[{"data":1,"prerenderedAt":1222},["ShallowReactive",2],{"help-category-\u002Fsecurity-privacy\u002Fdependency-and-supply-chain-security":3,"help-article-\u002Fsecurity-privacy\u002Fdependency-and-supply-chain-security":4,"related-articles-\u002Fsecurity-privacy\u002Fdependency-and-supply-chain-security":255},[],{"id":5,"title":6,"body":7,"category":237,"description":238,"draft":239,"extension":240,"meta":241,"navigation":242,"order":243,"path":244,"relatedArticles":245,"seo":249,"slug":250,"stem":251,"updatedAt":252,"__hash__":253,"excerpt":238,"searchText":254},"help\u002Fhelp\u002Fsecurity-privacy\u002F12.dependency-and-supply-chain-security.md","Dependency and supply chain security",{"type":8,"value":9,"toc":222},"minimark",[10,14,19,22,55,58,63,81,85,88,91,98,102,109,118,122,129,132,136,143,156,160,168,175,179,182,215],[11,12,13],"p",{},"Every release of MultiClaw includes third-party code: open-source libraries, language runtimes, and external service integrations. This article explains how MultiClaw controls that supply chain so you know what protections are in place and where your responsibilities begin.",[15,16,18],"h2",{"id":17},"how-dependency-pinning-works","How dependency pinning works",[11,20,21],{},"MultiClaw pins every dependency to an exact resolved version before a release ships. Three lockfiles enforce this:",[23,24,25,37,46],"ul",{},[26,27,28,32,33],"li",{},[29,30,31],"strong",{},"Frontend packages"," (JavaScript\u002FTypeScript): pinned in ",[34,35,36],"code",{},"pnpm-lock.yaml",[26,38,39,42,43],{},[29,40,41],{},"Rust packages",": pinned in ",[34,44,45],{},"Cargo.lock",[26,47,48,51,52],{},[29,49,50],{},"PHP packages"," (MultiClaw Cloud): pinned in ",[34,53,54],{},"composer.lock",[11,56,57],{},"Each build rejects any installed package that differs from the lockfile. This means every build uses the same dependency graph that was tested.",[59,60,62],"h3",{"id":61},"lockfiles-and-version-ranges","Lockfiles and version ranges",[11,64,65,66,69,70,69,73,76,77,80],{},"Manifest files (",[34,67,68],{},"package.json",", ",[34,71,72],{},"Cargo.toml",[34,74,75],{},"composer.json",") define version ranges (for example, ",[34,78,79],{},"^1.2.0",") that specify which future versions are acceptable. The lockfiles override those ranges with exact versions. A dependency only moves to a newer version when a developer explicitly updates the lockfile, the test suite passes, and the change goes through code review.",[15,82,84],{"id":83},"vulnerability-scanning","Vulnerability scanning",[11,86,87],{},"Dependency vulnerability scanning is not yet automated in the build pipeline. There are no automated scanning tools running as part of the CI workflow.",[11,89,90],{},"When a dependency is updated, the change is reviewed manually. Vulnerability detection currently relies on developers monitoring advisories during updates rather than continuous automated scanning.",[92,93,95],"callout",{"type":94},"note",[11,96,97],{},"Automated vulnerability scanning is planned but not yet in place. Until it is, lockfile pinning limits exposure by ensuring no dependency changes reach a release without a reviewed, committed lockfile update.",[15,99,101],{"id":100},"update-verification","Update verification",[11,103,104,105,108],{},"The desktop app uses the Tauri updater, which signs every release with ",[29,106,107],{},"minisign"," (Ed25519 public-key signatures). Before installing an update, the updater verifies the cryptographic signature against the public key embedded in the current installation. If verification fails, the update is rejected and your current version stays unchanged.",[11,110,111,112,117],{},"This protects against tampered downloads and man-in-the-middle attacks during the update process. See ",[113,114,116],"a",{"href":115},"\u002Fhelp\u002Fsecurity-privacy\u002Fdesktop-app-security","Desktop app security"," for the full update flow and code-signing details.",[59,119,121],{"id":120},"openclaw-binary","OpenClaw binary",[11,123,124,125,128],{},"The OpenClaw binary is not downloaded or managed by MultiClaw. You install it separately using Homebrew, winget, apt, or the OpenClaw install script. The desktop app detects the binary on your system ",[34,126,127],{},"PATH"," and confirms it is a compatible version before connecting to the gateway.",[11,130,131],{},"MultiClaw does not verify the OpenClaw binary's integrity. The binary's authenticity depends on the package manager you used to install it and any code-signing your operating system enforces.",[15,133,135],{"id":134},"third-party-services","Third-party services",[11,137,138,139,142],{},"New third-party services that process your data go through a security review and require a signed ",[29,140,141],{},"Data Processing Agreement (DPA)"," before onboarding. This applies to any service that handles task content, agent output, or account information.",[11,144,145,146,150,151,155],{},"For the current list of subprocessors, contact ",[113,147,149],{"href":148},"mailto:privacy@multiclaw.io","privacy@multiclaw.io",". See the ",[113,152,154],{"href":153},"\u002Fprivacy","Privacy Policy"," for details on how subprocessor changes are communicated.",[15,157,159],{"id":158},"open-source-licensing","Open-source licensing",[11,161,162,163,167],{},"MultiClaw is built on open-source components. Dependencies are selected from projects with OSI-approved licenses to reduce the risk of proprietary or restrictive license obligations. License notices are included in the software distribution, as described in the ",[113,164,166],{"href":165},"\u002Fterms","Terms of Service",".",[11,169,170,171,174],{},"A ",[29,172,173],{},"software bill of materials (SBOM)"," — a machine-readable inventory of every third-party component in a given release — is planned for a future release. When available, it will let you audit the exact libraries and versions included in any MultiClaw build.",[15,176,178],{"id":177},"your-responsibilities","Your responsibilities",[11,180,181],{},"Supply-chain security is a shared effort. MultiClaw pins dependencies, signs updates, and reviews third-party services. You are responsible for:",[23,183,184,190,196,209],{},[26,185,186,189],{},[29,187,188],{},"Keeping the desktop app updated."," Auto-updates are enabled by default. Do not disable them — updates include security patches for both MultiClaw and its bundled dependencies.",[26,191,192,195],{},[29,193,194],{},"Keeping your operating system updated."," The desktop app's WebView is provided by your OS. WebView security patches arrive through OS updates.",[26,197,198,201,202,208],{},[29,199,200],{},"Verifying OpenClaw's source."," Since MultiClaw does not verify the OpenClaw binary, install it from an official source (Homebrew, winget, apt, or ",[113,203,207],{"href":204,"rel":205},"https:\u002F\u002Fopenclaw.ai",[206],"nofollow","openclaw.ai",").",[26,210,211,214],{},[29,212,213],{},"Reviewing third-party MCP servers."," MultiClaw does not audit third-party MCP servers you add. Verify the source and permissions of any MCP server before connecting it.",[11,216,217,218,167],{},"For the full breakdown of provider and customer responsibilities, see ",[113,219,221],{"href":220},"\u002Fhelp\u002Fsecurity-privacy\u002Fshared-responsibility-model","Shared responsibility model",{"title":223,"searchDepth":224,"depth":224,"links":225},"",2,[226,230,231,234,235,236],{"id":17,"depth":224,"text":18,"children":227},[228],{"id":61,"depth":229,"text":62},3,{"id":83,"depth":224,"text":84},{"id":100,"depth":224,"text":101,"children":232},[233],{"id":120,"depth":229,"text":121},{"id":134,"depth":224,"text":135},{"id":158,"depth":224,"text":159},{"id":177,"depth":224,"text":178},"security-privacy","How MultiClaw pins dependencies, verifies updates, and manages third-party components in the supply chain.",false,"md",{},true,12,"\u002Fsecurity-privacy\u002Fdependency-and-supply-chain-security",[246,247,248],"security-privacy\u002Fsecurity-overview","security-privacy\u002Fdesktop-app-security","security-privacy\u002Fshared-responsibility-model",{"title":6,"description":238},"dependency-and-supply-chain-security","help\u002Fsecurity-privacy\u002F12.dependency-and-supply-chain-security","2026-03-31","9fsseaw9NJ60aqjm0MoK2zT-YIuxir-t-ze8VUaFFiA","Dependency and supply chain security How MultiClaw pins dependencies, verifies updates, and manages third-party components in the supply chain.",[256,532,901],{"id":257,"title":258,"body":259,"category":237,"description":516,"draft":239,"extension":240,"meta":517,"navigation":242,"order":518,"path":519,"relatedArticles":520,"seo":526,"slug":527,"stem":528,"updatedAt":529,"__hash__":530,"excerpt":516,"searchText":531},"help\u002Fhelp\u002Fsecurity-privacy\u002F01.security-overview.md","Security overview",{"type":8,"value":260,"toc":501},[261,271,274,278,281,295,298,305,313,317,320,326,330,333,339,343,365,372,376,379,386,390,396,403,407,414,419,423,426,433,437,440,446,450,456,462,466,469,475,479,482,489,493,496],[11,262,263,264,267,268,167],{},"MultiClaw protects your data through multiple independent security layers: local credential storage, TLS connections, app sandboxing, and zero telemetry. Each layer works on its own, reducing the risk that a single vulnerability leads to broader exposure. The architecture follows ",[29,265,266],{},"defense-in-depth"," principles aligned with ",[29,269,270],{},"ISO\u002FIEC 27001:2022",[11,272,273],{},"This article gives you a high-level view of how MultiClaw handles security and privacy. Each section links to a dedicated article with full details.",[15,275,277],{"id":276},"separate-trust-zones","Separate trust zones",[11,279,280],{},"The desktop app, the local OpenClaw gateway, and MultiClaw Cloud operate as three distinct trust zones, each with its own authentication:",[23,282,283,289],{},[26,284,285,288],{},[29,286,287],{},"Desktop app",": connects to MultiClaw Cloud over HTTPS and WSS for API calls, real-time updates, agent configuration, and session data.",[26,290,291,294],{},[29,292,293],{},"Local OpenClaw gateway",": connects to MultiClaw Cloud separately over an authenticated WebSocket secured with short-lived signed tokens. These tokens rotate automatically, so a captured token expires before it can be reused.",[11,296,297],{},"Each connection enforces its own credentials. No zone shares authentication tokens with another.",[11,299,300],{},[301,302],"img",{"alt":303,"src":304},"MultiClaw security architecture — the four components and how they connect across trust boundaries","\u002Fimages\u002Fmulticlaw-security-architecture.png",[11,306,307,308,312],{},"See ",[113,309,311],{"href":310},"\u002Fhelp\u002Fsecurity-privacy\u002Fnetwork-security","Network security"," for details on how each connection is secured.",[15,314,316],{"id":315},"authentication-and-login-security","Authentication and login security",[11,318,319],{},"All authentication is handled by MultiClaw Cloud. You can sign in with email and password or through Multiplai single sign-on (SSO). Sessions use short-lived tokens that rotate automatically, and repeated failed login attempts trigger temporary account lockouts.",[11,321,307,322,325],{},[113,323,316],{"href":324},"\u002Fhelp\u002Fsecurity-privacy\u002Fauthentication-and-login-security"," for details on session handling, token rotation, and lockout policies.",[15,327,329],{"id":328},"roles-and-access-control","Roles and access control",[11,331,332],{},"MultiClaw uses role-based access control (RBAC) in workspaces. Each person is assigned exactly one role — Owner or Member — which determines what they can view, create, and manage. Permissions follow a least-privilege model: users only have access to what their role requires.",[11,334,307,335,338],{},[113,336,329],{"href":337},"\u002Fhelp\u002Fsecurity-privacy\u002Froles-and-access-control"," for the full permission matrix.",[15,340,342],{"id":341},"encryption-at-rest-and-in-transit","Encryption at rest and in transit",[11,344,345,348,349,352,353,356,357,360,361,364],{},[29,346,347],{},"Config values"," are stored in your local config file (",[34,350,351],{},"~\u002F.openclaw\u002Fopenclaw.json",") as plain JSON. The file is not encrypted at rest; it is protected by your operating system's file permissions. Credentials and API keys stored in ",[29,354,355],{},"MultiClaw Cloud"," receive an additional application-layer encryption with ",[29,358,359],{},"AES-256"," on top of AWS disk encryption. All connections to external MultiClaw services use ",[29,362,363],{},"TLS 1.2 or higher",", covering both HTTPS and WebSocket (WSS) traffic. Communication between the desktop app and the local OpenClaw gateway uses an unencrypted connection on localhost only — this traffic never leaves your machine.",[11,366,307,367,371],{},[113,368,370],{"href":369},"\u002Fhelp\u002Fsecurity-privacy\u002Fdata-encryption","Data encryption"," for the full encryption model.",[15,373,375],{"id":374},"local-first-data-storage","Local-first data storage",[11,377,378],{},"Your agents, conversations, and credentials are stored on your machine by default. When you're not connected to a workspace, everything stays local. When you connect to a workspace, conversation transcripts sync to MultiClaw Cloud automatically.",[11,380,307,381,385],{},[113,382,384],{"href":383},"\u002Fhelp\u002Fsecurity-privacy\u002Fdata-residency-and-storage","Data residency and storage"," for details on where your data lives.",[15,387,389],{"id":388},"credential-and-secret-storage","Credential and secret storage",[11,391,392,393,395],{},"Credentials and other sensitive values are stored in your local config file (",[34,394,351],{},") as plain JSON, protected by operating system file permissions. The desktop app does not send stored credentials to MultiClaw Cloud. Each credential is scoped to the context that needs it.",[11,397,307,398,402],{},[113,399,401],{"href":400},"\u002Fhelp\u002Fsecurity-privacy\u002Fhow-credentials-and-secrets-are-stored","How credentials and secrets are stored"," for details on how credentials are stored, scoped, and managed.",[15,404,406],{"id":405},"sandboxed-desktop-app","Sandboxed desktop app",[11,408,409,410,413],{},"The desktop app is built on ",[29,411,412],{},"Tauri v2",", which enforces a capability-based permission model. The interface layer cannot access your filesystem or start processes on its own. Every sensitive operation goes through an explicitly declared Tauri command, limiting the potential damage from any interface-level vulnerability.",[11,415,307,416,418],{},[113,417,116],{"href":115}," for details on the sandboxing model and capability declarations.",[15,420,422],{"id":421},"browser-extension-isolation","Browser extension isolation",[11,424,425],{},"The MultiClaw Chrome Extension content script is loaded on all pages, but it only captures and transmits interaction data when a recording session is active. Event listeners are registered when the extension loads; they check whether recording is active before capturing anything, and no data is collected or sent between sessions.",[11,427,307,428,432],{},[113,429,431],{"href":430},"\u002Fhelp\u002Fsecurity-privacy\u002Fbrowser-extension-security","Browser extension security"," for full details on what the extension accesses and when.",[15,434,436],{"id":435},"privacy-and-data-handling","Privacy and data handling",[11,438,439],{},"MultiClaw Desktop does not collect usage analytics or telemetry. If the app crashes, the crash log stays on your machine. Conversation content stays on your machine unless you choose to sync it to a workspace. MultiClaw Cloud stores only the account, workspace, and session data needed to operate the service.",[11,441,307,442,445],{},[113,443,436],{"href":444},"\u002Fhelp\u002Fsecurity-privacy\u002Fprivacy-and-data-handling"," for what data MultiClaw collects, how long it's retained, and your rights.",[15,447,449],{"id":448},"signed-updates-and-supply-chain-security","Signed updates and supply chain security",[11,451,452,453,455],{},"App updates are signed with ",[29,454,107],{},". Before installing an update, the updater verifies the signature against the published public key and rejects any update with an invalid or missing signature. Third-party dependencies are pinned to exact versions, scanned for vulnerabilities, and reviewed before they ship.",[11,457,307,458,461],{},[113,459,6],{"href":460},"\u002Fhelp\u002Fsecurity-privacy\u002Fdependency-and-supply-chain-security"," for the full scanning and review process.",[15,463,465],{"id":464},"allowed-external-connections","Allowed external connections",[11,467,468],{},"MultiClaw makes a fixed, documented set of outbound connections from your machine. Each connection has a specific purpose — API calls, real-time updates, AI execution, or update checks. No undocumented connections are made.",[11,470,307,471,474],{},[113,472,465],{"href":473},"\u002Fhelp\u002Fsecurity-privacy\u002Fallowed-external-connections"," for the full list of endpoints, protocols, and when each connection occurs.",[15,476,478],{"id":477},"incident-reporting","Incident reporting",[11,480,481],{},"If you discover a security vulnerability, you can report it directly to the MultiClaw security team. Reports are acknowledged within 24 hours and follow a structured triage and resolution process.",[11,483,307,484,488],{},[113,485,487],{"href":486},"\u002Fhelp\u002Fsecurity-privacy\u002Fincident-reporting-and-response","Incident reporting and response"," for how to submit a report and what to expect.",[15,490,492],{"id":491},"shared-responsibility","Shared responsibility",[11,494,495],{},"Security in MultiClaw is a shared effort. MultiClaw secures the infrastructure, encrypts data in transit, and hardens the app. You're responsible for protecting your credentials, managing workspace access, and configuring agents appropriately.",[11,497,307,498,500],{},[113,499,221],{"href":220}," for a clear breakdown of what each party owns.",{"title":223,"searchDepth":224,"depth":224,"links":502},[503,504,505,506,507,508,509,510,511,512,513,514,515],{"id":276,"depth":224,"text":277},{"id":315,"depth":224,"text":316},{"id":328,"depth":224,"text":329},{"id":341,"depth":224,"text":342},{"id":374,"depth":224,"text":375},{"id":388,"depth":224,"text":389},{"id":405,"depth":224,"text":406},{"id":421,"depth":224,"text":422},{"id":435,"depth":224,"text":436},{"id":448,"depth":224,"text":449},{"id":464,"depth":224,"text":465},{"id":477,"depth":224,"text":478},{"id":491,"depth":224,"text":492},"MultiClaw protects your data through layered security, TLS encryption in transit, app sandboxing, and a no-telemetry policy.",{},1,"\u002Fsecurity-privacy\u002Fsecurity-overview",[521,522,523,524,525],"security-privacy\u002Fdata-encryption","security-privacy\u002Fnetwork-security","security-privacy\u002Fbrowser-extension-security","security-privacy\u002Fhow-credentials-and-secrets-are-stored","security-privacy\u002Fprivacy-and-data-handling",{"title":258,"description":516},"security-overview","help\u002Fsecurity-privacy\u002F01.security-overview","2026-03-30","3x0_VX5XDDMQT5kwODVWQnpjsjlxJfe0Lbg5V4Kim9I","Security overview MultiClaw protects your data through layered security, TLS encryption in transit, app sandboxing, and a no-telemetry policy.",{"id":533,"title":116,"body":534,"category":237,"description":889,"draft":239,"extension":240,"meta":890,"navigation":242,"order":891,"path":892,"relatedArticles":893,"seo":896,"slug":897,"stem":898,"updatedAt":529,"__hash__":899,"excerpt":889,"searchText":900},"help\u002Fhelp\u002Fsecurity-privacy\u002F07.desktop-app-security.md",{"type":8,"value":535,"toc":872},[536,542,546,557,560,564,578,582,585,589,600,603,608,612,619,663,666,670,675,678,682,697,700,704,707,745,748,752,755,785,788,792,795,812,815,818,822,825,837,839,842,868],[11,537,538,539,541],{},"The MultiClaw desktop app is built on ",[29,540,412],{},", a Rust-based framework designed to minimize the attack surface. Every security layer described below is enabled by default — you don't need to configure anything.",[15,543,545],{"id":544},"tauri-capability-model","Tauri capability model",[11,547,548,549,552,553,556],{},"The UI runs inside a ",[29,550,551],{},"WebView"," that is designed to have no direct access to the filesystem, processes, or system calls. To perform a privileged operation, the frontend must invoke a declared ",[29,554,555],{},"IPC command"," in the Rust core. Commands not listed in the capability configuration are blocked by the framework.",[11,558,559],{},"This boundary is designed to prevent a compromised script in the UI from escalating to the system layer through undeclared paths. The separation is enforced by Tauri's capability model at the framework level, not by application-layer runtime checks.",[59,561,563],{"id":562},"what-the-capability-model-covers","What the capability model covers",[23,565,566,572],{},[26,567,568,571],{},[29,569,570],{},"UI-to-system isolation",": the WebView is designed to be unable to reach the filesystem, execute shell commands, or access system APIs unless a specific IPC command is declared and exposed by the Rust core.",[26,573,574,577],{},[29,575,576],{},"Least privilege by default",": only the commands the app explicitly declares in its capability configuration are available. Everything else is blocked at the framework level.",[59,579,581],{"id":580},"what-the-capability-model-does-not-cover","What the capability model does not cover",[11,583,584],{},"The capability model isolates the WebView from the system. It does not protect against threats that originate outside the app, such as malware running at the OS level or a compromised system process. OS-level security (disk encryption, user account controls, endpoint protection) remains your responsibility.",[15,586,588],{"id":587},"content-security-policy","Content Security Policy",[11,590,591,592,595,596,599],{},"The WebView enforces a strict ",[29,593,594],{},"Content Security Policy (CSP)"," that blocks inline scripts, ",[34,597,598],{},"eval()",", and external script loading. This substantially limits what an attacker can do with a cross-site scripting (XSS) vector in the UI layer.",[11,601,602],{},"The CSP is set at the framework level and applies to every page rendered inside the app. Combined with the Tauri capability model, CSP acts as a second barrier: even if a script bypasses one layer, the other limits what that script can reach.",[92,604,605],{"type":94},[11,606,607],{},"CSP reduces the impact of XSS but does not eliminate all injection risks. It is one layer in a defense-in-depth approach.",[15,609,611],{"id":610},"webview-rendering-engine","WebView rendering engine",[11,613,614,615,618],{},"Tauri v2 uses the ",[29,616,617],{},"operating system's built-in WebView"," rather than bundling a separate browser engine:",[620,621,622,635],"table",{},[623,624,625],"thead",{},[626,627,628,632],"tr",{},[629,630,631],"th",{},"Platform",[629,633,634],{},"WebView engine",[636,637,638,647,655],"tbody",{},[626,639,640,644],{},[641,642,643],"td",{},"macOS",[641,645,646],{},"WebKit (provided by Safari)",[626,648,649,652],{},[641,650,651],{},"Windows",[641,653,654],{},"WebView2 (provided by Microsoft Edge)",[626,656,657,660],{},[641,658,659],{},"Linux",[641,661,662],{},"WebKitGTK",[11,664,665],{},"Because the WebView is provided by the OS, it receives security patches through your regular OS updates. Keeping your operating system current is one of the most effective ways to maintain desktop app security.",[15,667,669],{"id":668},"update-integrity","Update integrity",[11,671,452,672,674],{},[29,673,107],{}," (Ed25519 public-key cryptography). Before installing an update, the updater verifies the signature against the embedded public key.",[11,676,677],{},"If verification fails, the update is rejected, and your current version stays unchanged. The app does not apply partially downloaded or unsigned updates.",[59,679,681],{"id":680},"how-updates-work","How updates work",[683,684,685,688,691,694],"ol",{},[26,686,687],{},"The app checks for available updates.",[26,689,690],{},"If a new version is found, the app downloads the update package and its signature file.",[26,692,693],{},"The updater verifies the signature against the public key embedded in your current installation.",[26,695,696],{},"If the signature is valid, the update is applied. If not, the update is discarded.",[11,698,699],{},"You can continue using the app while updates download. The update takes effect the next time you restart the app.",[15,701,703],{"id":702},"code-signing","Code signing",[11,705,706],{},"Every release is signed to protect against tampering.",[620,708,709,718],{},[623,710,711],{},[626,712,713,715],{},[629,714,631],{},[629,716,717],{},"Signing method",[636,719,720,727,737],{},[626,721,722,724],{},[641,723,643],{},[641,725,726],{},"Apple Developer ID certificate, notarized by Apple",[626,728,729,731],{},[641,730,651],{},[641,732,733,734,736],{},"Updater artifacts signed with ",[29,735,107],{}," (Ed25519)",[626,738,739,741],{},[641,740,659],{},[641,742,733,743,736],{},[29,744,107],{},[11,746,747],{},"On macOS, the operating system verifies the Developer ID certificate when you first open the app and blocks unsigned or tampered binaries. On Windows and Linux, the OS does not perform native binary verification, but the Tauri updater independently verifies the minisign signature before applying any update.",[59,749,751],{"id":750},"verify-your-installation-on-macos","Verify your installation on macOS",[11,753,754],{},"You can confirm the app's code signature by running this command in Terminal:",[756,757,761],"pre",{"className":758,"code":759,"language":760,"meta":223,"style":223},"language-bash shiki shiki-themes github-light github-dark","codesign --verify --deep --strict \u002FApplications\u002FMultiClaw.app\n","bash",[34,762,763],{"__ignoreMap":223},[764,765,767,771,775,778,781],"span",{"class":766,"line":518},"line",[764,768,770],{"class":769},"sScJk","codesign",[764,772,774],{"class":773},"sj4cs"," --verify",[764,776,777],{"class":773}," --deep",[764,779,780],{"class":773}," --strict",[764,782,784],{"class":783},"sZZnC"," \u002FApplications\u002FMultiClaw.app\n",[11,786,787],{},"If the signature is valid, the command produces no output. If the binary has been tampered with, you'll see an error message.",[15,789,791],{"id":790},"filesystem-access-scope","Filesystem access scope",[11,793,794],{},"The Rust core limits file access to known data directories:",[23,796,797,803,809],{},[26,798,799,802],{},[34,800,801],{},"~\u002F.openclaw\u002F",": agent data, sessions, configuration, and logs managed by OpenClaw",[26,804,805,808],{},[34,806,807],{},"~\u002F.multiclaw\u002F",": app preferences, workflow recordings, drafts, and MultiClaw-specific logs",[26,810,811],{},"The OS temp directory: transient working files",[11,813,814],{},"Requests that target paths outside these directories are not served by the Rust core's file access commands.",[11,816,817],{},"When you attach a file to a chat message or export data, the app uses your operating system's file picker. Access is scoped to the file or location you select — the app does not request broader directory access through this flow.",[15,819,821],{"id":820},"local-data-storage","Local data storage",[11,823,824],{},"Configuration files and session data are stored in the directories listed above. Authentication tokens are stored locally on your machine.",[92,826,828],{"type":827},"tip",[11,829,830,831,833,834,836],{},"If you share your computer, use a separate OS user account. Each OS account has its own ",[34,832,807],{}," and ",[34,835,801],{}," directories, keeping agent data and credentials isolated between users.",[15,838,178],{"id":177},[11,840,841],{},"The desktop app handles isolation, signing, and access scoping automatically. These protections work alongside your own security practices, not instead of them:",[23,843,844,850,856,862],{},[26,845,846,849],{},[29,847,848],{},"Keep your OS updated."," WebView security patches arrive through OS updates. Delaying updates delays security fixes.",[26,851,852,855],{},[29,853,854],{},"Don't bypass code signing checks."," On macOS, don't disable Gatekeeper to run unsigned copies of the app. On Windows, install from official channels only.",[26,857,858,861],{},[29,859,860],{},"Use a strong account password."," The app authenticates against MultiClaw Cloud. A weak password on your cloud account undermines the security of your local session.",[26,863,864,867],{},[29,865,866],{},"Lock your computer."," Desktop app sessions persist while the app is open. Lock your screen when you step away to prevent unauthorized access.",[869,870,871],"style",{},"html pre.shiki code .sScJk, html code.shiki .sScJk{--shiki-default:#6F42C1;--shiki-dark:#B392F0}html pre.shiki code .sj4cs, html code.shiki .sj4cs{--shiki-default:#005CC5;--shiki-dark:#79B8FF}html pre.shiki code .sZZnC, html code.shiki .sZZnC{--shiki-default:#032F62;--shiki-dark:#9ECBFF}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":223,"searchDepth":224,"depth":224,"links":873},[874,878,879,880,883,886,887,888],{"id":544,"depth":224,"text":545,"children":875},[876,877],{"id":562,"depth":229,"text":563},{"id":580,"depth":229,"text":581},{"id":587,"depth":224,"text":588},{"id":610,"depth":224,"text":611},{"id":668,"depth":224,"text":669,"children":881},[882],{"id":680,"depth":229,"text":681},{"id":702,"depth":224,"text":703,"children":884},[885],{"id":750,"depth":229,"text":751},{"id":790,"depth":224,"text":791},{"id":820,"depth":224,"text":821},{"id":177,"depth":224,"text":178},"The desktop app isolates the UI from the system, signs every update, and restricts file access — all enabled by default.",{},7,"\u002Fsecurity-privacy\u002Fdesktop-app-security",[246,894,522,895],"security-privacy\u002Fdependency-and-supply-chain-security","security-privacy\u002Fdata-residency-and-storage",{"title":116,"description":889},"desktop-app-security","help\u002Fsecurity-privacy\u002F07.desktop-app-security","rA3kcK7wiPbTOZxq3mlIvbAS0xgV-rG_VxIcoNqVJEE","Desktop app security The desktop app isolates the UI from the system, signs every update, and restricts file access — all enabled by default.",{"id":902,"title":221,"body":903,"category":237,"description":1212,"draft":239,"extension":240,"meta":1213,"navigation":242,"order":1214,"path":1215,"relatedArticles":1216,"seo":1217,"slug":1218,"stem":1219,"updatedAt":529,"__hash__":1220,"excerpt":1212,"searchText":1221},"help\u002Fhelp\u002Fsecurity-privacy\u002F14.shared-responsibility-model.md",{"type":8,"value":904,"toc":1195},[905,908,1057,1061,1064,1067,1070,1072,1076,1083,1087,1094,1098,1101,1105,1108,1123,1127,1145,1149,1152,1156,1159,1163,1167,1170,1174,1177,1181,1184],[11,906,907],{},"Security in MultiClaw follows a shared responsibility model. MultiClaw secures the cloud infrastructure and the desktop app; you secure your local environment, credentials, and workspace configuration. Understanding each party's role helps you protect your workspace effectively.",[620,909,910,920],{},[623,911,912],{},[626,913,914,917],{},[629,915,916],{},"Responsibility",[629,918,919],{},"Party",[636,921,922,930,937,944,951,958,965,972,980,987,994,1001,1008,1015,1022,1029,1036,1043,1050],{},[626,923,924,927],{},[641,925,926],{},"Infrastructure security (servers, databases, networking)",[641,928,929],{},"MultiClaw",[626,931,932,935],{},[641,933,934],{},"AES-256-GCM application-layer encryption for sensitive values in MultiClaw Cloud",[641,936,929],{},[626,938,939,942],{},[641,940,941],{},"TLS encryption between the gateway and MultiClaw Cloud",[641,943,929],{},[626,945,946,949],{},[641,947,948],{},"Desktop app update signing and verification (minisign)",[641,950,929],{},[626,952,953,956],{},[641,954,955],{},"Patching the desktop app and MultiClaw Cloud",[641,957,929],{},[626,959,960,963],{},[641,961,962],{},"Access controls and audit trail in MultiClaw Cloud",[641,964,929],{},[626,966,967,970],{},[641,968,969],{},"Security incident notification (GDPR Art. 33 and Art. 34)",[641,971,929],{},[626,973,974,977],{},[641,975,976],{},"Keeping the desktop app updated",[641,978,979],{},"You",[626,981,982,985],{},[641,983,984],{},"Keeping OpenClaw updated",[641,986,979],{},[626,988,989,992],{},[641,990,991],{},"Protecting your LLM API keys",[641,993,979],{},[626,995,996,999],{},[641,997,998],{},"Securing the local OpenClaw data directory",[641,1000,979],{},[626,1002,1003,1006],{},[641,1004,1005],{},"Managing workspace member access",[641,1007,979],{},[626,1009,1010,1013],{},[641,1011,1012],{},"Configuring agent guardrails",[641,1014,979],{},[626,1016,1017,1020],{},[641,1018,1019],{},"Securing the machine running the desktop app",[641,1021,979],{},[626,1023,1024,1027],{},[641,1025,1026],{},"Reviewing third-party MCP servers before adding them",[641,1028,979],{},[626,1030,1031,1034],{},[641,1032,1033],{},"Infrastructure monitoring",[641,1035,929],{},[626,1037,1038,1041],{},[641,1039,1040],{},"Agent activity monitoring and suspicious behaviour reporting",[641,1042,979],{},[626,1044,1045,1048],{},[641,1046,1047],{},"Secure default configuration",[641,1049,929],{},[626,1051,1052,1055],{},[641,1053,1054],{},"Configuration changes (for example, disabling auto-updates)",[641,1056,979],{},[15,1058,1060],{"id":1059},"multiclaws-responsibilities","MultiClaw's responsibilities",[11,1062,1063],{},"MultiClaw secures the cloud infrastructure that powers MultiClaw Cloud. This includes the physical security of data centres via AWS, server and database hardening, and network-level protections. MultiClaw Cloud stores data on AWS infrastructure, which encrypts underlying storage volumes at rest. Sensitive values including agent configuration and credentials are additionally encrypted at the application layer using AES-256-GCM before being written to the database.",[11,1065,1066],{},"All connections between the gateway and MultiClaw Cloud are encrypted with TLS. Desktop app updates are signed with minisign and verified before installation. MultiClaw patches and maintains the desktop app and MultiClaw Cloud on an ongoing basis.",[11,1068,1069],{},"MultiClaw Cloud enforces access controls and maintains an audit trail of key platform events. If a security incident is confirmed to have affected your data, MultiClaw will notify the relevant supervisory authority within 72 hours as required by GDPR Art. 33. MultiClaw will also notify you directly without undue delay if the breach poses a high risk to your rights (Art. 34).",[15,1071,178],{"id":177},[59,1073,1075],{"id":1074},"keep-the-desktop-app-updated","Keep the desktop app updated",[11,1077,1078,1079,1082],{},"Auto-updates are enabled by default. Do not disable them, as updates include security patches. If you need to verify which version you are running, check the desktop app's ",[29,1080,1081],{},"About"," screen.",[59,1084,1086],{"id":1085},"keep-openclaw-updated","Keep OpenClaw updated",[11,1088,1089,1090,1093],{},"OpenClaw is installed and updated separately from MultiClaw. Keep your OpenClaw installation current by following the update instructions for your platform (for example, ",[34,1091,1092],{},"brew upgrade openclaw"," on macOS). MultiClaw does not distribute or update the OpenClaw binary on your behalf.",[59,1095,1097],{"id":1096},"protect-your-llm-api-keys","Protect your LLM API keys",[11,1099,1100],{},"Your LLM API keys are stored in MultiClaw Cloud and encrypted at rest using AES-256-GCM. You control which services receive those keys. If you suspect a key has been compromised, rotate it immediately in your LLM provider's dashboard and update it in MultiClaw Cloud. Only connect services you trust.",[59,1102,1104],{"id":1103},"secure-the-local-openclaw-data-directory","Secure the local OpenClaw data directory",[11,1106,1107],{},"The local OpenClaw data directory is protected by your operating system's file-system permissions. Enable full-disk encryption on any machine running the desktop app. Keep the machine's operating system updated and apply security patches promptly.",[11,1109,1110,1111,1114,1115,1118,1119,1122],{},"On macOS, confirm FileVault is on in ",[29,1112,1113],{},"System Settings → Privacy & Security",". On Windows, check ",[29,1116,1117],{},"Settings → Privacy & security → Device encryption"," or search for ",[29,1120,1121],{},"BitLocker",". On Linux, verify LUKS encryption is active.",[59,1124,1126],{"id":1125},"manage-workspace-member-access","Manage workspace member access",[11,1128,1129,1130,833,1133,1136,1137,1140,1141,1144],{},"Invite only trusted users and revoke access when members leave. Two roles exist: ",[29,1131,1132],{},"Owner",[29,1134,1135],{},"Member",". Periodically review the member list by navigating to your workspace's ",[29,1138,1139],{},"Users"," page (",[34,1142,1143],{},"\u002F{your-workspace}\u002Fusers",") in MultiClaw Cloud.",[59,1146,1148],{"id":1147},"configure-agent-guardrails","Configure agent guardrails",[11,1150,1151],{},"MultiClaw provides secure defaults, but you are responsible for adjusting approval flows, scope limits, and execution permissions to match your organisation's risk tolerance. Review guardrail settings whenever your security requirements change.",[59,1153,1155],{"id":1154},"vet-third-party-mcp-servers","Vet third-party MCP servers",[11,1157,1158],{},"Before adding a third-party MCP server, verify its source and review its permissions. MultiClaw cannot audit or vouch for third-party servers. You are responsible for any access those servers receive.",[15,1160,1162],{"id":1161},"shared-responsibilities","Shared responsibilities",[59,1164,1166],{"id":1165},"incident-detection","Incident detection",[11,1168,1169],{},"MultiClaw monitors infrastructure for anomalies. You are responsible for monitoring your own agent activity. If you notice unexpected behaviour — agents running tasks you did not approve, unusual output, or activity at unexpected times — review the audit trail and revoke agent access if necessary.",[59,1171,1173],{"id":1172},"configuration","Configuration",[11,1175,1176],{},"MultiClaw ships secure defaults for all settings. When you change a default (for example, disabling auto-updates or granting an agent broad file access), you accept responsibility for the security implications of that change. Review any configuration change against your organisation's security policies before applying it.",[15,1178,1180],{"id":1179},"what-this-model-does-not-cover","What this model does not cover",[11,1182,1183],{},"This model describes the division of security responsibilities between MultiClaw and you. It does not guarantee that either party's measures will prevent every possible incident. No security programme can eliminate all risk.",[11,1185,1186,1187,69,1190,1192,1193,167],{},"If you are unsure where a specific responsibility falls, contact MultiClaw support. For the technical detail behind the protections described here, see ",[113,1188,258],{"href":1189},"\u002Fhelp\u002Fsecurity-privacy\u002Fsecurity-overview",[113,1191,370],{"href":369},", and ",[113,1194,401],{"href":400},{"title":223,"searchDepth":224,"depth":224,"links":1196},[1197,1198,1207,1211],{"id":1059,"depth":224,"text":1060},{"id":177,"depth":224,"text":178,"children":1199},[1200,1201,1202,1203,1204,1205,1206],{"id":1074,"depth":229,"text":1075},{"id":1085,"depth":229,"text":1086},{"id":1096,"depth":229,"text":1097},{"id":1103,"depth":229,"text":1104},{"id":1125,"depth":229,"text":1126},{"id":1147,"depth":229,"text":1148},{"id":1154,"depth":229,"text":1155},{"id":1161,"depth":224,"text":1162,"children":1208},[1209,1210],{"id":1165,"depth":229,"text":1166},{"id":1172,"depth":229,"text":1173},{"id":1179,"depth":224,"text":1180},"What MultiClaw secures versus what you are responsible for as a customer.",{},14,"\u002Fsecurity-privacy\u002Fshared-responsibility-model",[246,521,524],{"title":221,"description":1212},"shared-responsibility-model","help\u002Fsecurity-privacy\u002F14.shared-responsibility-model","hIH39R_Cs9_Maa_AMfiy_aXwvGhQrYoqXAyei0o7818","Shared responsibility model What MultiClaw secures versus what you are responsible for as a customer.",1778463888233]