OpenClaw Security Engineer's Cheat Sheet

OpenClaw, a widely adopted LLM orchestrator with significant GitHub recognition, serves as a personal assistant tool for automating tasks but presents notable security challenges. While it offers optional sandboxing features to limit external inputs, the improper setup and use of its advanced features can introduce significant risks, especially due to its susceptibility to prompt injection attacks and issues with credential handling. The article outlines key principles for securing agentic systems like OpenClaw, emphasizing the need for separating concerns, validating tool calls, and sandboxing the execution layer to mitigate the inherent unpredictability and trust issues associated with LLM outputs. OpenClaw's skills ecosystem is fraught with vulnerabilities and malicious elements, requiring thorough vetting and cautious experimentation in isolated environments to avoid compromising sensitive data. Despite the potential OpenClaw holds for enhancing productivity, its current security governance and secrets management are insufficient, necessitating careful consideration before deploying it in corporate settings.