deployment profile to pre-filter controls by relevance. Expand each control to see the risk, recommendation, and verification command. Mark each as Compliant, Non-Compliant, or N/A. Your progress is saved in your browser automatically.

---

0%

0 / 77 compliant

critical0 / 26

high0 / 36

medium0 / 15

low0 / 0

0 of 77 reviewed

ProfileEnterprisePersonalDevelopment

CategoryAll categoriesGateway Authentication (0/8) Network Exposure (0/7) Device Identity & Pairing (0/5) Session Isolation (0/4) Channel Access Control (0/8) Tool Policy (0/7) Shell Execution (0/5) Docker Sandboxing (0/8) Elevated Mode (0/3) Hooks & Webhooks (0/5) Plugins & Extensions (0/5) Credentials & Secrets (0/7) Agent Configuration (0/5)

SeverityAllCriticalHighMediumLow

StatusAllUnreviewedCompliantNon-CompliantN/A

77 controls

Gateway Gateway Authentication 0/8

Unauthenticated access, brute force

○criticalAuthentication Modegateway.auth.mode▼

○highAuth Token Strengthgateway.auth.token▼

○highPassword Authgateway.auth.password▼

○criticalNetwork Bind Modegateway.bind▼

○highRate Limitinggateway.auth.rateLimit▼

○criticalControl UI Device Authgateway.controlUi.dangerouslyDisableDeviceAuth▼

○mediumInsecure Auth Compatibilitygateway.controlUi.allowInsecureAuth▼

○criticalTrusted Proxy Configurationgateway.auth.trustedProxies▼

Gateway Network Exposure 0/7

Information disclosure, MITM, public exposure

○highTLS Enforcement(hardcoded)▼

○mediummDNS Discovery Modediscovery.mdns.mode▼

○mediummDNS Kill SwitchOPENCLAW_DISABLE_BONJOUR▼

○mediumWide-Area DNS-SDdiscovery.wideArea.enabled▼

○highSecurity Headers (HSTS)gateway.http.securityHeaders.strictTransportSecurity▼

○highTailscale Modetailscale.mode▼

○mediumCertificate Pinninggateway.remote.tlsFingerprint▼

Gateway Device Identity & Pairing 0/5

Impersonation, replay attacks

○criticalEd25519 Challenge-Response(hardcoded)▼

○criticalDevice Keypair Permissions~/.openclaw/identity/device.json▼

○highPairing Timeout and Caps(hardcoded)▼

○criticalScope Enforcement(hardcoded)▼

○mediumAuto-Approval Rules(hardcoded)▼

Sessions Session Isolation 0/4

Cross-user context leakage

○highDM Session Scopesession.dmScope▼

○mediumIdentity Links Configurationsession.identityLinks▼

○mediumSession Key as Routing Only(implicit)▼

○highMulti-Account Session Scopesession.dmScope▼

Sessions Channel Access Control 0/8

Unauthorized messaging, spam, command abuse

○criticalDM Policychannels.<provider>.dmPolicy▼

○highDM Allowlistchannels.<provider>.allowFrom▼

○criticalGroup Policychannels.<provider>.groups.*.groupPolicy▼

○highGroup Mention Requirementchannels.<provider>.groups.*.requireMention▼

○highGroup AllowFromchannels.<provider>.groups.*.groupAllowFrom▼

○highPer-Sender Tool Policy in Groupschannels.<provider>.groups.*.toolsBySender▼

○criticalCommand Authorizationcommands.useAccessGroups▼

○mediumPairing Code Properties(hardcoded)▼

Tools Tool Policy 0/7

Unintended tool access, privilege escalation

○highTool Profile Selectiontools.profile▼

○mediumGlobal Tool Allow Listtools.allow▼

○highGlobal Tool Deny Listtools.deny▼

○highFilesystem workspaceOnlytools.fs.workspaceOnly▼

○highPer-Agent Tool Policyagents.<id>.tools.allow / agents.<id>.tools.deny▼

○criticalGateway HTTP Tool Restrictionsgateway.tools.allow▼

○highPlugin Tool Groupplugins.allow▼

Tools Shell Execution 0/5

Remote code execution

○criticalExec Security Modetools.exec.security▼

○highExec Approval Modetools.exec.ask▼

○highExec Allowlisttools.exec.allowlist▼

○mediumSafe Bins Configurationtools.exec.safeBins▼

○highapply_patch workspaceOnlytools.exec.applyPatch.workspaceOnly▼

Sandbox Docker Sandboxing 0/8

Container escape, resource exhaustion

○criticalSandbox Modetools.sandbox.mode▼

○mediumSandbox Scopetools.sandbox.scope▼

○highWorkspace Accesstools.sandbox.workspaceAccess▼

○criticalBind Mount Validationtools.sandbox.bindMounts▼

○criticalNetwork Isolationtools.sandbox.network▼

○highCapability Droppingtools.sandbox.capDrop▼

○criticalSeccomp and AppArmor Profilestools.sandbox.seccomp▼

○highEnvironment Variable Sanitizationtools.sandbox.envStrict▼

Sandbox Elevated Mode 0/3

Host escape, sandbox bypass

○criticalElevated Mode Gatetools.elevated.enabled▼

○criticalElevated AllowFromtools.elevated.allowFrom.<provider>▼

○highElevated Execution Levelstools.elevated.level▼

Gateway Hooks & Webhooks 0/5

Session injection, prompt injection, token reuse

○highHook Tokenhooks.token▼

○criticalToken Reuse Preventionhooks.token▼

○highSession Key Injectionhooks.allowRequestSessionKey▼

○highSession Key Prefixeshooks.allowedSessionKeyPrefixes▼

○highUnsafe External Contenthooks.allowUnsafeExternalContent▼

Tools Plugins & Extensions 0/5

Supply chain, in-process compromise

○criticalPlugin Allowlistplugins.allow▼

○highPlugin Deny Listplugins.deny▼

○criticalPlugin HTTP Route Auth(plugin-implemented)▼

○highPlugin Code Scanning(automated)▼

○highnpm Lifecycle Script Risks(install-time)▼

Host Credentials & Secrets 0/7

Credential exposure, log leakage

○criticalState Directory Permissions~/.openclaw/▼

○criticalConfig File Permissions~/.openclaw/openclaw.json▼

○criticalCredential File Permissions~/.openclaw/credentials/▼

○criticalDevice Keypair Permissions~/.openclaw/identity/device.json▼

○highLog Redaction Modelogging.redactSensitive▼

○mediumCustom Redaction Patternslogging.redactPatterns▼

○highDisk Encryption(host-level)▼

Model Agent Configuration 0/5

Prompt injection, PII exposure, model downgrade

○mediumOwner Identity Displaycommands.ownerDisplay▼

○mediumBootstrap File Injectionagents.defaults.skipBootstrap▼

○highSkill Loading Securityagents.<id>.skills▼

○criticalPlugin Prompt Hooks(plugin-implemented)▼

○highModel Selectionagents.<id>.model▼