Security Overview
ClawLink is designed to keep hosted integration setup simple while reducing unnecessary access to user credentials and connected account data.
How ClawLink Handles Credentials
ClawLink uses hosted OAuth flows where available so users can connect accounts directly with the provider rather than pasting secrets into OpenClaw. Stored integration credentials are encrypted before persistence.
Operational Access
Access to production systems and operational data should be limited to what is necessary to operate, support, and secure the service. We aim to minimize retained integration data and request the least scope needed for a feature to work.
Disconnecting Integrations
Users can disconnect integration connections from the ClawLink dashboard. For higher-assurance removal, users may also revoke provider access from the third-party account directly and contact us for deletion requests.
Reporting Security Issues
Security reports can be sent to hello@claw-link.dev. Please include reproduction steps, affected endpoints, and any relevant account or request context.