Blame
|
1 | ``` |
||||||
|
2 | # OpenClaw |
||||||
| 3 | ||||||||
| 4 | ◇ Security disclaimer ──────────────────────────────────────────────────────────────────────╮ |
|||||||
| 5 | │ │ |
|||||||
| 6 | │ OpenClaw is a hobby project and still in beta. Expect sharp edges. │ |
|||||||
| 7 | │ By default, OpenClaw is a personal agent: one trusted operator boundary. │ |
|||||||
| 8 | │ This bot can read files and run actions if tools are enabled. │ |
|||||||
| 9 | │ A bad prompt can trick it into doing unsafe things. │ |
|||||||
| 10 | │ │ |
|||||||
| 11 | │ OpenClaw is not a hostile multi-tenant boundary by default. │ |
|||||||
| 12 | │ If multiple users can message one tool-enabled agent, they share that delegated tool │ |
|||||||
| 13 | │ authority. │ |
|||||||
| 14 | │ │ |
|||||||
| 15 | │ If you’re not comfortable with security hardening and access control, don’t run │ |
|||||||
| 16 | │ OpenClaw. │ |
|||||||
| 17 | │ Ask someone experienced to help before enabling tools or exposing it to the internet. │ |
|||||||
| 18 | │ │ |
|||||||
| 19 | │ Recommended baseline │ |
|||||||
| 20 | │ - Pairing/allowlists + mention gating. │ |
|||||||
| 21 | │ - Multi-user/shared inbox: split trust boundaries (separate gateway/credentials, ideally │ |
|||||||
| 22 | │ separate OS users/hosts). │ |
|||||||
| 23 | │ - Sandbox + least-privilege tools. │ |
|||||||
| 24 | │ - Shared inboxes: isolate DM sessions (session.dmScope: per-channel-peer) and keep tool │ |
|||||||
| 25 | │ access minimal. │ |
|||||||
| 26 | │ - Keep secrets out of the agent’s reachable filesystem. │ |
|||||||
| 27 | │ - Use the strongest available model for any bot with tools or untrusted inboxes. │ |
|||||||
| 28 | │ │ |
|||||||
| 29 | │ Run regularly │ |
|||||||
| 30 | │ openclaw security audit --deep │ |
|||||||
| 31 | │ openclaw security audit --fix │ |
|||||||
| 32 | │ │ |
|||||||
| 33 | │ Learn more │ |
|||||||
| 34 | │ - https://docs.openclaw.ai/gateway/security │ |
|||||||
| 35 | │ │ |
|||||||
| 36 | ├────────────────────────────────────────────────────────────────────────────────────────────╯ |
|||||||
|
37 | |||||||
| 38 | ◇ QuickStart ─────────────────────────╮ |
|||||||
| 39 | │ │ |
|||||||
| 40 | │ Gateway port: 18789 │ |
|||||||
| 41 | │ Gateway bind: Loopback (127.0.0.1) │ |
|||||||
| 42 | │ Gateway auth: Token (default) │ |
|||||||
| 43 | │ Tailscale exposure: Off │ |
|||||||
| 44 | │ Direct to chat channels. │ |
|||||||
| 45 | │ │ |
|||||||
| 46 | ├──────────────────────────────────────╯ |
|||||||
|
47 | |||||||
| 48 | ◆ Model/auth provider |
|||||||
| 49 | │ |
|||||||
| 50 | │ Search: |
|||||||
| 51 | │ ○ Alibaba Model Studio |
|||||||
| 52 | │ ○ Anthropic |
|||||||
| 53 | │ ○ Arcee AI |
|||||||
| 54 | │ ● BytePlus (API key) |
|||||||
| 55 | │ ○ Chutes |
|||||||
| 56 | │ ○ Cloudflare AI Gateway |
|||||||
| 57 | │ ○ Copilot |
|||||||
| 58 | │ ○ Custom Provider |
|||||||
| 59 | │ ○ DeepSeek |
|||||||
| 60 | │ ○ Fireworks |
|||||||
| 61 | │ ○ Google |
|||||||
| 62 | │ ○ Hugging Face |
|||||||
| 63 | │ ○ Kilo Gateway |
|||||||
| 64 | │ ○ LiteLLM |
|||||||
| 65 | │ ○ LM Studio |
|||||||
| 66 | │ ○ Microsoft Foundry |
|||||||
| 67 | │ ○ MiniMax |
|||||||
| 68 | │ ○ Mistral AI |
|||||||
| 69 | │ ○ Moonshot AI (Kimi K2.6) |
|||||||
| 70 | │ ○ NVIDIA |
|||||||
| 71 | │ ○ Ollama |
|||||||
| 72 | │ ○ OpenAI |
|||||||
| 73 | │ ○ OpenAI Codex |
|||||||
| 74 | │ ○ OpenCode |
|||||||
| 75 | │ ○ OpenRouter |
|||||||
| 76 | │ ○ Qianfan |
|||||||
| 77 | │ ○ Qwen Cloud |
|||||||
| 78 | │ ○ Runway |
|||||||
| 79 | │ ○ SGLang |
|||||||
| 80 | │ ○ StepFun |
|||||||
| 81 | │ ○ Synthetic |
|||||||
| 82 | │ ○ Tencent Cloud |
|||||||
| 83 | │ ○ Together AI |
|||||||
| 84 | │ ○ Venice AI |
|||||||
| 85 | │ ○ Vercel AI Gateway |
|||||||
| 86 | │ ○ vLLM |
|||||||
| 87 | │ ○ Volcano Engine |
|||||||
| 88 | │ ○ xAI (Grok) |
|||||||
| 89 | │ ○ Xiaomi |
|||||||
| 90 | │ ○ Z.AI |
|||||||
| 91 | │ ○ Skip for now |
|||||||
| 92 | │ ↑/↓ to select • Enter: confirm • Type: to search |
|||||||
| 93 | ||||||||
|
94 | ``` |
||||||