If you believe you've found a security issue in OpenClaw, please report it privately.

• Email: [email protected]
• What to include: reproduction steps, impact assessment, and (if possible) a minimal PoC.

OpenClaw is a labor of love. There is no bug bounty program and no budget for paid reports. Please still disclose responsibly so we can fix issues quickly. The best way to help the project right now is by sending PRs.

• Public Internet Exposure
• Using OpenClaw in ways that the docs recommend not to

For threat model + hardening guidance (including openclaw security audit --deep and --fix), see:

• https://docs.openclaw.ai/gateway/security

OpenClaw's web interface is intended for local use only. Do not bind it to the public internet; it is not hardened for public exposure.

OpenClaw requires Node.js 22.12.0 or later (LTS). This version includes important security patches:

• CVE-2025-59466: async_hooks DoS vulnerability
• CVE-2026-21636: Permission model bypass vulnerability

Verify your Node.js version:

node --version  # Should be v22.12.0 or later

When running OpenClaw in Docker:

1. The official image runs as a non-root user (node) for reduced attack surface
2. Use --read-only flag when possible for additional filesystem protection
3. Limit container capabilities with --cap-drop=ALL

Example secure Docker run:

docker run --read-only --cap-drop=ALL \
  -v openclaw-data:/app/data \
  openclaw/openclaw:latest

This project uses detect-secrets for automated secret detection in CI/CD. See .detect-secrets.cfg for configuration and .secrets.baseline for the baseline.

Run locally:

pip install detect-secrets==1.5.0
detect-secrets scan --baseline .secrets.baseline