Security Overview
CookAI uses a three-layer security architecture to protect your Bot across containers, network, and data.
Three-Layer Security
Container Isolation
Each Bot runs in an isolated Docker container. Containers are fully isolated — one Bot cannot access another's files, processes, or memory.
Network Isolation
Bots are blocked from creating reverse tunnels or exposing ports. block-tunnels.sh runs at container startup, blocking all tunnel tools.
Data Isolation
Data between Bots is completely invisible. Each Bot has its own file system, memory storage, and config files.
Container Isolation Details
Each CookAI Bot is automatically assigned an isolated Docker container on creation:
- • Isolated file system — Bot can only read/write files within its own container
- • Isolated process space — Bot's code execution doesn't affect other Bots
- • Resource limits — each container has CPU and memory caps to prevent abuse
- • Auto cleanup — inactive containers are automatically reclaimed
# Each Bot's container structure├── /home/user/ # Bot workspace├── /home/user/.openclaw/ # Config & memory└── /tmp/ # Temp filesNetwork Isolation Details
Bots can access the internet (for search, API calls, etc.) but are blocked from creating reverse tunnels:
# Tools blocked by block-tunnels.shngrok, cloudflared, localtunnel, bore,frpc, ssh -R, ssh -L and all tunnel tools💡 This prevents Bots from being exploited to expose internal services or create backdoors