Security hardening + token optimization for your OpenClaw / Clawdbot deployment. One kit, production-ready.
Who is this for? Anyone running OpenClaw on a VPS or cloud server. Local Mac users can still benefit from the token optimization sections.
OpenClaw's default configuration is not secure. From the official docs:
"Running an AI agent with shell access on your machine is... spicy. There is no 'perfectly secure' setup."
Specific risks:
- SSH password login enabled β brute force attacks
- Gateway port exposed to the internet β unauthorized access
- API keys stored in plaintext β credential leaks
- Session logs unencrypted β privacy exposure
- All traffic routed through the most expensive model β money burned
This repo provides a battle-tested hardening playbook.
git clone https://github.com/jzOcb/openclaw-hardening.git
cd openclaw-hardening
# 1. Audit your current security posture
bash security/audit.sh
# 2. One-click hardening (interactive, confirms each step)
sudo bash security/harden.sh
# 3. Apply secure Gateway config
cp config/openclaw-secure.json5 ~/.openclaw/openclaw.json.example
# Manually merge into your openclaw.json
# 4. Install recommended skills
bash setup/install-skills.shopenclaw-hardening/
βββ README.md # English docs (you are here)
βββ README_CN.md # δΈζζζ‘£
βββ security/
β βββ audit.sh # Security audit (9 checks)
β βββ harden.sh # One-click hardening (UFW+SSH+fail2ban+Tailscale)
βββ config/
β βββ openclaw-secure.json5 # Secure Gateway config template
β βββ token-optimization.json5 # Token optimization config template
βββ setup/
β βββ install-skills.sh # Recommended skills installer
βββ docs/
βββ SECURITY.md # Security deep dive
βββ TOKEN-OPTIMIZATION.md # Token cost optimization
βββ MODEL-ROUTING.md # Multi-model routing guide
Checks 9 security indicators:
| # | Check | What it looks for |
|---|---|---|
| 1 | SSH config | Port, password auth, root login |
| 2 | Firewall | UFW enabled and configured |
| 3 | fail2ban | Brute force protection active |
| 4 | Open ports | Unnecessary port exposure |
| 5 | Gateway config | Bind address, auth mode |
| 6 | Tailscale | Secure remote access setup |
| 7 | Credential storage | Plaintext API keys |
| 8 | File permissions | Config and log file permissions |
| 9 | Browser control | Port 18791 exposure |
bash security/audit.shInteractive execution β confirms before each step:
- UFW Firewall β Allow SSH only, deny all other inbound
- SSH Hardening β Custom port, disable password auth, disable root, limit retries
- fail2ban β Ban IP after 3 failures for 1 hour
- Tailscale Setup β Secure remote access (replaces public port exposure)
sudo bash security/harden.sh
β οΈ Important: Keep your current SSH session open while running harden.sh. Open a second terminal to test the new port before closing!
OpenClaw defaults to using the same model for everything. If you're on Claude Opus, every heartbeat, every sub-agent, every routine check burns premium tokens.
| Task Type | Recommended Model | Relative Cost |
|---|---|---|
| Main conversation | Claude Opus 4.5 | $$$$$ |
| Sub-agents | Claude Sonnet 4 | $ |
| Heartbeat checks | Claude Sonnet 4 | $ |
| Fallback | Claude Sonnet 4 | $ |
Merge into ~/.openclaw/openclaw.json:
{
agents: {
defaults: {
// Primary model
model: { primary: "anthropic/claude-opus-4-5" },
// Cheaper model for sub-agents
subagents: { model: "anthropic/claude-sonnet-4-5" },
// NOTE: fallbacks not supported in 2026.1.24-1
// Use /model command to switch manually if needed
// Heartbeat interval (55min keeps 1h cache warm)
heartbeat: { every: "55m" },
// Auto-prune old tool outputs
contextPruning: { mode: "cache-ttl", ttl: "1h" },
}
}
}- Heartbeats no longer burn Opus β 5x cheaper
- Sub-agents auto-route to Sonnet β 5x cheaper
- Cache warming reduces duplicate writes β saves cache write costs
- Estimated overall savings: 30β50%
Switch models on the fly in chat:
/model # Search available models
/model sonnet # Switch to Sonnet
/new # Recommended: start new session before switching
15 curated high-value skills:
| Category | Skill | Purpose |
|---|---|---|
| Security | clawdbot-security-suite | Command sanitization, pattern detection |
| Infra | digital-ocean | DigitalOcean server management |
| Infra | tailscale | Tailscale network management |
| Finance | polymarket | Prediction market data |
| Finance | ibkr-trader | IBKR trading automation |
| Finance | yahoo-finance | Stock & financial data |
| Search | brave-search | Brave Search API |
| Search | tavily | AI-optimized search |
| Search | last30days | Recent Reddit/X/Web results |
| Tools | duckdb-en | SQL data analysis |
| Tools | youtube-summarizer | YouTube video summaries |
| Tools | auto-updater | Auto-update OpenClaw |
| Tools | search | General web search |
| Maintenance | skills-audit | Skills security audit |
| Docs | clawddocs | Official docs expert |
bash setup/install-skills.sh- Tom Crawshaw (@tomcrawshaw01) β Security hardening guide (31.4K views) & video walkthrough
- OpenClaw Official Security Docs
- ζΈθ (@op7418) β Model configuration tutorial
- huangserva (@servasyy_ai) β Security vulnerability deep dive
- VoltAgent/awesome-openclaw-skills β Skills directory
MIT β Use freely, attribution appreciated.
PRs welcome! Especially:
- Additional security checks
- Hardening scripts for other cloud providers (AWS, Hetzner, etc.)
- More token optimization techniques
- Model routing configs for other providers (OpenAI, DeepSeek, Gemini, etc.)