⚠️ Important Notice

This solution adopts a "Soft Isolation" design:

• Relies on Agent self-discipline and prompt constraints, no hard ACL enforcement
• Suitable for trusted environments, NOT for zero-trust/high-compliance scenarios
• DO NOT USE for financial, military, medical, or other high-security requirement scenarios

For hard security guarantees, please use systems with ACL support.

If you discover security issues or vulnerabilities:

Please do NOT report security issues via public GitHub Issues.

1. Send email to: [Security contact email to be filled]
2. Email subject: [Security] OpenClaw Security Issue Report
3. Include:
   • Issue description
   • Reproduction steps (if applicable)
   • Potential impact
   • Suggested fix (if any)

This solution has the following known security limitations:

• Risk: Agents can technically bypass constraints
• Mitigation: Deploy only in trusted environments

• Risk: Workers may not report operations
• Mitigation: Main Agent regular patrol discovers anomalies

• Risk: Data stored in plaintext
• Mitigation: Ensure filesystem itself is secure

When using this solution, recommended measures:

• Ensure OpenClaw gateway deployed in secure environment
• Restrict filesystem access to ~/.openclaw/ directory
• Regularly backup audit logs

• Regularly check AUDIT_LOG.md for anomalies
• Promptly cleanup data for deactivated Agents
• Restrict Main Agent access scope

• Set audit log file change alerts
• Regularly check Cron task naming standards
• Quarterly review Agent registry

Last Updated: 2026-03-18