Network Allowlist for OpenClaw Skills: Safe Defaults and Practical Setup

If a skill has network access, it can send data anywhere.

The safe pattern is simple:

Default deny, then allow only the domains you can justify.

Step 1: Default to no network

Treat “network” as an exception, not a default.

Start here: /guides/openclaw-security

Step 2: Require a per-skill allowlist

For every networked skill, write down:

• which domains it must call
• why those calls are necessary
• what data might leave your machine

Step 3: Separate “fetch docs” from “send data”

If a skill only needs to fetch public docs:

• allow only documentation domains
• block uploads where possible
• avoid sending repo contents to third-party services

Step 4: Treat fileRead + network as high risk

This combo can exfiltrate secrets.

Mitigations:

• keep secrets out of the workspace
• scan before running: /guides/credential-protection
• use a sandbox: /guides/sandbox-setup

Step 5: Re-verify after updates

Permissions drift happens. Re-run:

• /verifier
• /guides/skill-verification