Enable Strong Authentication and Disable dangerouslyDisableDeviceAuth
Do not use the high-risk configuration dangerouslyDisableDeviceAuth, which disables device authentication. If this configuration is enabled, attackers could establish connections simply with a token, bypassing device pairing authentication.
Procedure
Disable the high-risk option of the OpenClaw gateway.
openclaw config set gateway.controlUi.dangerouslyDisableDeviceAuth false
Parent topic: Automated Configuration Items