2026-01-15 06:12:54 +00:00
---
2026-01-30 03:15:10 +01:00
summary: "CLI reference for `openclaw security` (audit and fix common security footguns)"
2026-01-15 06:12:54 +00:00
read_when:
- You want to run a quick security audit on config/state
- You want to apply safe “fix” suggestions (chmod, tighten defaults)
2026-01-31 16:04:03 -05:00
title: "security"
2026-01-15 06:12:54 +00:00
---
2026-01-30 03:15:10 +01:00
# `openclaw security`
2026-01-15 06:12:54 +00:00
Security tools (audit + optional fixes).
Related:
2026-01-31 21:13:13 +09:00
2026-01-15 06:12:54 +00:00
- Security guide: [Security ](/gateway/security )
## Audit
```bash
2026-01-30 03:15:10 +01:00
openclaw security audit
openclaw security audit --deep
openclaw security audit --fix
2026-01-15 06:12:54 +00:00
```
2026-02-03 22:55:13 -08:00
The audit warns when multiple DM senders share the main session and recommends **secure DM mode** : `session.dmScope="per-channel-peer"` (or `per-account-channel-peer` for multi-account channels) for shared inboxes.
2026-01-21 01:24:10 +00:00
It also warns when small models (`<=300B` ) are used without sandboxing and with web/browser tools enabled.
