Skip to main content

Security Best Practices

MemantoClaw enforces security at four layers: Network, Filesystem, Process, and Inference.

Layer Protections

  • Network Layer: Deny-by-default egress. Configured via OpenShell policy. Binary-Scoped rules ensure only authorized binaries (like gh or git) can access specific endpoints.
  • Filesystem Layer: Uses Landlock LSM + container mounts. /sandbox is read-only, while specific paths like /sandbox/.openclaw-data and /tmp are writable. Gateway config (/sandbox/.openclaw) is immutable and hash-pinned.
  • Process Layer: Drops dangerous Linux capabilities using capsh. Sets ulimit -u 512 to mitigate fork-bomb attacks. Enforces no-new-privileges to block privilege escalation via setuid binaries. Removes build toolchains (gcc, make) and netcat from the image.
  • Inference Layer: Routes model API calls to controlled backends via inference.local.

Credential Storage

Credentials (like MOORCHEH_API_KEY, OPENAI_API_KEY) are stored in plaintext JSON at: ~/.memantoclaw/credentials.json They are created with mode 0600 on the host. They are never injected into the sandbox. The host bridge authenticates requests before forwarding them. If you suspect exposure, rotate keys and remove the stored file: 
rm -f ~/.memantoclaw/credentials.json

OpenClaw Controls

MemantoClaw delegates application-layer security to OpenClaw. OpenClaw provides:
  • Prompt Injection Detection: Neutralizes attempts like <system> tag spoofing.
  • Tool Access Control: High-risk tools (exec, spawn, fs_write) are gated by a multi-layer policy pipeline.
  • Environment Variable Security: Blocks dangerous env vars (NODE_OPTIONS, LD_PRELOAD).
  • Secret Scanner: Intercepts writes targeting memory paths that look like API keys before they reach the disk.

For complete, unabridged technical details on this topic, refer to the official NVIDIA NemoClaw Documentation. Portions of this guide are summarized and adapted from NVIDIA Corporation (Copyright © 2026), licensed under the Apache License, Version 2.0.