Security alert · blunt answer

Is OpenClaw (Moltbot) safe?

It can be safe enough for real use — if you harden it. If you expose panels, accept messages from anyone, or leak tokens, it becomes high risk.

Rule #1: Do not expose control panels to the public internet. If you did, rotate tokens and treat it like an incident.

What can go wrong (top risks)

Exposed dashboard

Reverse proxy mistakes can leak configs, tokens, chat history.

Fix →

Prompt injection

Chat is untrusted input. Attackers can manipulate agent behavior.

Learn →

Over-permissioned secrets

Too-broad tokens turn small mistakes into big incidents.

Fix →

What to do first

Run 5‑minute AutoCheck → Check exposure →

Tip: treat any self-hosted agent like a small production system. You don’t need perfect security — you need to eliminate the obvious failures first.