ClawManagerClawManager
Docs Menu

Security

Control what your agent can access, who can talk to it, and what commands it can run.

Security Overview

Your agent can browse the web, run commands, read files, and interact with external services. The security system lets you define boundaries so it only does what you're comfortable with.

ClawManager's Security Manager provides a visual interface for all security settings. You can also use security presets for common configurations.

Domain Allowlist

Control which websites and APIs your agent can access. By default, agents have broad web access. Add domains to the allowlist to restrict access to only approved sites.

Example allowlist:

github.com
api.openai.com
*.google.com

Wildcards (*) are supported. When the allowlist is active, any domain not on the list is blocked.

Exec Approvals

When your agent wants to run a shell command, it can either ask for your approval each time or use pre-approved patterns. The exec approval system lets you define an allowlist of commands the agent can run without asking.

How It Works

Add patterns to the exec allowlist (e.g., git *, ls *, npm test). Commands matching a pattern run immediately. Everything else prompts you for approval.

Per-Agent Rules

You can set different exec allowlists for different agents. A coding agent might have broad command access, while a chat-only agent might have none.

Manage this in ClawManager's Exec Approvals page, or via CLI:

$ openclaw approvals allowlist add "git *"
$ openclaw approvals allowlist remove "rm *"

Security Presets

Not sure where to start? ClawManager offers security presets that configure sensible defaults:

Relaxed

Broad access with minimal restrictions. Good for personal/development use where you trust the agent fully.

Balanced

Moderate restrictions. Blocks dangerous commands but allows most productive work.

Strict

Tight restrictions. Domain allowlist active, limited exec, explicit approval for sensitive actions.

Secrets Vault

The Security Manager includes a Secrets Vault for storing sensitive values like API keys, tokens, and passwords. Secrets are encrypted at rest and only accessible to the agent at runtime. This keeps sensitive data out of plain-text config files.

⚠️ The Secrets Vault is currently in development and not yet available in the standard release.

Blocked Items

The Security Manager shows a summary of all blocked items: domains, commands, and skills that are restricted. You can review and adjust these lists at any time. There's also a Raw Editor for power users who prefer editing the security config directly as JSON.

Channel Access Policies

Each messaging connection has its own access policy (covered in Connections). These work alongside the security system: even if someone can reach your agent via Telegram, the security settings still control what the agent can do in response.

Best Practices

  • • Start with a balanced preset and adjust from there
  • • Use pairing mode on channels to prevent unauthorized access
  • • Review exec allowlists periodically — remove patterns you no longer need
  • • Store sensitive values in the Secrets Vault, not in workspace files
  • • For shared/public agents, use strict mode with explicit allowlists