Guide · safety · checklist
Is OpenClaw (Moltbot) safe?
The honest answer: it depends on how you run it. This page is a practical checklist to reduce risk before you connect anything sensitive.
Threat model (in one paragraph)
Any agent that can read messages and run actions can be abused via bad prompts, leaked tokens, or overly-permissive integrations. Your job is to limit who can talk to it, what it can do, and where secrets live.
Safety checklist (do these first)
1
Restrict who can message the bot
Start with allowlists (your number / your accounts). Keep groups mention-only.
2
Use least-privilege tokens
Don’t give it admin credentials for everything on day one.
3
Keep secrets off the chat history
Treat chat as untrusted input. Avoid pasting keys.
4
Turn on audit/logging and actually look
Most scary failures are visible in logs.
5
Start with one simple workflow
Prove the system works before connecting more tools.
Related
Official references: docs.molt.bot/gateway/security