Trust
Tenant isolation, by design
OpenClaw can run skills (code). We build around that reality with per-tenant isolation, careful secrets handling, and privacy-aware defaults.
Hard tenant isolation
One tenant per VM. Your skills run in your environment, not in a shared multi-tenant container.
Secrets boundaries
Tenants do not receive AI provider API keys. Tenant code uses tenant-scoped gateway tokens.
Billing guardrails
No negative balances. When credits are exhausted, the gateway hard-denies unless top-up is enabled.
Logging and privacy
We avoid logging sensitive content
- We avoid logging Telegram message bodies in shared services.
- By default, we do not store prompts and responses in the control plane or model gateway.
- Metering is based on metadata: models, token counts, computed cost, timestamps, and request IDs.
Skills safety
Treat skills like software
Skills run code. Only install skills you trust, and review skill behavior before giving it access to anything sensitive.
- Start small: test skills in low-risk scenarios first.
- Prefer least-privilege tokens and scoped API keys.
- Rotate tokens if you suspect exposure.