# Security ### Authentication layers, secret management, and container isolation. ## Security Molt.id Multiclaw Service uses multiple layers of authentication, strict secret management, and full container isolation to keep agents and user data secure. *** ### Authentication #### NFT-Based Auth All user authentication is based on proving ownership of a `.molt` domain NFT on Solana. See the Authentication Flow for the full process. Key properties: * **Challenge-response** — Server issues a random nonce, user signs with their wallet. Nonce expires after 5 minutes (anti-replay). * **On-chain verification** — The server fetches the NFT data from Solana RPC and confirms the signing wallet is the current owner. * **JWT sessions** — After verification, a 7-day JWT is issued and stored as an HttpOnly cookie. * **User isolation** — The JWT's subject must match the container being accessed. Users can only reach their own agent. *** ### Secret Management All sensitive credentials follow strict handling rules: | Secret | Visible to Users? | In Snapshots? | Notes | | ------------------ | ----------------- | ------------- | ------------------------------------- | | LLM API keys | No (redacted) | No | Written fresh on every startup | | Wallet private key | No | No | Written fresh, restricted permissions | | JWT secret | No | N/A | Server-side only | | Bot tokens | No | No | Written to config on startup only | **Key principles:** * Sensitive files are **never included in snapshots** — they are always written fresh from secure storage on every container startup * API responses only show the first 8 characters of any key (redacted) * Inside containers, credential files use restricted file permissions * Keys follow the priority chain: user key → global key → not available *** ### Container Isolation * Each user's container is a **separate Cloudflare Sandbox instance** * Containers **cannot communicate with each other** * Sensitive config files are written fresh on every startup from secure storage — never restored from snapshots * All container data (chat history, workspace, memory) is scoped to a single user and stored in isolated R2 paths *** ### NFT Ownership = Access Control The security model is anchored to NFT ownership on Solana: * **Only the current NFT owner** can authenticate and access the agent * If the NFT is transferred or sold, the **new owner** gains access and the previous owner loses it immediately * There are no passwords or usernames — your Solana wallet and NFT are your credentials * Agent wallet operations require the NFT owner's signature via Metaplex Core ExecuteV1 (see Agent Wallet) *** ### Best Practices * **Save your domain wallet private key** at mint time — it's shown once and cannot be recovered * **Use pairing mode** for channel integrations to prevent unauthorized users from messaging your agent * **Bring your own LLM keys** if you want direct billing from providers and don't want to rely on platform-provided keys * **Fund your agent wallet conservatively** — only load what the agent needs for its current operations * **Review connected channels** periodically — revoke bot tokens you no longer use --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.molt.id/getting-started/openclaw-service/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.