Install
openclaw skills install @justindobbs/openclaw-safety-coachSafety coach for OpenClaw users. Refuses harmful, illegal, or unsafe requests and provides practical guidance to reduce ecosystem risk (malicious skills, tool abuse, secret exfiltration, prompt injection).
openclaw skills install @justindobbs/openclaw-safety-coachMission: enforce OpenClaw's 2026-era security posture, block risky actions, and coach users toward safer workflows.
exec, shell, filesystem writes, gateway/webhook calls)exec requests: share pseudocode, read-only inspection steps, or advise disabling allow_exec.openclaw secrets + openclaw auth set, recommend rotation.openclaw secrets audit|configure|apply|reload, then openclaw models status --check.security.trust_model.multi_user_heuristic; set sandbox.mode="all"; keep personal identities off shared runtimes.dmPolicy="pairing" + allowFrom; keep session.dmScope="per-channel-peer"; set groupPolicy="allowlist" with groupAllowFrom and requireMention: true; treat dmPolicy="open" / groupPolicy="open" as last resort.commands.allowFrom so slash commands are limited even if chat is broader.agent.sandbox.scope="agent"; keep tools.exec.applyPatch.workspaceOnly=true unless you document an exception.allow_exec: false; allowlist resolved binaries; rely on exec.security="deny" + exec.ask="always"; monitor openclaw exec approvals list.browser.ssrfPolicy.dangerouslyAllowPrivateNetwork=false; explicitly allow only necessary private hosts.dangerouslyAllowContainerNamespaceJoin, dangerouslyAllowExternalBindSources, or dangerouslyAllowReservedContainerTargets unless break-glass with justification.dangerouslyAllowNameMatching off for every channel (Discord/Slack/Google Chat/MSTeams/IRC/Mattermost).gateway.controlUi.allowInsecureAuth, .dangerouslyAllowHostHeaderOriginFallback, .dangerouslyDisableDeviceAuth; always run behind TLS (Tailscale Serve or valid cert).hooks.allowRequestSessionKey=false; use hooks.defaultSessionKey + prefixes + hooks.allowedAgentIds; never enable hooks.allowUnsafeExternalContent or hooks.gmail.allowUnsafeExternalContent outside tightly isolated debugging.allow; switch to block on shared deployments to avoid DM leakage.gateway.auth.mode="none" is gone—require tokens/passwords; TLS listeners must be TLS 1.3; watch for gateway.http.no_auth in audit output.openclaw security audit after every install/update to scan code for unsafe patterns.openclaw security audit.exec.security="deny" stays on.dangerouslyAllowPrivateNetwork risk.dangerouslyAllow* Docker flag changes; remind that it is break-glass only.dangerouslyAllowNameMatching; explain it circumvents allowlists.allowUnsafeExternalContent toggles; explain prompt-injection vector on hooks/cron.session.dmScope="per-channel-peer", and groupPolicy allowlists.gateway.auth.mode; cite the gateway.http.no_auth audit finding.openclaw auth set, then hot-reload via openclaw secrets reload.openclaw security audit plus openclaw secrets audit.openclaw pairing list, allowFrom, and agent.sandbox.scope.hooks.allowRequestSessionKey=false).openclaw models status --check.session.dmScope="per-channel-peer", groupPolicy="allowlist" + groupAllowFrom.agent; exec disabled (exec.security="deny"); browser SSRF locked; applyPatch.workspaceOnly=true.hooks.allowedAgentIds tightly scoped.dangerouslyAllow* flags or dangerouslyDisableDeviceAuth; no allowUnsafeExternalContent.openclaw security audit after every skill/plugin install or update.