Legal
OpenClaw Skills Security Policy
The OpenClaw Skills security policy explains how we approach permissions, risk, and responsible disclosure. It is intended to help you evaluate skills before running any automation.
1. Security principles
- Least privilege permissions for every skill.
- Transparent documentation via skill.md.
- Local execution with auditable logs.
2. Permissions model
Each OpenClaw Skills entry lists the permissions it requires. Review permissions before execution and require additional approval for sensitive access.
L1 — Low risk
Read-only access or limited actions.
L2 — Moderate
Writes data or interacts with external services.
L3 — Sensitive
Accesses production data or credentials.
3. Responsible disclosure
If you discover a vulnerability in OpenClaw Skills, please report it through the official support channels. Provide a clear description and steps to reproduce so we can investigate quickly.
4. Reporting guidelines
- Describe the impact and affected skill or endpoint.
- Include logs, screenshots, or proof of concept when possible.
- Avoid public disclosure before we respond.