Security at Rapid Claw

Container isolation

Every instance runs in its own isolated container. If an exploit fires, the blast radius is contained to that single container — your data and other customers' instances are untouched.

Restricted egress

Outbound connections are limited to explicitly allowlisted endpoints by default. Exploits that attempt to exfiltrate data to an attacker-controlled server fail at the network layer.

Non-root execution

Agent processes run as unprivileged users inside their containers. Even with a container escape, the attack surface on the underlying host is minimised.

Memory isolation

cgroup-enforced memory and CPU limits prevent one noisy or compromised instance from affecting others. Resource exhaustion attacks are contained.

AES-256 encryption at rest

All credential data is encrypted using AES-256-GCM before being written to disk. Encryption keys are managed separately from the data they protect.

Isolated credential vault

Credentials live in a dedicated vault service, completely separate from the execution environment. The agent runtime accesses credentials via short-lived tokens — never direct storage reads.

Zero-knowledge design

No Rapid Claw staff can read your credentials. The vault is designed so that even internal access to the infrastructure does not expose plaintext credential values.

Runtime injection only

Credentials are injected at container startup and never logged, never written to disk in plaintext, and never echoed in error output. Logs are scrubbed before being stored.

4-hour critical CVE SLA

We commit to patching all customer instances within 4 hours of a critical CVE advisory being published. This SLA is contractual on Pro and Enterprise plans.

CVE-2026-25253 & CVE-2026-25593: patched in 3 hours

When the March 2026 OpenClaw CVEs were disclosed, we applied patches across all customer instances within 3 hours — before most self-hosted users had even read the advisory.

No action required from customers

Patches are deployed automatically to every running instance. You don't need to update, restart, or re-deploy anything. Your agent keeps running on patched software.

Staging validation before rollout

Every patch is validated against a staging environment before production rollout. We verify that patched builds pass the full test suite and don't introduce regressions.

Every agent action logged

API calls, database queries, file operations, and outbound connections are captured in structured logs. Nothing your agent does is invisible.

Immutable log storage

The agent process cannot modify or delete its own logs. Logs are written to append-only storage under a separate trust boundary — a compromised container cannot cover its tracks.

Isolated log shipping

Logs are shipped in real-time to isolated storage separate from the execution environment. A total container failure does not result in log loss.

Full incident reconstruction

The complete log history lets you reconstruct exactly what your agent did, when, and to what systems — critical for post-incident analysis and compliance reporting.