Features
Security
Cloud-sandboxed agents, encrypted credentials, rate limiting, full audit trails, and role-based access control.
Enterprise-grade security
Custom Agents is designed with security as a first principle. Your agents run in the cloud, sandboxed from your local systems, with full audit trails and role-based access control.
Security: Local Agents vs Custom Agents
| Risk | Local Agent (e.g. OpenClaw) | Custom Agents |
|---|---|---|
| File system access | Full local access | None — cloud sandboxed |
| Credential storage | On device | Encrypted, server-side |
| Data exfiltration | Possible (employee risk) | Impossible (cloud sandboxed) |
| Runaway execution | Unbounded | Rate-limited, token-budgeted |
| Data persistence | Lost if device fails | Cloud-backed, redundant |
| Multi-user access | Single user | Team-based with RBAC |
| Audit trail | None | Full activity logging |
| Offboarding risk | Knowledge walks out the door | Knowledge stays permanently |
Key security features
- Cloud sandboxing — agents cannot access your local file system or network
- Encrypted credentials — all API keys and OAuth tokens stored server-side, encrypted at rest
- Rate limiting — prevents runaway execution and cost overruns
- Full audit trail — every action logged and reviewable
- Role-based access control — team-based permissions for multi-user accounts
- OAuth-scoped integrations — each integration has granular permissions you control
Security built in, not bolted on
Your agents run in a secure cloud environment with full audit trails.