






























@@ -1793,6 +1793,71 @@ lives on the [Models FAQ](/help/faq-models).
1793179317941794</Accordion>
179517951796+<Accordion title="Is OpenClaw less safe because it uses TypeScript/Node instead of Rust/WASM?">
1797+Language and runtime matter, but they are not the main risk for a personal
1798+agent. The practical OpenClaw risks are gateway exposure, who can message the
1799+bot, prompt injection, tool scope, credential handling, browser access, exec
1800+access, and third-party skill or plugin trust.
1801+1802+Rust and WASM can provide stronger isolation for some classes of code, but
1803+they do not solve prompt injection, bad allowlists, public gateway exposure,
1804+overbroad tools, or a browser profile that is already logged in to sensitive
1805+accounts. Treat those as the primary controls:
1806+1807+- keep the Gateway private or authenticated
1808+- use pairing and allowlists for DMs and groups
1809+- deny or sandbox risky tools for untrusted inputs
1810+- install only trusted plugins and skills
1811+- run `openclaw security audit --deep` after config changes
1812+1813+Details: [Security](/gateway/security), [Sandboxing](/gateway/sandboxing).
1814+1815+</Accordion>
1816+1817+<Accordion title="I saw reports about exposed OpenClaw instances. What should I check?">
1818+First check your actual deployment:
1819+1820+```bash
1821+openclaw security audit --deep
1822+openclaw gateway status
1823+```
1824+1825+A safer baseline is:
1826+1827+- Gateway bound to `loopback`, or exposed only through authenticated private
1828+ access such as a tailnet, SSH tunnel, token/password auth, or a correctly
1829+ configured trusted proxy
1830+- DMs in `pairing` or `allowlist` mode
1831+- groups allowlisted and mention-gated unless every member is trusted
1832+- high-risk tools (`exec`, `browser`, `gateway`, `cron`) denied or tightly
1833+ scoped for agents that read untrusted content
1834+- sandboxing enabled where tool execution needs a smaller blast radius
1835+1836+Public binds without auth, open DMs/groups with tools, and exposed browser
1837+control are the findings to fix first. Details:
1838+[Security audit checklist](/gateway/security#security-audit-checklist).
1839+1840+</Accordion>
1841+1842+<Accordion title="Are ClawHub skills and third-party plugins safe to install?">
1843+Treat third-party skills and plugins as code you are choosing to trust.
1844+ClawHub skill pages expose scan state before install, and OpenClaw plugin
1845+install/update flows run built-in dangerous-code checks, but scans are not a
1846+complete security boundary.
1847+1848+Safer pattern:
1849+1850+- prefer trusted authors and pinned versions
1851+- read the skill or plugin before enabling it
1852+- keep plugin and skill allowlists narrow
1853+- run untrusted-input workflows in a sandbox with minimal tools
1854+- avoid giving third-party code broad filesystem, exec, browser, or secret access
1855+1856+Details: [Skills](/tools/skills), [Plugins](/tools/plugin),
1857+[Security](/gateway/security).
1858+1859+</Accordion>
1860+17961861<Accordion title="Should my bot have its own email, GitHub account, or phone number?">
17971862Yes, for most setups. Isolating the bot with separate accounts and phone numbers
17981863reduces the blast radius if something goes wrong. This also makes it easier to rotate
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。