Dependency and supply chain security

Last updated Mar 31, 2026

Every release of MultiClaw includes third-party code: open-source libraries, language runtimes, and external service integrations. This article explains how MultiClaw controls that supply chain so you know what protections are in place and where your responsibilities begin.

How dependency pinning works

MultiClaw pins every dependency to an exact resolved version before a release ships. Three lockfiles enforce this:

  • Frontend packages (JavaScript/TypeScript): pinned in pnpm-lock.yaml
  • Rust packages: pinned in Cargo.lock
  • PHP packages (MultiClaw Cloud): pinned in composer.lock

Each build rejects any installed package that differs from the lockfile. This means every build uses the same dependency graph that was tested.

Lockfiles and version ranges

Manifest files (package.json, Cargo.toml, composer.json) define version ranges (for example, ^1.2.0) that specify which future versions are acceptable. The lockfiles override those ranges with exact versions. A dependency only moves to a newer version when a developer explicitly updates the lockfile, the test suite passes, and the change goes through code review.

Vulnerability scanning

Dependency vulnerability scanning is not yet automated in the build pipeline. There are no automated scanning tools running as part of the CI workflow.

When a dependency is updated, the change is reviewed manually. Vulnerability detection currently relies on developers monitoring advisories during updates rather than continuous automated scanning.

Note:

Automated vulnerability scanning is planned but not yet in place. Until it is, lockfile pinning limits exposure by ensuring no dependency changes reach a release without a reviewed, committed lockfile update.

Update verification

The desktop app uses the Tauri updater, which signs every release with minisign (Ed25519 public-key signatures). Before installing an update, the updater verifies the cryptographic signature against the public key embedded in the current installation. If verification fails, the update is rejected and your current version stays unchanged.

This protects against tampered downloads and man-in-the-middle attacks during the update process. See Desktop app security for the full update flow and code-signing details.

OpenClaw binary

The OpenClaw binary is not downloaded or managed by MultiClaw. You install it separately using Homebrew, winget, apt, or the OpenClaw install script. The desktop app detects the binary on your system PATH and confirms it is a compatible version before connecting to the gateway.

MultiClaw does not verify the OpenClaw binary's integrity. The binary's authenticity depends on the package manager you used to install it and any code-signing your operating system enforces.

Third-party services

New third-party services that process your data go through a security review and require a signed Data Processing Agreement (DPA) before onboarding. This applies to any service that handles task content, agent output, or account information.

For the current list of subprocessors, contact privacy@multiclaw.io. See the Privacy Policy for details on how subprocessor changes are communicated.

Open-source licensing

MultiClaw is built on open-source components. Dependencies are selected from projects with OSI-approved licenses to reduce the risk of proprietary or restrictive license obligations. License notices are included in the software distribution, as described in the Terms of Service.

A software bill of materials (SBOM) — a machine-readable inventory of every third-party component in a given release — is planned for a future release. When available, it will let you audit the exact libraries and versions included in any MultiClaw build.

Your responsibilities

Supply-chain security is a shared effort. MultiClaw pins dependencies, signs updates, and reviews third-party services. You are responsible for:

  • Keeping the desktop app updated. Auto-updates are enabled by default. Do not disable them — updates include security patches for both MultiClaw and its bundled dependencies.
  • Keeping your operating system updated. The desktop app's WebView is provided by your OS. WebView security patches arrive through OS updates.
  • Verifying OpenClaw's source. Since MultiClaw does not verify the OpenClaw binary, install it from an official source (Homebrew, winget, apt, or openclaw.ai).
  • Reviewing third-party MCP servers. MultiClaw does not audit third-party MCP servers you add. Verify the source and permissions of any MCP server before connecting it.

For the full breakdown of provider and customer responsibilities, see Shared responsibility model.

Related articles

Security overview

MultiClaw protects your data through layered security, TLS encryption in transit, app sandboxing, and a no-telemetry policy.

Desktop app security

The desktop app isolates the UI from the system, signs every update, and restricts file access — all enabled by default.

Shared responsibility model

What MultiClaw secures versus what you are responsible for as a customer.