DenchClaw Security: What You Need to Know
Complete security overview for DenchClaw—local data storage, API key management, authentication, webhook security, and best practices for production deployments.
DenchClaw Security: What You Need to Know
DenchClaw's local-first architecture gives it a security profile that's fundamentally different from cloud SaaS CRMs. Your data doesn't transit third-party servers. Your contacts aren't in a shared cloud database. Your API keys stay on your machine.
That said, "local-first" doesn't mean "security isn't your problem." There are real attack surfaces in any software system, and understanding them is how you run DenchClaw safely in a production environment.
The Security Architecture#
What Lives Locally#
Everything sensitive:
- DuckDB database:
~/.openclaw-dench/workspace/workspace.duckdb— all your CRM data - Documents:
~/.openclaw-dench/workspace/docs/— markdown notes and entry documents - Memory files:
~/.openclaw-dench/workspace/MEMORY.md,memory/— agent context - API keys:
~/.openclaw-dench/workspace/.env— credentials for external services - Browser profile copy: Used by the browser agent for authenticated sessions
None of this leaves your machine by default. AI model API calls (to Anthropic, OpenAI, etc.) are the only outbound traffic that includes context from your workspace. Review your configured AI provider's data handling policy.
What Transits the Network#
The things that do leave your machine:
- AI model calls: Your query + relevant context goes to your configured AI provider
- Telegram/WhatsApp messages: Routed through their infrastructure
- Webhook payloads: Inbound HTTP requests you've explicitly configured
- External API calls: Via action fields or skills that call third-party APIs
No Phone-Home Telemetry#
DenchClaw does not phone home with usage analytics, crash reports, or configuration data. The gateway process operates entirely within your network perimeter except for the explicitly listed traffic above. You can verify this by monitoring network traffic from the openclaw process.
Authentication and Access Control#
Local Web UI#
The web UI at localhost:3100 is only accessible from localhost by default. Anyone with access to your machine can access it — protect your laptop login as you would any sensitive system.
For teams running DenchClaw on a shared server, the gateway should be behind authentication:
server {
listen 443 ssl;
server_name crm.yourcompany.com;
# Basic auth or OAuth proxy
auth_basic "DenchClaw";
auth_basic_user_file /etc/nginx/.htpasswd;
location / {
proxy_pass http://localhost:19001;
}
}Or use an OAuth reverse proxy (Authelia, Authentik, oauth2-proxy) for Google/GitHub SSO.
Telegram and Channel Authentication#
Each messaging channel integration uses the channel's own authentication:
- Telegram: Bot token — keep this in your
.envfile, don't commit to git - WhatsApp: QR code session — the session is stored locally
- Discord: Bot token — same handling as Telegram
Anyone who can message your bot can interact with the agent. Configure bot privacy settings appropriately:
- Telegram: Use BotFather to restrict bot to specific users or groups
- Discord: Configure bot permissions and channel restrictions
Webhook Security#
If you expose DenchClaw webhook endpoints to the public internet, secure them:
# In your .env file:
WEBHOOK_SECRET=your-random-32-char-secret-hereAll incoming webhooks should be validated against this secret. When configuring webhooks in external services (Stripe, Typeform, etc.), enable signature verification and pass the secret.
For Stripe specifically:
import stripe
import os
webhook_secret = os.environ.get("STRIPE_WEBHOOK_SECRET")
event = stripe.Webhook.construct_event(
payload, sig_header, webhook_secret
)API Key Management#
DenchClaw uses external services through API keys stored in your .env file. Best practices:
1. Use the .env file, never hardcode keys
# ~/.openclaw-dench/workspace/.env
CLEARBIT_API_KEY=cb_live_...
STRIPE_SECRET_KEY=sk_live_...
TELEGRAM_BOT_TOKEN=...2. Never commit .env to git
# In your workspace .gitignore:
.env
*.env
workspace.duckdb3. Use read-only API keys where possible
For enrichment services (Clearbit, Apollo), use API keys with read-only scope. If the key is compromised, an attacker can read data but not write or bill charges.
4. Rotate keys periodically
For high-value keys (payment processors, email providers), set a reminder to rotate annually or if you suspect exposure.
5. Audit active keys
Keep a list in a secure location (password manager) of every API key configured in DenchClaw and what it accesses.
Data Protection#
Backup Security#
Your DuckDB file contains all your CRM data. Treat it like a password manager database:
- Encrypt backups before storing in cloud storage
- Use a private repository if version-controlling your workspace
- For iCloud/Dropbox backups, ensure your cloud storage account has 2FA enabled
# Encrypted backup with age or GPG
tar -czf - ~/.openclaw-dench/workspace/ | age -r YOUR_PUBLIC_KEY > backup.tar.gz.ageBrowser Profile Security#
DenchClaw copies your Chrome profile for browser automation. This copy includes your browser cookies — meaning your authenticated sessions to Gmail, LinkedIn, etc. are in the copied profile.
This copy lives at a path within the DenchClaw workspace. It should not be committed to git or backed up to shared storage. Add it to your .gitignore:
# In workspace .gitignore:
browser-profile/
chrome-profile/Memory File Sensitivity#
The agent's memory files (MEMORY.md, memory/YYYY-MM-DD.md) may contain sensitive business context you've told the agent to remember. These are plain text files — treat them accordingly. Don't share them, back them up encrypted, and review them periodically to ensure they don't contain credentials or sensitive personal information.
Network Security for Production Deployments#
If you're running DenchClaw on a VPS for a team:
Firewall configuration (ufw):
sudo ufw default deny incoming
sudo ufw allow ssh
sudo ufw allow 443/tcp # HTTPS for web UI
sudo ufw enableSSH hardening:
# /etc/ssh/sshd_config
PasswordAuthentication no
PermitRootLogin noAutomatic security updates:
sudo apt install unattended-upgrades
sudo dpkg-reconfigure unattended-upgradesTLS certificates: Use Let's Encrypt (certbot) for free TLS certificates. Never run DenchClaw over plain HTTP on a public server.
Incident Response#
If you suspect a security issue with your DenchClaw deployment:
- Revoke affected API keys immediately — in the external service's dashboard
- Change your Telegram bot token — via BotFather →
/revoke - Rotate your
.envsecrets - Review recent agent activity — in
~/.openclaw-dench/workspace/.openclaw/logs/ - Check for unauthorized entries — review recently created or updated CRM entries
- Report to security@dench.com — if you believe there's a vulnerability in DenchClaw itself
Frequently Asked Questions#
Does DenchClaw store my passwords anywhere?#
No. DenchClaw doesn't ask for or store passwords. API keys are stored in the .env file in plaintext — it's your responsibility to protect that file (proper filesystem permissions, no git commits, encrypted backups).
Can someone access my DenchClaw by gaining access to my Telegram account?#
Yes. If an attacker gains access to your Telegram account and can message your DenchClaw bot, they can interact with the agent. Enable Telegram's 2FA (Two-Step Verification) in Settings → Privacy and Security. Also consider restricting your bot to specific user IDs via Telegram's bot settings.
Is it safe to run DenchClaw on a shared hosting server?#
We recommend against shared hosting for DenchClaw. The DuckDB file (containing all your CRM data) and the .env file (containing API keys) must be protected from other users on the same server. Use a VPS where you're the only tenant, or DenchClaw Cloud.
How does DenchClaw handle the AI model calls — can Anthropic/OpenAI see my data?#
AI model calls send your query and relevant context to the configured AI provider (Anthropic, OpenAI, etc.). Review your provider's data handling policy — Anthropic and OpenAI both offer enterprise agreements that include data handling commitments. For highly sensitive data, consider using a locally-running model (Ollama with Llama) that doesn't send data off-device.
Ready to try DenchClaw? Install in one command: npx denchclaw. Full setup guide →
