OpenClaw Security Checklist covers API key management, network permissions, data privacy protection, and regular maintenance. This guide provides practical security steps to ensure your AI assistant runs safely in local and cloud environments, preventing sensitive data leaks and unauthorized access.
🇹🇼 中文 🇺🇸 English 🇯🇵 日本語 🇪🇸 Español
🛡️ 808AI 五金行

OpenClaw Security Checklist 🛡️

OpenClaw recently had 9 security vulnerabilities disclosed in just 4 days, including one rated 9.9 out of 10 (Critical). Combined with the Axios supply chain attack, OpenClaw owners should take 10 minutes to run this health check.

9 CVE Vulnerabilities
9.9 Highest CVSS Score
10 Minutes to Complete
01

Background: What Happened?

Between March 18 and 21, 2026, security researchers disclosed 9 OpenClaw CVEs in just 4 days. Then on March 31, the Axios supply chain attack was revealed. Here's the full list.

🦞 9 CVE Vulnerabilities

CVE ID CVSS Description Fixed In
CVE-2026-22172 9.9 WebSocket connections can self-declare admin privileges 2026.3.12
CVE-2026-32051 8.8 operator.write privilege escalation to owner 2026.3.1
CVE-2026-22171 8.2 Lark media download path traversal 2026.2.19
CVE-2026-32025
"ClawJacked"		 7.5 Browsers can brute-force the local gateway 2026.2.25
CVE-2026-32048 7.5 Sandbox escape — child processes don't inherit restrictions 2026.3.1
CVE-2026-32049 7.5 Oversized media payload DoS 2026.2.22
CVE-2026-32032 7.0 Untrusted SHELL environment variable 2026.2.22
CVE-2026-29607 6.4 allow-always wrapper bypass 2026.2.22
CVE-2026-28460 5.9 Allowlist bypass via shell newline characters 2026.2.22

⚡ Axios Supply Chain Attack (March 31, 2026)

  • Axios 1.14.1 and 0.30.4 were backdoored
  • Installs the malicious plain-crypto-js package
  • Installs a Remote Access Trojan (RAT)
  • OpenClaw uses Axios and may be affected
02

Checklist (7 Items)

Go through each item and check them off as you go. Your progress is automatically saved in your browser.

Version Check (Most Important!)

Version ≥ 2026.3.12 patches all 9 vulnerabilities.

openclaw --version
≥ 2026.3.12
< 2026.3.12
Run npm update -g openclaw

Don't Expose the Gateway Publicly

CVE-2026-32025 allows browsers to brute-force an exposed gateway.

// Check gateway.bind in openclaw.json
{
  "gateway": {
    "bind": "loopback"  // ← verify this
  }
}
"loopback" or "127.0.0.1"
"0.0.0.0" or not set
Set "bind": "loopback"; use Tailscale or SSH tunnel for remote access

Use Token Auth, Not Password

Password mode is vulnerable to brute-force attacks.

// Check gateway.auth.mode
{
  "gateway": {
    "auth": {
      "mode": "token"  // ← verify this
    }
  }
}
"token"
"password"
Change to "mode": "token"

Lock Down Telegram Access

Prevent strangers from triggering your Agent.

// Check channels.telegram settings
{
  "channels": {
    "telegram": {
      "dmPolicy": "allowlist",
      "allowFrom": ["your Telegram ID"]
    }
  }
}
dmPolicy: "allowlist" + allowFrom configured
dmPolicy: "open" or no allowFrom in groups
Add allowFrom restrictions — only allow your own ID

Use Allowlist for Exec Permissions

CVE-2026-28460 and CVE-2026-29607 can bypass command approval.

// Check tools.exec.security
{
  "tools": {
    "exec": {
      "security": "allowlist"  // ← verify this
    }
  }
}
"allowlist"
"full"
Set "security": "allowlist"

Restrict File Access to Workspace

Prevent the Agent from reading or writing critical system files.

// Check tools.fs.workspaceOnly
{
  "tools": {
    "fs": {
      "workspaceOnly": true  // ← verify this
    }
  }
}
true
false or not set
Set "workspaceOnly": true

Axios Supply Chain Attack Check

Malicious Axios versions install a RAT trojan.

# Check axios version
npm list axios | grep -E "1.14.1|0.30.4"

# Check for malicious package
ls node_modules/plain-crypto-js

# Check for RAT (macOS)
ls /Library/Caches/com.apple.act.mond

# Check for RAT (Linux)
ls /tmp/ld.py
Nothing found (No such file)
Any of the above found
If anything is found, immediately follow the steps in "04 — Incident Response"
03

Security Settings at a Glance

All the key settings in one table. Green = safe, Red = dangerous.

Setting ✅ Safe Value ❌ Dangerous Value
Version ≥ 2026.3.12 < 2026.3.12
gateway.bind loopback 0.0.0.0
gateway.auth.mode token password
telegram.dmPolicy allowlist open
tools.exec.security allowlist full
tools.fs.workspaceOnly true false
axios version ≠ 1.14.1, 0.30.4 1.14.1 or 0.30.4
04

What to Do If Something's Wrong

Don't panic — follow these steps in order.

🚨 Emergency Response Steps

  1. Immediately rotate all API keys (Anthropic, OpenAI, Google, etc.)
  2. Regenerate your Telegram Bot Token (go to @BotFather)
  3. Replace the Gateway auth token
  4. Update OpenClaw to the latest version: npm update -g openclaw
  5. Consider a clean reinstall (the safest approach)
  6. Check for suspicious cron jobs or background processes
⚠️
Important Warning

If you find traces of the malicious Axios version (RAT files exist), your machine may have been fully compromised. Beyond the steps above, you should also check whether any keys, passwords, and tokens stored locally have been exfiltrated.

05

Further Reading

For a deeper dive into the vulnerabilities, check out these resources.

📋
Full Analysis of 9 CVEs OpenClaw Official Blog — Detailed vulnerability breakdown and fix timeline
🔓
ClawJacked Vulnerability Deep Dive Oasis Security — In-depth analysis of CVE-2026-32025
Axios Supply Chain Attack LanDian News — Report on the backdoored malicious versions
📊
CVE Tracker GitHub — Complete OpenClaw CVE list and tracker
🦞
OpenClaw Tutorial (808AI) 808AI 五金行 — Getting started with your agent from scratch
💬 Join the 808AI 五金行 LINE community to connect with fellow OpenClaw owners Join Community
0 / 7 checked