Security Audit
Use OpenClaw built-in security audit tool. Run regularly.
$ openclaw security audit
$ openclaw security audit --deep
$ openclaw security audit --fix
$ openclaw security audit --deep
$ openclaw security audit --fix
What the Audit Checks
Inbound Access
DM policies, group policies, allowlists.
Tool Blast Radius
Elevated tools + open rooms.
Network Exposure
Gateway bind/auth, Tailscale.
Browser Control
Remote nodes, CDP endpoints.
Local Disk
Permissions, symlinks.
Plugins
Extensions without allowlist.
Priority Order
- Anything "open" + tools enabled
- Public network exposure
- Browser control exposure
- Permissions
- Plugins
Credential Storage
| Channel | Location |
|---|---|
~/.openclaw/credentials/whatsapp/*/creds.json | |
| Telegram | Config/env or channels.telegram.tokenFile |
| Model Auth | ~/.openclaw/agents/*/agent/auth-profiles.json |
| Sessions | ~/.openclaw/agents/*/sessions/*.jsonl |