Security Policy Generator

Define what your agent can and cannot do. Generate a secure config.json file.

{
  "allowedCommands": [
    "ls",
    "cat",
    "git"
  ],
  "workDirectory": "/app/workspace",
  "securityLevel": "strict"
}

Why is a Security Policy Important?

OpenClaw is a powerful agent that can execute shell commands. To prevent accidents or potential misuse (if the LLM gets confused), strictly defining an allowedCommands whitelist is crucial.

Best Practices

  • Principle of Least Privilege: Only enable the commands your agent absolutely needs. If it doesn't need docker, don't enable it.
  • Sandboxing: Always run OpenClaw in a container (Docker) or a restricted user environment.
  • Work Directory: Restrict the agent's file operations to a specific workspace folder to protect your system files.

How to use this config

Copy the generated JSON content and save it to your config.json file in the OpenClaw configuration directory. Restart the agent for changes to take effect.