[sathish316]

OpenClaw does present security risks, and the recommendations outlined in this article are apt.

That said, OpenClaw is more powerful than Claude Code due to its self-evolving agent architecture and its unfettered access to terminal and tools.

A secure way to provide access to additional non-sensitive API keys and secrets is by introducing a secure vault and ensuring OpenClaw’s skills retrieve credentials from it using time-scoped access (TTL of 15-60 mins). More details are available in this article: https://x.com/sathish316/status/2019496552419717390 . This reduces the attack surface to 15+ mins and the security can be further improved with Tailscale and sandboxing.

[CuriouslyC]

Better to put your agent on a zero trust private network, and force it to talk to a proxy with credential injection. That proxy doesn't need to have ingress, so your surface is basically prompt injections from files/web search and supply chain attacks.