| Version | Supported |
|---|---|
| Latest | [PASS] |
| Older | [FAIL] |
This is a curated list of resources and does not execute code. However, if you discover a security vulnerability in this repository:
- Do NOT open a public issue
- Send an email to the repository maintainers
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if known)
While this repository is a resource list, the OpenClaw project itself has specific security considerations:
-
Never expose API keys
- Use environment variables
- Never print keys in responses
- Rotate keys regularly
-
Implement Access Control
- Whitelist allowed users
- Use webhook verification tokens
- Enable rate limiting
-
Sanitize All Inputs
- Validate user input
- Escape special characters
- Check for command injection
-
Keep Dependencies Updated
- Regular security audits
- Update OpenClaw regularly
- Monitor security advisories
[WARN] Important: Prompt injection is an industry-wide unsolved problem.
Mitigation strategies:
- Use strong models (Claude 3.5 Sonnet, GPT-4)
- Implement input validation
- Use system prompts carefully
- Monitor for suspicious patterns
- Educate users about risks
Before deploying OpenClaw:
- API keys in environment variables
- Webhook verification enabled
- Access control configured
- Rate limiting active
- HTTPS/TLS enabled
- Input sanitization implemented
- Dependencies updated
- Monitoring/logging configured
We follow responsible disclosure:
- Acknowledge receipt within 48 hours
- Investigate within 7 days
- Fix within 30 days (critical: 7 days)
- Public disclosure after fix is deployed
For security concerns:
- Email: security at openclaw dot ai
- GitHub Security Advisory: Report Vulnerability