OpenClaw Secure Linux Cloud

Overview

Use this skill for the conservative "deploy first, expose later" pattern for OpenClaw on a cloud server.

Default to a private control plane:

• Harden the Linux host before exposing anything.
• Keep the gateway bound to 127.0.0.1.
• Reach the Control UI through an SSH tunnel first.
• Keep token authentication, pairing, and sandboxing enabled.
• Start with a narrow tool profile and loosen only with an explicit need.

This skill is for secure Linux cloud hosting. If the user only wants the fastest generic OpenClaw install on a local machine, prefer the official OpenClaw onboarding docs instead of forcing this flow.