You Can’t Just “Delete” OpenClaw: You Gave It Access to Everything. Now What?

OX Security research shows that common uninstall methods leave sensitive data behind – and fully revoking access is far harder than most users realize. We outline the concrete steps you must take to properly wipe your data.

The OpenClaw crisis: How to protect yourself

OpenClaw (formerly MoltBot, formerly ClawdBot) has become one of the most viral open-source tools in recent memory. In just days, it exploded from a new project to a personal AI assistant with hundreds of thousands of users – and downloads have now spiked to 720,000 per week. All of them have granted it extraordinary access to their digital lives.

The scope of that access is staggering. OpenClaw can read and send your emails, manage your calendar, access your chat apps (WhatsApp, Telegram, Slack, Discord), browse the web on your behalf, read and write to your local file system, execute commands on your machine, and integrate with practically any service through APIs and MCP connections. Users hand it API keys to Stripe, AWS, Google Cloud, GitHub, and more. In short: OpenClaw gets the keys to your entire digital kingdom.

That made OpenClaw powerful – and, as OX Security warned in research findings published last week, dangerous. We found that OpenClaw stores credentials in cleartext, uses insecure coding patterns including direct eval with user input, and has no privacy policy or clear accountability. With 300+ contributors and code largely “vibe-coded” using AI tools, the project was – in our assessment – one step away from a massive data breach.

That assessment has now been validated. In the past week alone, critical RCE vulnerabilities, malicious skills, fake extensions, exposed databases, and account hijacking campaigns have turned OpenClaw into an active security crisis.

The result: Users who enthusiastically installed OpenClaw days ago are now scrambling to remove it and protect their accounts.

But here’s the problem: you can’t just “delete” OpenClaw.

Even after users try to uninstall the tool or remove secrets through the Web UI, sensitive data can remain accessible on the machine – and fully revoking access across every connected platform is far harder than most users realize.

OX Security tested what happens when users attempt to remove OpenClaw, and we found that common uninstall methods leave credentials and configuration files behind, creating ongoing exposure even after users believe they’ve cleaned up.

This guide walks you through the concrete steps required to properly wipe OpenClaw data from your machine and revoke access across every platform you’ve connected – because your digital security depends on getting this right.

What OX Security found

OX Security researchers tested what happens when users try to “remove” OpenClaw – including deleting secrets, uninstalling the tool, and following common uninstall instructions found online. Here’s what we found:

1. Removing keys in the OpenClaw Web UI isn’t enough.
   Even if a user removes secret keys in the Web UI, the data can still remain on the machine. In our testing, we attempted to remove secret keys and observed that they were still present locally afterward. (You can see this in our video at 2:30, where we try to remove the secret keys and it’s still on the machine.)

2. Uninstalling OpenClaw can leave sensitive files behind – depending on how you uninstall.
   If users uninstall OpenClaw using common “Google” instructions rather than the official uninstall method, local directories containing secrets and configuration can remain on disk.

3. A key uninstall trap: if users uninstall the binary first, cleanup gets harder.
   In particular, users who uninstall OpenClaw via npm (for example, npm uninstall -g openclaw) may remove the OpenClaw binary but still leave the local directory behind. That means secrets and configurations can remain on the machine.
   And because the openclaw binary is now gone, users can’t run the official openclaw uninstall command afterward, which makes a complete cleanup more difficult.

4. The official docs matter – but many users won’t find them.
   When searching for how to uninstall OpenClaw, there’s no official guide or uninstall instructions on the GitHub page. If a user does find the official docs, they instruct users to run “openclaw uninstall” directly on the machine.

But many users will instead follow community instructions like the Reddit example:
“npm uninstall -g openclaw” – which can uninstall OpenClaw while leaving the ~/.openclaw directory on the machine. In our testing, this meant sensitive keys and configurations were still present afterward.

What to do now

If you’ve connected OpenClaw to any platforms or services, you should assume that cleanup requires two tracks:

1. Remove OpenClaw and local stored data from your machine
2. Revoke and rotate credentials / sessions on every connected platform

Quick checklist:

1. Uninstall OpenClaw using the official command: openclaw uninstall
2. Delete leftover local directories: rm -rf ~/.clawdbot and rm -rf ~/clawdbot
3. On every connected platform: log out, remove sessions, and rotate API keys

Step 1: Remove OpenClaw (the right way)

If you can still run OpenClaw commands (recommended):

Users should strive to remove OpenClaw completely using the official documentation by running:

• openclaw uninstall

However, you should also check whether environment variables and local directories were actually removed. Specifically:

• Look for whether the directory ~/.clawdbot/ exists, and if there’s anything inside it.

If ~/.clawdbot/ still exists (or you want to be sure everything is removed):

Run the following commands to remove all configurations:

• rm -rf ~/.clawdbot/
• rm -rf ~/clawdbot

Step 2: Avoid the common uninstall mistake (npm uninstall)

Many users searching Google will find instructions to uninstall from npm, such as:

• npm uninstall -g openclaw

In our testing, this can uninstall OpenClaw but still keep local directories on the machine (including directories where secret keys and configurations may be stored). One example we observed:

• After uninstalling with npm uninstall -g openclaw, files were still present.

This matters because once the openclaw binary has been uninstalled, you can no longer run the official cleanup command (openclaw uninstall). At that point, to completely remove the remaining data, you need to manually delete the directory:

• rm -rf ~/.clawdbot/
• rm -rf ~/clawdbot

Step 3: Revoke access and rotate credentials on every connected platform

Uninstalling OpenClaw and deleting local directories is not enough if OpenClaw has been connected to external services. On every connected platform, you should:

• Log out
• Remove sessions
• Rotate API keys

If you think your account has been compromised, or any information was leaked, make sure you rotate all of your API keys and remove any unknown session or unknown activity from each connected platform.

WhatsApp

• Go to Settings → Linked Devices → choose an unknown device → Log Out

Telegram

• Revoke all relevant API keys
• If connected via devices: Devices → Active Sessions → choose unknown device → Log Out

What this means for users and security teams

OpenClaw is being adopted quickly, and users are granting it access to extremely sensitive systems. Our testing shows that cleanup and revocation are not straightforward, and users can easily end up in a situation where they believe they’ve removed the tool – but sensitive data and access remain.

This guide is intended to help users understand what OX Security found,  and what concrete steps are required to properly wipe data and revoke access.

‍