OpenClaw's Safety-First Architecture
OpenClaw is designed with a secure-by-default philosophy. Out of the box, every safety mechanism is enabled at its most restrictive setting. You explicitly opt into less restrictive configurations — never the other way around.
Default Security Posture
- Command execution: Disabled by default. The agent cannot run shell commands until you explicitly enable and allowlist them.
- File access: Restricted to the designated workspace directory. No access to parent directories, home folder, or system paths.
- Network access: Outbound requests limited to configured LLM API endpoints only.
- Approval gates: All destructive operations require human approval by default.
- DM pairing: Required for all messaging channels — unrecognized users cannot interact with the agent.
- Logging: All agent actions are logged with timestamps, inputs, outputs, and decision rationale.
How OpenClaw Compares to Other AI Agents
Many AI agent frameworks give the model unrestricted access to the system by default — including file system access, command execution, and network requests. OpenClaw takes the opposite approach: everything is locked down until you explicitly grant permission.
The Trust Gradient
OpenClaw implements a progressive trust model:
- Zero Trust (default): Agent can only think and respond. No system access.
- Read-Only: Agent can read files within the workspace but cannot modify anything.
- Supervised Write: Agent can propose changes but requires approval for every write operation.
- Autonomous: Agent can execute pre-approved operations without human intervention within defined boundaries.
Most users operate at level 2 or 3. Level 4 is recommended only for well-tested workflows with comprehensive allowlists and monitoring.
Prompt Guardian
Protect your AI agent from prompt injection and malicious commands.