AGENTS.md Security Templates for OpenClaw (Personal, Team, CI)
AGENTS.md is your “agent contract” at the repo level: what the agent can touch, what it must never touch, and how it should behave.
Even if you don’t enforce it mechanically, having it written down improves safety and consistency across runs.
Template A: Personal dev (safe defaults)
Use this when you are working solo and want to reduce accidental damage.
# AGENTS.md (Personal)
## Boundaries
- Do not read or print secrets (.env, ~/.ssh, cloud credentials).
- Do not run destructive commands (rm -rf, disk formatting, credential rotation) without explicit confirmation.
## Network
- Default: no network.
- If network is required, allow only the specific domains needed for the task.
## Shell
- Default: prompt for every shell command.
- Prefer read-only commands first (ls, cat, rg).
## Files
- Prefer small, reversible edits.
- Explain changes with file paths and exact references.Template B: Team repo (review-first)
Use this when multiple people run agents on the same codebase.
# AGENTS.md (Team)
## Safety
- Never modify auth, billing, or crypto code without an explicit task owner.
- Require tests for non-trivial logic changes.
## PR workflow
- Prefer feature branches.
- Summarize changes and risks.
- Keep diffs small and scoped.
## Secrets
- Never read `.env` files.
- Never log tokens or keys.Template C: CI / automation (deterministic)
Use this for scripted agent runs in CI where reproducibility matters.
# AGENTS.md (CI)
## Determinism
- No network unless required for dependencies.
- Pin versions; avoid “latest”.
## Scope
- Only modify files under `src/` and `tests/`.
- Never modify deployment config unless the task explicitly requires it.
## Output
- Write a short machine-readable summary (what changed, what tests ran).Pair with sandboxing
Templates are strongest when combined with isolation: