OpenClaw Tip #17: Keep your workspace private

Why this matters

Your OpenClaw workspace is the agent’s home directory for file tools and context, so you should treat it like memory and keep it private. The OpenClaw docs also warn that the workspace is the default working directory, not a hard sandbox: absolute paths can still reach other parts of the host unless sandboxing is enabled.

Step-by-step: tighten workspace safety

1) Keep one active workspace (avoid state drift)

Older installs sometimes leave multiple workspace folders around (for example ~/openclaw alongside the default workspace). OpenClaw recommends keeping a single active workspace to avoid confusing auth or state drift. Archive or remove extra folders you no longer use.

2) Enable sandboxing for risky sessions

Because absolute paths can escape the workspace when sandboxing is off, enable sandboxing for any agent that might run shell commands, process untrusted inputs, or handle files you don’t fully control.

In your OpenClaw config, turn on sandbox defaults and restrict workspace access for those sessions (read-only when possible). The docs call out agents.defaults.sandbox and note that non-"rw" workspaceAccess routes tools into a sandbox workspace under ~/.openclaw/sandboxes.

3) Avoid absolute paths in skills (scope file access)

When you write skills or prompts that reference files, prefer relative paths inside the workspace and keep sensitive directories off-limits by policy. If you must use absolute paths, treat them as a privileged exception and require human approval.

4) Keep secrets out of the workspace repo

OpenClaw separates the workspace from ~/.openclaw/, which stores config, credentials, and sessions. Don’t commit ~/.openclaw/ contents into version control. If you back up your workspace with Git, use a private repo and add a strict .gitignore for any secret-like files (.env, *.key, *.pem, etc.).

Quick checklist

• Workspace is private and stored in a trusted location
• Only one active workspace; extras archived
• Sandboxing enabled for risky agents/sessions
• Secrets stay in proper credential storage, not the workspace repo

Related: See yesterday’s OpenClaw Tip #16 on security audits and auto-fixes to keep tightening your deployment over time.