Free Resource — JP Automations

The OpenClaw
Security Guide

How to stay protected if you're using OpenClaw — including the part nobody's being paid to say.

1. What Cisco's Security Team Actually Found

Cisco's security researchers discovered that a malicious OpenClaw skill can exfiltrate your data silently — without triggering any alert, warning, or visible action on screen. The attack vector is the skill system itself: because skills run with the same permissions as OpenClaw, a compromised or malicious skill inherits full access to everything OpenClaw can touch.

That means your inbox, your calendar, your local files — all of it can be read and sent externally without you knowing. The agent takes action quietly. That's the whole point of it, and also the risk.

2. What Data Is Actually Exposed

If OpenClaw is connected to your Gmail, it can read every email in your inbox — including client conversations, quote requests, signed contracts, and invoices with bank details. If it's connected to your calendar, it knows your schedule, your client meetings, and the notes attached to them.

This isn't just your data. If a client sent you their job spec, their address, or their payment details over email — that's their data now sitting inside a system that can be compromised through a single bad skill install.

3. How to Audit Your Installed Skills Right Now

Open OpenClaw and navigate to Settings → Skills (or the skills directory in your config folder).

List every skill installed. For each one, ask: where did this come from? Is it from the official OpenClaw repo, or a third-party source?

For any skill you didn't install yourself or can't verify the source of — remove it immediately.

Review what permissions each remaining skill requests. A skill that handles calendar events should not need inbox access.

4. Safe Configuration Checklist

✓Only install skills from the official OpenClaw repository or sources you can personally verify

✓Never install a skill shared via DM, Reddit, or an unknown GitHub repo

✓Connect OpenClaw to a dedicated Gmail account — not your primary client inbox

✓Use a separate calendar for OpenClaw, not the one with client meetings

✓Regularly review skill permissions and remove anything you're not actively using

✓Keep OpenClaw updated — security patches ship frequently

✓Do not store contracts, invoices, or sensitive files in folders OpenClaw has file access to

5. How to Isolate OpenClaw from Sensitive Client Data

The simplest protection is isolation. Give OpenClaw a sandboxed environment — a dedicated email address, a separate calendar, and a specific folder on your machine — and keep your actual client work outside of it.

Think of it like a work phone: useful for certain tasks, but you wouldn't put your clients' bank details on it. Same principle here.

If you want the full benefit of AI automation without the security surface area, that's exactly what a properly built custom automation gives you — scoped access, no skill marketplace risk, deployed to infrastructure you control.

Want automation without the risk?

I build custom automations for service businesses — scoped, secure, and built around your exact workflow.

Book a Free Call →