mirror of
https://github.com/openclaw/openclaw.git
synced 2026-02-19 18:39:20 -05:00
28 lines
1010 B
Markdown
28 lines
1010 B
Markdown
---
|
|
summary: "CLI reference for `openclaw security` (audit and fix common security footguns)"
|
|
read_when:
|
|
- You want to run a quick security audit on config/state
|
|
- You want to apply safe “fix” suggestions (chmod, tighten defaults)
|
|
title: "security"
|
|
---
|
|
|
|
# `openclaw security`
|
|
|
|
Security tools (audit + optional fixes).
|
|
|
|
Related:
|
|
|
|
- Security guide: [Security](/gateway/security)
|
|
|
|
## Audit
|
|
|
|
```bash
|
|
openclaw security audit
|
|
openclaw security audit --deep
|
|
openclaw security audit --fix
|
|
```
|
|
|
|
The audit warns when multiple DM senders share the main session and recommends **secure DM mode**: `session.dmScope="per-channel-peer"` (or `per-account-channel-peer` for multi-account channels) for shared inboxes.
|
|
It also warns when small models (`<=300B`) are used without sandboxing and with web/browser tools enabled.
|
|
For webhook ingress, it warns when `hooks.defaultSessionKey` is unset, when request `sessionKey` overrides are enabled, and when overrides are enabled without `hooks.allowedSessionKeyPrefixes`.
|