safe-openclaw
Security-hardened OpenClaw with mandatory authentication, AES-256 encryption, session management, and secret redaction. Drop-in replacement, zero migration cost.
Security-hardened OpenClaw with mandatory authentication, AES-256 encryption, session management, and secret redaction. Drop-in replacement, zero migration cost.
OpenClaw ships with zero authentication and stores API keys in plaintext. Deploy it on a server and anyone who discovers your URL owns your AI gateway — and every API key in it.
Password-protected access with strong password policy enforcement. No anonymous access possible.
API tokens encrypted at rest with AES-256-GCM. Keys are never stored in plaintext.
HMAC-based session tokens with configurable expiry. Auto-restart on password change.
Automatic filtering of sensitive information in outbound messages and logs.
Sensitive management endpoints restricted to localhost access only.
Built-in dangerous command blocking, secret leak detection in tool output, and full audit logging for all AI tool calls.
One command to upgrade. Your config, sessions, and channels are fully preserved.
curl -fsSL https://raw.githubusercontent.com/Yapie0/safe-openclaw/main/install.sh | bash
Or install via npm:
npm install -g safe-openclaw