A curated list of OpenClaw security, self-hosting, and enterprise resources β covering CVEs, hardening guides, deployment patterns, and ecosystem forks.
| Project | Category | Highlight |
|---|---|---|
NemoClaw NEW |
Security | NVIDIA's secure sandbox runtime for OpenClaw (17.6k stars) |
shellward NEW |
Security | 8-layer defense middleware + DLP + prompt injection detection |
memory-lancedb-pro NEW |
Memory | Hybrid retrieval long-term memory β Vector+BM25+Cross-Encoder (3.7k stars) |
lossless-claw NEW |
Memory | Lossless context management β DAG summarization, zero info loss (3.7k stars) |
OpenViking NEW |
Memory | ByteDance's context database for AI agents (19.8k stars) |
memU NEW |
Memory | Memory system for 24/7 persistent agents (13.2k stars) |
edict NEW |
Multi-Agent | 9-agent orchestration with real-time dashboard (13.4k stars) |
openclaw-a2a-gateway NEW |
Multi-Agent | A2A protocol v0.3.0 bidirectional agent communication gateway |
AutoResearchClaw NEW |
Ecosystem | Fully autonomous research β idea to paper (9.4k stars) |
OpenClaw's rapid adoption has brought significant security challenges. This section covers known vulnerabilities, tools, and practices to secure your deployment.
- CVE-2026-25253 (CVSS 8.8) β RCE One-Click Exploit β Remote code execution vulnerability, patched in v2026.1.29.
- CVE-2026-32064 β Recently disclosed CVE affecting OpenClaw core.
- OpenClawCVEs Tracker β Community-maintained CVE tracking repository.
- OpenClaw GitHub Security β Official security advisories and disclosure page.
- Adversa AI: CVE Details + Moltbook Leak + Hardening β In-depth CVE analysis, Moltbook credential leak, and hardening recommendations.
- CVE-2026-24763 β Docker command injection vulnerability.
- CVE-2026-25593 β Unauthenticated local RCE via WebSocket.
- GHSA-g8p2-7wf7-98mq β Token leakage enabling one-click RCE.
- The Hacker News: Prompt Injection & Data Exfiltration β Coverage of prompt injection flaws enabling data exfiltration.
- Dark Reading: Critical Vulnerability β Analysis of critical vulnerabilities introducing AI agent risks.
- Kaspersky: Unsafe for Use β Kaspersky's assessment of OpenClaw vulnerability exposure.
- Cisco Blog: Security Nightmare β Cisco's perspective on personal AI agent security risks.
- VentureBeat: Bypassing EDR/DLP/IAM β Research showing OpenClaw can silently bypass enterprise security controls.
- Infosecurity: 42,665 Exposed Instances β Researchers discover over 42,000 publicly exposed OpenClaw instances.
- Conscia: Security Crisis β Overview of the broader OpenClaw security crisis.
- Giskard: Data Leakage & Prompt Injection β Technical breakdown of data leakage and prompt injection attack surfaces.
- ClawGuard β Open-source skill scanner that intercepts high-risk skills before execution.
- ClawSecure β OWASP ASI Top 10 coverage with 55+ threat patterns; has audited 2,890+ agents.
- Bitdefender AI Skills Checker β Free skill security detection service from Bitdefender.
- openclaw-security-monitor β Active security monitoring for running OpenClaw instances.
- ClawDefend β Developer-focused security scanning for OpenClaw skills.
- VirusTotal Official Integration β Native VirusTotal scanning for ClawHub skills.
- claude-skill-security-auditor β Security auditor specifically targeting Claude Code skills.
- ClawSec β Complete security suite for OpenClaw deployments.
- ClawBands β Tool execution interceptor, filters skills before runtime.
- Aquaman β Credential isolation proxy preventing credential leakage.
- Claw-Hunter β Enterprise endpoint detection for OpenClaw instances.
- Clawhatch β Pre-install security scanner similar to ClawGuard.
- GuardSpine β Plugin-level security protection layer.
- ClawScan.io β Online skill scanning service.
- skill-audit β Community skill audit toolkit.
- OpenClaw Security Best Practices (2026) β Comprehensive hardening guide covering the full OpenClaw stack.
- Nebius: Architecture Hardening Guide β Architecture-level hardening recommendations for production deployments.
- OpenClaw Expert: Hardening Guide 2026 β Firewall, VPN, and credential rotation best practices.
- 7 Security Best Practices β CVE defense and data protection checklist.
- Official Gateway Security β Official documentation for OpenClaw gateway security configuration.
- ClawHub Malware Crisis β Guide to navigating the ClawHub malware crisis safely.
- NemoClaw β NVIDIA's official secure runtime for OpenClaw inside OpenShell sandbox with managed inference. Apache 2.0, 17.6K stars in two weeks.
NEW - IronClaw β Rust-based fork with WebAssembly isolation, capability-based permissions, and credential injection/leak detection.
- IronClaw Review β In-depth review of IronClaw's security architecture and trade-offs.
- Cisco DefenseClaw β Cisco's hardened fork designed specifically to counter supply chain attacks.
- ZeroClaw β Rust-based fork with filesystem sandboxing, distributed as a 3 MB single binary.
- shellward β AI Agent security middleware with 8-layer defense, DLP data flow control, and prompt injection detection. Zero dependencies, available as SDK + OpenClaw plugin.
NEW
- Repello AI: Inside ClawHavoc β Detailed post-mortem of the ClawHavoc attack affecting 300,000 users.
- CyberPress: 1,184 Malicious Skills β Report on 1,184 malicious skills distributed via ClawHub.
- Particula: 20% Skills Malicious β Research finding 20% of sampled ClawHub skills contain malicious behavior.
- Security Boulevard: Securing Against ClawHavoc β Defensive measures against ClawHavoc-style supply chain attacks.
- Oathe: Audited 1,620 Skills, Scanner Missed 91% β Independent audit revealing existing scanners miss 91% of malicious skills.
- The New Stack: 22,511 Skills Audit (140,963 Vulnerabilities) β Large-scale audit of AI agent skills uncovering nearly 141K vulnerabilities.
- Medium: Supply Chain Attack Analysis β Analysis of the corporate implications of OpenClaw supply chain attacks.
- Composed Security: OpenClaw vs IronClaw β Comparative security analysis between OpenClaw and IronClaw.
- Repello AI: Skill Security Audit Guide β Practical guide for auditing Claude Code skills.
- OX Security: Crypto-Wallet Phishing Attack β Disclosure of a GitHub-hosted phishing campaign targeting crypto wallets via OpenClaw.
- explain-openclaw β Multi-AI security analysis tool for vulnerability comparison.
- openclaw/trust β Official community threat assessment model.
- MoltThreats β Prompt threat intelligence tracking platform.
- Official Docker Guide β Official documentation for running OpenClaw in Docker.
- K8s Operator β Official Kubernetes Operator for deploying OpenClaw on K8s.
- LumaDock: Docker & K8s Tutorial β Step-by-step tutorial covering both Docker and Kubernetes deployments.
- LumaDock: High Availability Clustering β Guide for setting up high-availability OpenClaw clusters.
- Yotta Labs: Production Docker/K8s/GPU β Production deployment guide covering Docker, Kubernetes, and GPU infrastructure.
- Cloud Native Deep Dive: K8s β Deep dive into running OpenClaw on Kubernetes in a cloud-native setup.
- Simon Willison: Docker β Concise TIL-style guide for running OpenClaw via Docker.
- openclaw-ansible β Official Ansible deployment scripts.
- openclaw-helm β Community Helm Chart for Kubernetes.
- 1Panel Integration β Popular Chinese server panel with one-click deployment.
- Homebrew Tap β macOS Homebrew installation source.
- Official GCP Guide β Official documentation for deploying OpenClaw on Google Cloud Platform.
- Railway One-Click Deploy β One-click Railway deployment template.
- DigitalOcean β Community tutorial for running OpenClaw on DigitalOcean.
- DigitalOcean App Platform β Guide for deploying on DigitalOcean's managed App Platform.
- Hostinger VPS β Hostinger VPS deployment guide using Docker.
- Alibaba Cloud β Alibaba Cloud deployment campaign and documentation.
- Tencent Cloud β Tencent Cloud deployment guide.
- AWS β Community guide for setting up OpenClaw on AWS.
- Cloudflare/Vercel Comparison β Comparison of Cloudflare, Vercel, and SimpleClaw deployment options.
- Cloud vs Local Comparison β Decision guide comparing cloud hosting vs local self-hosting.
- Oracle Free Tier β 4 ARM CPU + 24GB RAM permanently free, excellent for self-hosting.
- Zeabur Template β One-click Docker deployment platform.
- Hetzner Guide β Official Hetzner VPS deployment documentation.
- Coolify Template β Self-hosted PaaS deployment template.
- Raspberry Pi 5 Guide β Edge/home deployment on Raspberry Pi.
- Cloudflare MoltWorker β Official Cloudflare Workers integration.
- Official Trusted Proxy Auth β Official documentation for trusted proxy authentication configuration.
- ClawTank: Caddy/Nginx/Trusted Proxies β Guide covering Caddy, Nginx, and trusted proxy configuration.
- Nginx/Apache Reverse Proxy Tutorial β Step-by-step reverse proxy setup for Nginx and Apache.
- Multi-App Nginx Setup β Running OpenClaw behind Nginx alongside other applications on a shared server.
- Cloudflare Tunnel / Tailscale β Exposing OpenClaw without opening public ports using Cloudflare Tunnel or Tailscale.
- Secure Remote Access β Best practices for accessing a self-hosted OpenClaw instance remotely.
- ClawRouter β Smart model routing, saves up to 78% on costs.
- Multi-Instance & Load Balancing β Tutorial on running multiple OpenClaw instances with load balancing.
- Performance Tuning Docs β Official performance tuning documentation.
- 80% Cost Reduction β Case study achieving 80% infrastructure cost reduction through tuning.
- Memory Architecture Guide β Developer guide for configuring and scaling OpenClaw's memory architecture.
- Memory, Concurrency & Context β Practical guide to optimizing memory, concurrency, and context handling.
- Multi-Agent Coordination β Patterns for coordinating multiple OpenClaw instances in multi-agent workflows.
- 4 Weeks in Production β Real-world lessons from running OpenClaw in production for four weeks.
- Cost Calculator β Real-time cost estimation tool.
- Cost Governor β Budget enforcement tool for OpenClaw usage.
- clawdbot-cost-monitor β Open-source cost monitoring dashboard.
- Official CLI Backup β Official CLI documentation for backup and restore operations.
- Complete Backup Guide β Comprehensive guide covering full backup and restore procedures.
- Data Protection Guide β End-to-end data protection guide for OpenClaw deployments.
- Settings & Memory Export β Tutorial for exporting OpenClaw settings and memory.
- Disaster Recovery on Hetzner β Disaster recovery setup with restore drills and practical failover on Hetzner.
- openclaw-backup Tool β Open-source CLI tool for automated OpenClaw backups.
- Keep My Claw β Managed zero-knowledge encrypted backup service for OpenClaw.
- Enterprise Multi-User & Hardening β Guide for multi-user enterprise deployments with hardening applied.
- Enterprise Security Setup β Security-focused enterprise setup walkthrough.
- Enterprise Automation Use Cases β Survey of enterprise automation use cases and implementation patterns.
- Customer Service to Sales β Case studies ranging from customer service automation to sales workflows.
- Business Workflows & Guardrails β Case studies examining where autonomous AI creates value and where guardrails are needed.
- One Month Review β Honest one-month post-deployment review of enterprise OpenClaw usage.
- Presidio: NVIDIA Ecosystem β Enterprise deployment in the NVIDIA ecosystem with Presidio's perspective.
- Implementation Guide β Practical implementation guide for business teams adopting OpenClaw.
- DataStudios: Enterprise Case Studies β Real-world deployments at TELUS (57,000 employees), Zapier (10Γ growth), and Tines (100Γ acceleration).
- Faros AI: Claude Code ROI β Measured 4:1 ROI with $37.50 per incremental PR vs $150 saved developer time.
- RBAC Feature Request #8081 β Upstream issue tracking role-based access control support.
- Agents Plane #17299 β Upstream issue tracking multi-tenant agent plane support.
- openclaw-multitenant β Container isolation with encrypted vault and team sharing support.
- lobu β Multi-tenant OpenClaw solution designed for team deployments.
- Session Isolation Vulnerability β Research exposing session isolation failures, authorization bypass, and privilege escalation in multi-user setups.
- VPS Monitoring β Tutorial for uptime, log, metrics, and alert monitoring on VPS deployments.
- SigNoz: OpenTelemetry Integration β Official SigNoz documentation for OpenClaw OpenTelemetry integration.
- SigNoz: Dashboard Guide β Guide for building OpenClaw monitoring dashboards with OpenTelemetry.
- Comet/Opik: Native Observability β Native observability integration using Comet and Opik.
- openclaw-observability-plugin β Open-source observability plugin for OpenClaw.
- ClawMetry β Real-time metrics dashboard for OpenClaw instances.
- BytePlus: Trace Monitoring β Distributed trace monitoring for OpenClaw via BytePlus Observability Platform.
- Grafana Claude Stats Plugin β Official Grafana plugin for real-time OpenClaw statistics dashboard.
- Grafana Cloud Anthropic Integration β Monitor Claude usage and costs with Grafana Cloud.
- Mission Control β War-room style monitoring with RBAC.
- Hawk Eye β Workspace sentinel for anomaly behavior detection.
- OpenClaw Studio β Visual agent management tool.
- ClawController β Real-time monitoring dashboard.
- SOC 2 / HIPAA / GDPR Guide β Enterprise compliance guide covering SOC 2, HIPAA, and GDPR requirements.
- 2026 Enterprise Hardening β Up-to-date enterprise hardening guidance for 2026.
- CLAW-10 Evaluation Framework β Structured framework for evaluating OpenClaw enterprise readiness.
- SOC 2 Audit Log Gap β Important finding: OpenClaw lacks the audit logging required for SOC 2 compliance.
- Security Model Deep Dive β Comprehensive deep dive into OpenClaw's underlying security model.
- Official SECURITY.md β Official security policy and vulnerability reporting instructions.
- Salesforce MCP β Salesforce integration via MCP for OpenClaw agents.
- Salesforce Service Cloud β Salesforce Service Cloud integration for support automation.
- Jira MCP β Jira integration via MCP for project management automation.
- ServiceNow MCP β ServiceNow integration for IT service management workflows.
- Jira Integration Guide β Step-by-step guide for connecting OpenClaw to Jira.
- Expanso: Jira Automation β Expanso's guide for automating Jira workflows with OpenClaw.
- ServiceNow Agent Skill β Community-built ServiceNow agent skill for ClawHub.
- SecureClaw (Adversa AI) β First OWASP ASI Top 10 aligned security plugin with MITRE ATLAS mapping, dual-layer defense (code + behavior).
- ClawSecure β 3-layer audit protocol detecting 55+ OpenClaw-specific threat patterns; audited 2,890+ agents.
- clawscan β Official ClawHub static scanner skill for pre-install security checks.
- openclaw-security-monitor β Active monitoring for ClawHavoc, AMOS Stealer, CVE-2026-25253, and supply chain attacks.
- OWASP Agentic Skills Top 10 β Official OWASP checklist for agent skill security.
- arc-security-audit β Full agent skill stack security audit.
- clawdefender β Security scanner + input sanitizer skill.
- agentkeys β Secure credential broker for AI agents.
- Salesforce MCP β Natural language CRM automation via Composio.
- Jira Integration β Issue creation, sprint tracking, JQL queries, workflow automation.
- sql-toolkit β PostgreSQL/MySQL/SQLite with NL-to-SQL, parameterized queries, read-only mode, audit logging.
- database β Unified PostgreSQL/MySQL/SQLite/MongoDB/Redis access with SSH tunnel and destructive operation confirmation.
- GOG (Google Workspace) β Gmail + Calendar + Drive + Sheets integration, 14,000+ installs.
- openclaw-operator β Production Kubernetes operator with network isolation, secret management, and health monitoring.
- openclaw-dashboard β Secure real-time monitoring panel with Auth, TOTP MFA, cost tracking, and memory browser.
- GitHub Actions CI/CD Monitoring β Detect build/test failures and auto-pull error logs.
- Lobster Shell β Native OpenClaw workflow shell composing skills and tools into reusable pipelines.
- Semgrep Security Cheat Sheet β Static analysis rules for skill security auditing.
- OpenClaw Security Best Practices β Pre-install audit steps and minimal sandbox permissions.
- Official Security Docs β Permission model, sandbox config,
--allow-toolsdeny-by-default. - Snyk ToxicSkills Report β Audit of 22,511 skills: 36% with defects, 1,467 malicious payloads, 127 invisible Unicode steganography.
- VirusTotal Integration β All ClawHub uploads now scanned via VirusTotal Code Insight.
- edict β 9-agent orchestration system inspired by ancient Chinese "Three Departments and Six Ministries" governance. Real-time dashboard, kanban view, full audit trails, multi-model support (13.4K stars).
NEW - openclaw-a2a-gateway β A2A (Agent-to-Agent) protocol v0.3.0 implementation β bidirectional agent communication gateway for standardized multi-agent interoperability.
NEW - agent-team-orchestration β Role definitions, task lifecycle, and handoff protocols.
- agent-collaboration-network β Agent registry, skill-based discovery, message routing.
- arc-department-manager β Manage AI sub-agent departments.
- Official Skills Guide β Creating custom skills with SKILL.md.
- Plugin SDK β TypeScript SDK for channels, model providers, tools, and skills.
- DataCamp Tutorial β Hands-on custom skill building guide.
- DigitalOcean Guide β Comprehensive skill overview and development walkthrough.
- VoltAgent/awesome-openclaw-skills β 5,400+ curated skills from the official registry.
Memory is one of the fastest-evolving areas in the OpenClaw ecosystem. Two complementary approaches have emerged: long-term memory (cross-session knowledge) and context management (within-session lossless handling).
| Long-term Memory | Context Management | |
|---|---|---|
| Problem solved | Remember user preferences & decisions across sessions | Prevent info loss when conversation exceeds context window |
| Scope | Permanent (cross-session) | Within current session |
| Representative | memory-lancedb-pro, Mem0, memU | lossless-claw, OpenViking |
| Plugin slot | memory |
contextEngine |
| Can use both? | Yes β they complement each other |
Best practice: Enable one long-term memory plugin + one context management plugin together.
- memory-lancedb-pro β Hybrid retrieval long-term memory β Vector+BM25+Cross-Encoder reranking, auto-captures 6 knowledge categories, Weibull decay model for intelligent forgetting (3.7K stars).
NEW - memU β Built for 24/7 persistent agents β supports Claude Skills + MCP protocol, designed for always-on agentic workflows (13.2K stars).
NEW - Mem0 Integration β Most popular persistent memory solution for OpenClaw agents.
- OceanBase PowerMem β Powerful memory backend by Alibaba OceanBase.
- Supermemory β Supermemory integration for OpenClaw.
- MoltBrain β Brain-like long-term memory system.
- Engram β Unified multi-agent memory framework.
- openclaw-memory-mem0 β Semantic fact extraction memory layer.
- claude-mem β Claude-specific memory layer.
- lossless-claw β Lossless Context Management β DAG-based hierarchical summarization + SQLite persistence, zero information loss. Agents can search (
lcm_grep) and drill into (lcm_expand) any compacted history (3.7K stars).NEW - OpenViking β ByteDance's context database for AI agents β file-system paradigm for unified management of memory, resources, and skills. Supports hierarchical context delivery and self-evolution (19.8K stars).
NEW - MemOS β Memory operating system for AI agents.
- MemOS Cloud Plugin β Cloud-based memory plugin for OpenClaw.
- memov β Universal memory layer and retrieval toolkit.
- openamnesia β Continuous learning context engine with privacy-safe memory extraction.
- Cognee β Graph-based memory and recall system.
A brief overview of notable OpenClaw forks and related frameworks.
| Project | Stars | Language | Highlight |
|---|---|---|---|
| OpenClaw | 340K+ | β | The original |
| Nanobot | 36.9K | Python | Hong Kong University, ultra-lightweight |
| ZeroClaw | 29.1K | Rust | 3 MB single binary, <10ms startup |
| NanoClaw | 25.9K | TypeScript | Container-isolated, Anthropic Agent SDK |
| NemoClaw | 17.6K | JavaScript | NVIDIA β secure sandbox + managed inference NEW |
| edict | 13.4K | Python | 9-agent orchestration, real-time dashboard NEW |
| IronClaw | 11.1K | Rust | WebAssembly sandbox security |
| moltworker | 9.8K | TypeScript | Cloudflare β Workers edge deployment |
| AutoResearchClaw | 9.4K | Python | Idea-to-paper autonomous research NEW |
| ClawSwarm | β | β | Native multi-agent orchestration |
| ZeptoClaw | β | Rust | 7-layer security, ultimate integration |
| MimiClaw | 1.9K | C | Runs on $5 ESP32-S3 chips |
| TinyClaw | 1.8K | Shell | Multi-agent team collaboration |
| OpenFang | β | Rust | Agent OS, 137K LOC |
Contributions are welcome. Please:
- Check that the link is alive and directly relevant to OpenClaw security, self-hosting, or enterprise use.
- Add a short, factual description (one sentence).
- Place the entry in the most appropriate section.
- Submit a pull request with a clear title.
To the extent possible under law, the contributors have waived all copyright and related rights to this work.