OpenClaw is for your own use only, and the safest thing to do is to turn off open access, use allowlist or pairing, and solidify your real user ID into the configuration. Don't set the DM policy to open, and don't allow everyone to directly drive agents with tool permissions in group chats.
Recommended Scheme
| location | suggested |
|---|---|
| DM privately | dmPolicy: "allowlist", allowFrom write your own user ID |
| Group chat | It is turned off by default, and it will take some time to configure groups + requireMention |
| Dashboard | Only access or through trusted tunnels locally, not exposed to the public network |
| tool permissions | Minimize it first, and open the browser and exec separately |
Why not just open
OpenClaw is not a customer service robot that "anyone can have a few words". It may be able to read files, send messages, operate browsers, and execute commands. As long as a sender can drive the same tool-based agent, it is equivalent to inducing it to do things within your scope of authorization. The official security documentation also emphasizes that a Gateway should be used by a single trust boundary by default.
Run openclaw security audit and openclaw doctor when you're set up. If the audit prompts the open group policy, the gateway authentication is exposed, or the file permissions are too wide, fix the security issues before connecting more channels.
Official open source address: https://github.com/openclaw/openclaw.
After completing the configuration, use an unauthorized account to send a message to the bot for testing. A truly reliable access control is not that the configuration file looks like it has an allowlist, but that unauthorized messages really can't come in, and the reason for the blocking can be seen in the logs.
