Security Disclosure¶
If you believe you've found a security issue in OpenClaw, please report it privately.
Reporting¶
Report vulnerabilities directly to the repository where the issue lives:
- Core CLI and gateway — openclaw/openclaw.
- macOS desktop app — openclaw/openclaw (
apps/macos). - iOS app — openclaw/openclaw (
apps/ios). - Android app — openclaw/openclaw (
apps/android). - ClawHub — openclaw/clawhub.
- Trust and threat model — openclaw/trust.
For issues that don't fit a specific repo, or if you're unsure, email security@openclaw.ai and the team will route it.
For full reporting instructions see the Trust page.
Required in reports¶
- Title.
- Severity assessment.
- Impact.
- Affected component.
- Technical reproduction.
- Demonstrated impact.
- Environment.
- Remediation advice.
Reports without reproduction steps, demonstrated impact, and remediation advice will be deprioritized. Given the volume of AI-generated scanner findings, the project must ensure vetted reports from researchers who understand the issues.
Security & trust¶
Jamieson O'Reilly (@theonejvo) is Security & Trust at OpenClaw. Jamieson is the founder of Dvuln and brings experience in offensive security, penetration testing, and security program development.
Bug bounties¶
OpenClaw is a labor of love. There is no bug bounty program and no budget for paid reports. Please still disclose responsibly so the maintainers can fix issues quickly. The best way to help the project right now is by sending PRs.
Out of scope¶
- Public internet exposure.
- Using OpenClaw in ways that the docs recommend not to.
- Prompt injection attacks.
Operational guidance¶
For threat model + hardening guidance (including openclaw security audit --deep and --fix), see Gateway security and the upstream docs/gateway/security/ directory.
Tool filesystem hardening¶
tools.exec.applyPatch.workspaceOnly: true(recommended) — keepsapply_patchwrites / deletes within the configured workspace directory.