> ## Documentation Index
> Fetch the complete documentation index at: https://docs.memanto.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Security Best Practices

> Host security, credential storage, and sandbox hardening.

# Security Best Practices

MemantoClaw enforces security at four layers: Network, Filesystem, Process, and Inference.

## Layer Protections

* **Network Layer**: Deny-by-default egress. Configured via OpenShell policy. Binary-Scoped rules ensure only authorized binaries (like `gh` or `git`) can access specific endpoints.
* **Filesystem Layer**: Uses Landlock LSM + container mounts. `/sandbox` is read-only, while specific paths like `/sandbox/.openclaw-data` and `/tmp` are writable. Gateway config (`/sandbox/.openclaw`) is immutable and hash-pinned.
* **Process Layer**: Drops dangerous Linux capabilities using `capsh`. Sets `ulimit -u 512` to mitigate fork-bomb attacks. Enforces `no-new-privileges` to block privilege escalation via setuid binaries. Removes build toolchains (`gcc`, `make`) and `netcat` from the image.
* **Inference Layer**: Routes model API calls to controlled backends via `inference.local`.

## Credential Storage

Credentials (like `MOORCHEH_API_KEY`, `OPENAI_API_KEY`) are stored in plaintext JSON at:
`~/.memantoclaw/credentials.json`

They are created with mode `0600` on the host. **They are never injected into the sandbox.** The host bridge authenticates requests before forwarding them. If you suspect exposure, rotate keys and remove the stored file:

```bash theme={null}
rm -f ~/.memantoclaw/credentials.json
```

## OpenClaw Controls

MemantoClaw delegates application-layer security to OpenClaw. OpenClaw provides:

* **Prompt Injection Detection**: Neutralizes attempts like `<system>` tag spoofing.
* **Tool Access Control**: High-risk tools (`exec`, `spawn`, `fs_write`) are gated by a multi-layer policy pipeline.
* **Environment Variable Security**: Blocks dangerous env vars (`NODE_OPTIONS`, `LD_PRELOAD`).
* **Secret Scanner**: Intercepts writes targeting memory paths that look like API keys before they reach the disk.

<br />

<hr />

*For complete, unabridged technical details on this topic, refer to the official [NVIDIA NemoClaw Documentation](https://docs.nvidia.com/nemoclaw/latest/security/best-practices.html). Portions of this guide are summarized and adapted from NVIDIA Corporation (Copyright © 2026), licensed under the Apache License, Version 2.0.*
