Security Checklist
✓
Run Security Audit
openclaw security audit --deep
✓
Enable DM Pairing
Set dmPolicy to "pairing" (default).
✓
Require Mention in Groups
Prevent background triggers.
✓
Bind to Loopback
Keep gateway.bind on "loopback".
✓
Enable Gateway Auth
Set gateway.auth.mode to "token".
✓
Enable Sandboxing
Set agents.defaults.sandbox.mode to "non-main".
✓
File Permissions
~/.openclaw is 700, config files are 600.
✓
Review Tool Allowlists
Limit exec, browser, file operations.