Phase 6 / Ep 31: Message Channel Security Governance —— Abuse Prevention · Leak Prevention · Audit Trail
🎯 Learning Objective: Ensure message channels are not abused and prevent information leakage.
1. Who Can Talk to Your Bot?
User Whitelist
// openclaw.json
{
"channels": {
"telegram": {
"allowedUsers": [123456789, 987654321]
},
"discord": {
"allowedRoles": ["admin", "developer"]
}
}
}
When a user not on the whitelist sends a message, the Bot will not respond and a log entry will be recorded.
2. Rate Limiting
Prevent malicious users or misoperations from causing a massive number of API calls:
{
"security": {
"rateLimit": {
"messagesPerMinute": 10,
"messagesPerHour": 100
}
}
}
3. Sensitive Information Filtering
The Agent's responses must absolutely not contain:
- API Keys
- Passwords
- Database connection strings
- Users' private file contents
{
"security": {
"responseFilter": {
"patterns": [
"sk-ant-api",
"password=",
"PRIVATE KEY"
],
"action": "redact"
}
}
}
4. Audit Logs
Every message will record:
| Field | Description |
|---|---|
| timestamp | Message time |
| userId | Sender ID |
| channel | Channel source |
| message | Message content (redacted) |
| agent | Processing Agent |
| tools_used | Tools called by the Agent |
| response | Agent's response |
# View audit logs
openclaw audit list --since "24h"
openclaw audit search --user 123456789
Next Episode Preview: Phase 7 begins! Ep 32, Create Your Agent Legion — Designing a multi-agent collaboration system with specialized division of labor.