Last reviewed: 2026-05-09

Personal AI Agent Safety Audit

Check whether your personal AI-agent setup is ready to connect tools, accounts, files, plugins, and messaging channels safely.

Start audit Open Agent Runtimes
Run the audit

Mark Pass only when you can point to evidence.

Evidence can be a config file, gateway setting, revocation screen, log entry, command approval rule, backup snapshot, or documented stop command.

Safety gate

Runtime isolation

Dedicated machine, VM, container, or separate OS user is used where practical.Use Partial or Not sure when the control exists but has not been tested.
The agent does not have unnecessary access to personal or work files.Use Partial or Not sure when the control exists but has not been tested.
The test workspace is separate from production repositories and synced folders.Use Partial or Not sure when the control exists but has not been tested.
Safety gate

Credential safety

API keys are scoped to the first test workflow.Use Partial or Not sure when the control exists but has not been tested.
Long-lived broad tokens are avoided or documented for removal.Use Partial or Not sure when the control exists but has not been tested.
Secrets are not pasted into prompts, screenshots, chat logs, or committed files.Use Partial or Not sure when the control exists but has not been tested.
Safety gate

Account access

Test accounts are used before primary personal or work accounts.Use Partial or Not sure when the control exists but has not been tested.
Messaging allowlists are configured before chat-based control is enabled.Use Partial or Not sure when the control exists but has not been tested.
Production Slack, email, and calendar access stays disconnected until testing passes.Use Partial or Not sure when the control exists but has not been tested.
Safety gate

Command execution

Destructive commands require explicit approval.Use Partial or Not sure when the control exists but has not been tested.
Shell access is limited, logged, or isolated.Use Partial or Not sure when the control exists but has not been tested.
The agent cannot modify critical folders without review.Use Partial or Not sure when the control exists but has not been tested.
Safety gate

Plugins, skills, and tools

Plugins or skills are reviewed before install.Use Partial or Not sure when the control exists but has not been tested.
Tool permissions are documented in plain language.Use Partial or Not sure when the control exists but has not been tested.
Unused tools are disabled before broader testing.Use Partial or Not sure when the control exists but has not been tested.
Safety gate

Network and gateway exposure

Public endpoints are disabled unless required.Use Partial or Not sure when the control exists but has not been tested.
Allowlist or authentication is configured for gateways.Use Partial or Not sure when the control exists but has not been tested.
Logs are available for gateway, webhook, and remote-control activity.Use Partial or Not sure when the control exists but has not been tested.
Safety gate

Memory and logs

Memory behavior is understood before sensitive tasks run.Use Partial or Not sure when the control exists but has not been tested.
Sensitive logs are handled carefully and not shared publicly.Use Partial or Not sure when the control exists but has not been tested.
Retention and deletion paths are reviewed.Use Partial or Not sure when the control exists but has not been tested.
Safety gate

Upgrade readiness

Backup or snapshot is available before upgrades.Use Partial or Not sure when the control exists but has not been tested.
Rollback path is documented before new releases are installed.Use Partial or Not sure when the control exists but has not been tested.
Official release notes are reviewed before upgrade.Use Partial or Not sure when the control exists but has not been tested.
Safety gate

Kill switch

You know how to stop the agent quickly.Use Partial or Not sure when the control exists but has not been tested.
You know how to revoke model, API, and tool keys.Use Partial or Not sure when the control exists but has not been tested.
You know how to disconnect messaging channels and gateways.Use Partial or Not sure when the control exists but has not been tested.
Answer at least one gate to generate a score.
Audit result
0

Do not connect sensitive accounts yet

Complete the audit when enough gates are answered. The live score updates as you go.

Next steps
  • Review official docs before running commands or connecting accounts.
  • Keep first tests in a low-risk workspace with scoped keys.
  • Document kill switch, logs, revocation, and rollback before broader testing.
Continue the cluster
OpenClaw Safe Install ChecklistOpen next safety step.Hermes Agent Safe Install ChecklistOpen next safety step.OpenClaw vs Hermes AgentOpen next safety step.
Official sources

Official OpenClaw repository

Check the official source before running commands or connecting accounts.

Official OpenClaw docs

Check the official source before running commands or connecting accounts.

Official Hermes Agent repository

Check the official source before running commands or connecting accounts.

Official Hermes Agent docs

Check the official source before running commands or connecting accounts.

We value your privacy

We use cookies to analyze site usage and improve your experience.

Learn more about our cookies

Essential cookies are always active