Each Gclaw account receives an isolated, dedicated virtual machine. The OpenClaw agent running on this VM has full access to the VM environment, including the ability to execute commands and modify system configuration. This is by design—OpenClaw agents require system-level access to perform their intended functions.
Each account has a unique API key for LLM inference. API keys are not shared between accounts. The dedicated VM has no access to Gcore’s internal backend network or other customer environments.
WarningThe OpenClaw agent can execute any command on the dedicated VM, including opening SSH access or modifying system files. Treat the agent as having full administrative privileges on the instance.
Shared responsibility
Security is a shared responsibility between Gcore and the customer.
| Responsibility | Gcore | Customer |
|---|
| Physical infrastructure security | Yes | No |
| VM isolation between accounts | Yes | No |
| Network isolation from Gcore backend | Yes | No |
| Unique API key provisioning | Yes | No |
| Platform availability and updates | Yes | No |
| Safe usage of the agent | No | Yes |
| Protection of third-party API keys | No | Yes |
| Content and prompts sent to the agent | No | Yes |
| Actions performed by the agent on the VM | No | Yes |
| Compliance with applicable laws | No | Yes |
Security considerations
The OpenClaw agent executes commands based on prompts. The following security considerations apply:
-
Prompt safety: Prompts that could compromise the VM or expose sensitive data should be avoided. The agent follows instructions literally and does not apply additional security filtering.
-
Credential protection: API keys and tokens provided to the agent are stored in the VM configuration. Credentials should not grant access beyond what the agent requires.
-
Third-party integrations: When connecting Telegram, Discord, or other platforms, bot tokens must be secured. The permissions granted to connected platforms should be understood before integration.
-
Data sensitivity: Confidential business data, personal information, or regulated data should not be sent through the agent unless appropriate safeguards are in place.
-
Monitoring: Agent activity should be reviewed periodically. The agent logs actions in the workspace, and connected platforms (Telegram, Discord) retain conversation history.
For security hardening recommendations for OpenClaw installations, refer to the official OpenClaw security documentation. 
