{"id":24657,"date":"2026-04-01T17:16:32","date_gmt":"2026-04-01T08:16:32","guid":{"rendered":"https:\/\/aireviewirush.com\/?p=24657"},"modified":"2026-04-01T17:16:33","modified_gmt":"2026-04-01T08:16:33","slug":"do-not-deploy-openclaw-with-out-securing-it-do-this-opensource-answer-and-hands-on-lab","status":"publish","type":"post","link":"https:\/\/aireviewirush.com\/?p=24657","title":{"rendered":"Do not deploy OpenClaw with out securing it &#8211; Do this opensource answer and hands-on lab"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_53 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\" role=\"button\"><label for=\"item-69eb78afbe2d1\" ><span class=\"\"><span style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input aria-label=\"Toggle\" aria-label=\"item-69eb78afbe2d1\"  type=\"checkbox\" id=\"item-69eb78afbe2d1\"><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/aireviewirush.com\/?p=24657\/#So_that_you_put_in_OpenClaw\" title=\"So that you put in OpenClaw\">So that you put in OpenClaw<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/aireviewirush.com\/?p=24657\/#What_OpenClaw_Truly_Modifications\" title=\"What OpenClaw Truly Modifications\">What OpenClaw Truly Modifications<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/aireviewirush.com\/?p=24657\/#Why_OpenClaw_Safety_Issues\" title=\"Why OpenClaw Safety Issues\">Why OpenClaw Safety Issues<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/aireviewirush.com\/?p=24657\/#What_DefenseClaw_Gives\" title=\"What DefenseClaw Gives\">What DefenseClaw Gives<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/aireviewirush.com\/?p=24657\/#1_Guardrails\" title=\"1. Guardrails\">1. Guardrails<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/aireviewirush.com\/?p=24657\/#2_Device_Inspection\" title=\"2. Device Inspection\">2. Device Inspection<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/aireviewirush.com\/?p=24657\/#3_Set_up_Scanning\" title=\"3. Set up Scanning\">3. Set up Scanning<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/aireviewirush.com\/?p=24657\/#4_CodeGuard\" title=\"4. CodeGuard\">4. CodeGuard<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/aireviewirush.com\/?p=24657\/#OpenClaw_Safety_Lab\" title=\"OpenClaw Safety Lab\">OpenClaw Safety Lab<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"So_that_you_put_in_OpenClaw\"><\/span>So that you put in OpenClaw<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>OpenClaw turns into highly effective the second it will probably join a mannequin to instruments, expertise, MCP servers, and a dwell workspace. That can also be the second safety stops being non-compulsory.<\/p>\n<p>In case you are evaluating OpenClaw, or planning to run it in entrance of actual instruments and information, the primary query shouldn&#8217;t simply be what the agent can do. The primary query needs to be what occurs if it trusts the unsuitable part.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"What_OpenClaw_Truly_Modifications\"><\/span>What OpenClaw Truly Modifications<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>OpenClaw is helpful as a result of it helps AI brokers do greater than reply remoted prompts.<img loading=\"lazy\" decoding=\"async\" class=\"lazy lazy-hidden alignright\" data-lazy-type=\"image\" src=\"https:\/\/zap-cdn.com\/interface\/_images\/wallpaper\/zap_openclaw_transparent.png\" alt=\"OpenClaw on ZAP-Hosting servers\" width=\"362\" height=\"217\"\/><noscript><img loading=\"lazy\" decoding=\"async\" class=\"alignright\" src=\"https:\/\/zap-cdn.com\/interface\/_images\/wallpaper\/zap_openclaw_transparent.png\" alt=\"OpenClaw on ZAP-Hosting servers\" width=\"362\" height=\"217\"\/><\/noscript><\/p>\n<p>It could possibly:<\/p>\n<ul>\n<li>Connect with expertise<\/li>\n<li>Use MCP servers<\/li>\n<li>Name instruments and companies<\/li>\n<li>Work with recordsdata and a workspace<\/li>\n<li>Generate code that lands within the atmosphere<\/li>\n<\/ul>\n<p>That makes OpenClaw extra succesful.<\/p>\n<p>It additionally creates extra belief boundaries.<\/p>\n<p>When an agent can set up helpers, name exterior instruments, and act on a dwell workspace, the chance is not restricted to dangerous textual content era. Now the system has to resolve what will get trusted, what will get executed, what reaches the mannequin, and what code will get written into the atmosphere.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Why_OpenClaw_Safety_Issues\"><\/span>Why OpenClaw Safety Issues<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>This isn&#8217;t only a hypothetical design concern.<img loading=\"lazy\" decoding=\"async\" class=\"lazy lazy-hidden wp-image-488897 alignright\" data-lazy-type=\"image\" src=\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2026\/03\/2026-03-30_08-32-09-1.png\" alt=\"OpenClaw security stats\" width=\"505\" height=\"347\"\/><noscript><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-488897 alignright\" src=\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2026\/03\/2026-03-30_08-32-09-1.png\" alt=\"OpenClaw security stats\" width=\"505\" height=\"347\"\/><\/noscript><\/p>\n<p>Koi Safety\u2019s audit of two,857 ClawHub expertise discovered 341 malicious entries, or <strong>11.9%<\/strong>.<\/p>\n<p>A printed arXiv research discovered that <strong>26.1%<\/strong> of analyzed expertise had no less than one vulnerability. The identical research reported <strong>13.3%<\/strong> with data-exfiltration patterns and 11.8% with privilege-escalation patterns.<\/p>\n<p>These numbers don&#8217;t imply each OpenClaw ability is malicious.<\/p>\n<p>They do imply one thing extra sensible: there&#8217;s already sufficient dangerous habits within the ecosystem that OpenClaw shouldn&#8217;t be run with out safety controls in entrance of it.<\/p>\n<p>One dangerous ability with file-read permissions and a dwell workspace might be sufficient to reveal information, run dangerous instructions, or harm the atmosphere. Learn extra stats on this <a href=\"https:\/\/cs.co\/openclaw#overview\" target=\"_blank\" rel=\"noopener\">overview web page<\/a>.<\/p>\n<p>\u00a0<\/p>\n<h2><span class=\"ez-toc-section\" id=\"What_DefenseClaw_Gives\"><\/span>What DefenseClaw Gives<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"lazy lazy-hidden alignnone wp-image-489025 size-full\" data-lazy-type=\"image\" src=\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2026\/03\/defenseclaw.png\" alt=\"DefenseClaw\" width=\"3822\" height=\"1026\"\/><noscript><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-489025 size-full\" src=\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2026\/03\/defenseclaw.png\" alt=\"DefenseClaw\" width=\"3822\" height=\"1026\"\/><\/noscript><\/p>\n<p>DefenseClaw is <strong>free, open-source<\/strong> safety answer for OpenClaw.<\/p>\n<p>It provides checks earlier than set up and whereas the system is working. It offers safety by 4 functionality areas\/engines:<\/p>\n<ol>\n<li>Guardrails \u2013\u00a0Inspects prompts and mannequin visitors to catch immediate injection, unsafe requests, and delicate information publicity earlier than the mannequin acts on them<\/li>\n<li>Device inspection \u2013 Checks expertise, MCP servers and power requires dangerous behaviour equivalent to secret entry, unsafe instructions, and inner system entry<\/li>\n<li>Set up scanning \u2013 Scans expertise, MCP servers, and plugins earlier than they&#8217;re trusted so malicious or unsafe elements might be blocked early<\/li>\n<li>CodeGuard \u2013 Critiques AI-generated code for harmful patterns like command execution, embedded secrets and techniques, and unsafe queries earlier than it&#8217;s written or run<\/li>\n<\/ol>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"lazy lazy-hidden wp-image-488982 size-full aligncenter\" data-lazy-type=\"image\" src=\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2026\/03\/2026-03-30_23-29-53.png\" alt=\"DefenseClaw modules\" width=\"2698\" height=\"726\"\/><noscript><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-488982 size-full aligncenter\" src=\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2026\/03\/2026-03-30_23-29-53.png\" alt=\"DefenseClaw modules\" width=\"2698\" height=\"726\"\/><\/noscript><\/p>\n<p>If you wish to see technical particulars, you&#8217;ll be able to evaluation the <a href=\"https:\/\/cs.co\/openclaw#diagram\" target=\"_blank\" rel=\"noopener\">full diagram<\/a>.<\/p>\n<p>The <a href=\"https:\/\/cs.co\/openclaw#demo\" target=\"_blank\" rel=\"noopener\">dwell demo<\/a> has examples that specify what every engine does.<\/p>\n<p>\u00a0<\/p>\n<h2><span class=\"ez-toc-section\" id=\"1_Guardrails\"><\/span><strong>1. Guardrails<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The guardrail circulation exhibits how dangerous prompts and poisoned content material can change mannequin habits as soon as the mannequin is related to an actual workflow.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"lazy lazy-hidden wp-image-489015 alignright\" data-lazy-type=\"image\" src=\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2026\/03\/2026-03-31_13-07-22.png\" alt=\"Guardrail demo\" width=\"586\" height=\"895\"\/><noscript><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-489015 alignright\" src=\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2026\/03\/2026-03-31_13-07-22.png\" alt=\"Guardrail demo\" width=\"586\" height=\"895\"\/><\/noscript><\/p>\n<p>Within the demo, a poisoned word or privacy-style request pushes the mannequin towards an unsafe path. DefenseClaw inspects that visitors and blocks the unsafe final result earlier than it reaches the protected mannequin path.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"2_Device_Inspection\"><\/span>2. Device Inspection<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The MCP part is among the clearest elements of the walkthrough.<\/p>\n<p>It exhibits how a malicious MCP path can attempt to:<\/p>\n<ul>\n<li>learn artificial AWS credentials<\/li>\n<li>run a bunch command<\/li>\n<li>fetch inner configuration<\/li>\n<\/ul>\n<p>Within the protected path, these device requests are blocked by coverage earlier than they attain the ultimate device final result.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"3_Set_up_Scanning\"><\/span>3. Set up Scanning<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Safety has to start out earlier than belief.<\/p>\n<p>The demo exhibits what occurs when OpenClaw is requested to just accept:<\/p>\n<ul>\n<li>a malicious ability<\/li>\n<li>an unsafe MCP server<\/li>\n<\/ul>\n<p>DefenseClaw scans these elements earlier than they&#8217;re trusted and may reject or quarantine them earlier than they change into a part of the workflow.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"4_CodeGuard\"><\/span>4. CodeGuard<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The ultimate path focuses on agent-written code.<\/p>\n<p>That issues as a result of even when a immediate or device name seems innocent, the following step could also be code era that lands within the workspace.<\/p>\n<p>The demo makes that concrete with examples equivalent to:<\/p>\n<ul>\n<li>shell execution<\/li>\n<li>embedded non-public key materials<\/li>\n<li>unsafe SQL building<\/li>\n<\/ul>\n<p>DefenseClaw scans these patterns earlier than the file write lands.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"OpenClaw_Safety_Lab\"><\/span>OpenClaw Safety Lab<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<figure id=\"attachment_489024\" aria-describedby=\"caption-attachment-489024\" style=\"width: 584px\" class=\"wp-caption alignright\"><img loading=\"lazy\" decoding=\"async\" class=\"lazy lazy-hidden wp-image-489024\" data-lazy-type=\"image\" src=\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2026\/03\/2026-03-31_13-30-07-1.gif\" alt=\"OpenClaw Lab\" width=\"584\" height=\"302\"\/><noscript><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-489024\" src=\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2026\/03\/2026-03-31_13-30-07-1.gif\" alt=\"OpenClaw Lab\" width=\"584\" height=\"302\"\/><\/noscript><figcaption id=\"caption-attachment-489024\" class=\"wp-caption-text\">OpenClaw Safety Lab<\/figcaption><\/figure>\n<p>OpenClaw safety lab is a hands-on walkthrough the place you arrange your personal OpenClaw atmosphere, check malicious expertise, unsafe MCP servers, immediate assaults, and dangerous code paths, then apply DefenseClaw to examine or block them earlier than they trigger hurt.<\/p>\n<p>You may also use it as a best-practice reference for deploying DefenseClaw and securing your personal atmosphere.<\/p>\n<p>Begin the lab right here: <a href=\"https:\/\/cs.co\/oc\" target=\"_blank\" rel=\"noopener\"><strong>OpenClaw Safety hands-on lab<\/strong><\/a><\/p>\n<p>If you would like extra, attempt all of the hands-on labs within the AI Safety Studying Journey at <a href=\"https:\/\/cs.co\/aj\" target=\"_blank\" rel=\"noopener\">cs.co\/aj<\/a>.<\/p>\n<p class=\"text-size-chat leading-relaxed extension:leading-normal my-2\">Have enjoyable exploring the labs, and be happy to achieve out if in case you have questions or suggestions.<\/p>\n<p>\u00a0<\/p>\n<\/p><\/div>\n\n","protected":false},"excerpt":{"rendered":"<p>So that you put in OpenClaw OpenClaw turns into highly effective the second it will probably join a mannequin to instruments, expertise, MCP servers, and a dwell workspace. That can also be the second safety stops being non-compulsory. In case you are evaluating OpenClaw, or planning to run it in entrance of actual instruments and [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":24659,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[],"class_list":{"0":"post-24657","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cloud-computing"},"_links":{"self":[{"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/posts\/24657","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=24657"}],"version-history":[{"count":1,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/posts\/24657\/revisions"}],"predecessor-version":[{"id":24658,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/posts\/24657\/revisions\/24658"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/media\/24659"}],"wp:attachment":[{"href":"https:\/\/aireviewirush.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=24657"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=24657"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=24657"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}