OpenClaw Security

Self-hosted by design. Your server, your keys, your data. Every line of code is open source and auditable.

Security Pillars

🏠

Self-Hosting

OpenClaw runs on your infrastructure. Your conversations, memory, and config files never leave your machine.

🔑

API Key Isolation

You use your own AI provider keys directly. OpenClaw never sees, stores, or proxies your API credentials.

📖

Open Source Auditability

100% of the codebase is public on GitHub. Security researchers and developers continuously review the code.

🛡️

Privacy by Default

No telemetry, no analytics, no tracking. OpenClaw doesn't phone home unless you explicitly enable it.

Security Architecture

How OpenClaw is built to keep your data under your control.

No central server

OpenClaw is a self-hosted application. There is no OpenClaw cloud that processes your data. When you self-host, we literally cannot access your instance.

Direct provider connections

Your API keys are used to connect directly to AI providers (OpenAI, Anthropic, Google, etc.). Requests go from your server to the provider — OpenClaw is not a proxy.

Local storage only

Conversation history, memory files, and configuration are stored as files on your machine. Back them up, encrypt them, or delete them at any time.

Configurable permissions

Fine-grained control over file access, network access, and tool permissions. OpenClaw only accesses what you explicitly allow in your config.

Optional offline mode

Run with local AI models via Ollama for fully air-gapped operation. Zero data leaves your network — not even to an AI provider.

Open Source Auditability

OpenClaw is licensed under MIT. The entire codebase — server, client, skills, integrations — is public on GitHub. This means:

📂

Full source transparency

Every network request, every file access, every data transformation is visible in the source code. No hidden behaviors.

🔍

Community review

Thousands of developers use and review the codebase. Security issues are identified and patched quickly through public issue tracking.

🐛

Reproducible builds

You can build OpenClaw from source and verify the Docker images match the published source code.

OpenClaw vs. Cloud AI Assistants

Feature	OpenClaw	Cloud AI Assistants
Hosting	Your server	Vendor servers
API key storage	Your .env file	Vendor-managed
Source code	Open source	Closed source
Telemetry	None	Usage tracked
Data storage	Local files	Cloud databases

Take Control of Your AI Security

Self-host OpenClaw and keep your data where it belongs — on your infrastructure.

Self-Hosting Guide → API Key Security →