OpenClaw can read and write files and execute commands, so there are three layers to prevent indiscriminate deletion of files: workspace boundaries, tool permissions, and system-level isolation. The most important thing to say is that don't let the agent in the test directly get your personal home directory and production account.
Recommended safety baseline
- Create a dedicated OpenClaw OS user or standalone virtual machine.
- Copy your work data to a separate workspace instead of hanging the entire home directory.
- EXEC uses AllowList or enables approval to prevent silent execution of
rm -rf, bulk move, and outbound commands. - The browser uses a separate profile, and the file download directory is also set up.
- Run
openclaw security audit --deepregularly.
Which settings are particularly dangerous
- Multiple crowd chats can drive the same high-privilege agent.
- Dashboard exposes the public network but has weak authentication.
- The agent is logged in to your private cloud disk, email address, and password manager.
- Treat skills and scripts as ordinary prompts and install them without reviewing the code.
If accidental deletion has already occurred, stop the gateway and related scheduled tasks first, keep logs and workspaces, and do not let the agent automatically fix them. Tighten the permissions after recovering the data, otherwise it may still reappear next time.
Official open source address: https://github.com/openclaw/openclaw.
There is also a simple habit: let the agent give a plan before making changes, and give a summary of changes after modifications. For ordinary document tasks, this is less worry-free than turning through logs afterwards; For high-risk directories, system permission isolation is still used to cover the bottom. When deleting, overwriting, or synchronizing cloud disks, let it generate a pending list first, and do not execute it directly.
