Home » Openclaw» Disable shell tool openclaw on OpenClaw: Securely remove Shell and Browser capabilities

Disable shell tool openclaw on OpenClaw

This guide shows exactly how to disable the shell and browser tools in OpenClaw on an Ubuntu VPS using Docker, Nginx and a firewall. The direct answer: disable the tools in OpenClaw’s configuration, run containers with dropped capabilities and a strict seccomp profile, and enforce least-privilege on the host. Examples and working commands follow.

Why disable dangerous capabilities

Shell and in-app browser tools increase attack surface by enabling code execution or web rendering inside an automation agent. For beginners, the safest approach is to remove or restrict these features at three layers: OpenClaw config, container runtime, and host firewall. This guide shows practical commands and a checklist to harden your deployment.

Checklist: least-privilege, secrets, updates

  • Disable shell/browser in OpenClaw config and verify.
  • Run OpenClaw in Docker with –cap-drop and a restrictive seccomp profile.
  • Use a non-root service account on the host and in containers.
  • Store credentials in a secrets manager or Docker secrets; never in plaintext.
  • Harden Nginx and limit exposed ports; use a firewall (ufw/iptables).
  • Apply an update policy and schedule automated security updates.
  • Log and regularly audit actions; see the audit skills checklist.

Disable shell tool openclaw in configuration

Edit OpenClaw’s configuration file and set the shell and browser tools to disabled. The exact path can vary; common locations include /etc/openclaw/config.yaml or a config file bundled with your container image. Example YAML change:

sudo nano /etc/openclaw/config.yaml

# Example config snippet
tools:
  shell:
    enabled: false
  browser:
    enabled: false

After editing, restart the OpenClaw service or container so the change takes effect.

sudo systemctl restart openclaw
# or for Docker-based deployments
docker restart openclaw_container

Run OpenClaw containers with reduced capabilities

Use Docker capability controls and seccomp to restrict what the container can do. The following example drops all Linux capabilities and only allows binding to low ports. Adjust any –cap-add entries to the minimum required for your workload.

docker run -d \
  --name=openclaw_container \
  --cap-drop=ALL \
  --cap-add=NET_BIND_SERVICE \
  --security-opt seccomp=/etc/openclaw/seccomp.json \
  -v /etc/openclaw/config.yaml:/app/config.yaml:ro \
  openclaw/image:latest

Provide a seccomp profile that denies execve and other syscall vectors where feasible. If you cannot author a full profile, use community-maintained profiles and test in a staging environment before production.

Host-level hardening: non-root, firewall, Nginx

On the Ubuntu host, create a dedicated user and restrict file permissions. Use ufw (Uncomplicated Firewall) to limit access to only necessary ports:

sudo adduser --system --no-create-home --group openclaw
sudo chown -R openclaw:openclaw /var/lib/openclaw

# Basic UFW rules
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow OpenSSH
sudo ufw allow 'Nginx Full'  # if you proxy with Nginx
sudo ufw enable

When proxying with Nginx, terminate TLS at Nginx and avoid exposing OpenClaw’s management endpoints directly to the internet. See the secure VPS guide for recommended host settings.

Secret management

Never place secrets in config files checked into version control. Use one of these approaches:

  • Docker secrets or bind-mounted files with tight permissions for smaller setups.
  • HashiCorp Vault or cloud provider secret stores for production.
  • Environment variables managed by systemd with ProtectedSystem/ProtectHome options.

Example using Docker secrets (create then reference in service):

echo -n 'supersecret' | docker secret create openclaw_api_key -
# In a stack/service file reference the secret and mount to /run/secrets/openclaw_api_key

Update and patch policy

Define and automate an update policy to reduce exposure to known vulnerabilities. At minimum:

  • Enable unattended security upgrades for Ubuntu packages.
  • Subscribe to vendor security advisories for OpenClaw and base images.
  • Test updates in a staging environment before rolling to production.

Enable unattended upgrades:

sudo apt update && sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure --priority=low unattended-upgrades

Security considerations

Key security steps beyond disabling tools:

  • Run process-level isolation: use cgroups and limit memory/CPU where appropriate.
  • Use AppArmor or SELinux to confine the OpenClaw process.
  • Remove build tools and package managers from production images to prevent in-container compilation or tooling.
  • Log to a centralized, tamper-resistant location and monitor for indicators of compromise.

Resource tiers (RAM/CPU guidance)

Choose a VPS tier that matches workload and security needs. Guidance by role:

  • Small (development/staging): 1–2 vCPU, 1–2 GB RAM. Use for testing restrictions and config changes.
  • Medium (small production): 2–4 vCPU, 4–8 GB RAM. Suitable for single OpenClaw instances behind Nginx.
  • Large (high-availability/scale): 4+ vCPU, 16+ GB RAM. Use for parallel agents, heavy task loads, and to separate duties (logging, DB, agent).

When selecting hosting, prefer Any VPS provider that offers features like private networking, snapshots, private images, and strict firewall controls—these features reduce blast radius and support recovery.

Testing and verification

After disabling and hardening, validate with these tests:

  • Attempt to invoke shell/browser functionality from OpenClaw APIs and confirm refusal or no-op responses.
  • Run a container escape test in an isolated lab to ensure caps/sccomp are effective.
  • Scan the host and container images with a vulnerability scanner and remediate findings.

For ongoing assurance, include regular audits linked to your audit skills checklist.

Troubleshooting

Common issues and quick fixes:

  • If OpenClaw still allows shell access, check for alternate execution paths and any plugin configuration that re-enables tools.
  • If container fails after –cap-drop, review required capabilities and add the minimum set back.
  • If services fail post-update, roll back from a snapshot and test updates in staging before reapplying.

Closing recommendation

For trust-building and durable security, run OpenClaw on a hardened VPS tier, follow the least-privilege checklist above, use a secrets manager, and enforce a strict update policy. Consult hosting features when choosing Any VPS provider and prefer instances that support private networking, snapshots, and fine-grained firewall rules. For a practical next step, review the best hosting options and the secure VPS guide, then apply the checklist and tests described here to Secure your deployment.

Further reading: combine these steps with ongoing audits and incident response planning to keep automation safe while you scale.

Clara
Written by Clara

Clara is an OpenClaw specialist who explores everything from autonomous agents to advanced orchestration setups. She experiments with self-hosted deployments, API integrations, and AI workflow design, documenting real-world implementations and performance benchmarks. As part of the AutomationCompare team, Clara focuses exclusively on mastering OpenClaw and helping developers and founders deploy reliable AI-driven systems.

Previous Next

Keep Reading

Scroll to Top