OpenClaw Security Risks: Your Instance Is Probably Exposed Right Now
Security researcher Jamieson O'Reilly searched Shodan for exposed OpenClaw instances.
He found over 1,000 exposed to the public internet. (CyberSecurityNews)
Hundreds had no authentication whatsoever — API keys, conversation histories, and in some cases root shell access wide open. (CyberSecurityNews)
No guardrails. No audit logs. No network restrictions. Just raw, open agents with access to API keys, private data, and shell commands.
If you self-host OpenClaw, there's a decent chance yours is one of them.
Check Yours Right Now
Open a terminal. Run this:
curl -s https://api.shodan.io/shodan/host/search?key=YOUR_KEY&query=openclaw
Or just try hitting your instance from outside your network. If it responds without auth, you're exposed.
No Shodan key? Try this: open a private browser window and navigate to your OpenClaw URL. If you see anything other than a login page, you have a problem.
What "Exposed" Actually Means
An exposed OpenClaw instance gives an attacker:
Full agent control. They can send prompts. Your agent will execute them.
API key theft. Your LLM keys are in the environment. Attacker runs up your bill — or worse, uses your keys to generate harmful content under your account.
Data exfiltration. If your agent reads files, databases, or emails, the attacker reads them too.
Lateral movement. Your agent can make HTTP requests. That means it can reach internal services on your network.
This isn't theoretical. It happened. Multiple documented incidents in 2025-2026.
Why This Keeps Happening
OpenClaw ships with no authentication by default.
That's a feature, not a bug. It's designed for local development. The docs say "add auth before deploying to production."
But most people skip that step.
They docker-compose up on a VPS, port-forward 3000, and move on. The agent works. The demo goes well. Nobody checks if the front door is locked.
Then Shodan finds it.
The Three Things You Need (Minimum)
If you insist on self-hosting, you need at minimum:
1. Authentication. Not optional. Not "we'll add it later." Now.
2. Network restrictions. Your agent should not be able to reach the entire internet. Domain allowlists. Egress controls. OpenClaw doesn't ship with these — you'd build them yourself.
3. Action blocking. OpenClaw has exec approvals built in. But they're opt-in, and most deployments never configure them. Shell exec, file delete, database drops — these should require explicit approval by default.
Configuring all three properly takes 20-40 hours. Maintaining them across OpenClaw upgrades is ongoing work.
Or You Could Just Not Do That
Clawctl deploys OpenClaw with all three — plus 67 more security controls — in 60 seconds.
Here's what happens when you sign up:
- Your agent gets its own isolated container. Not shared. Yours.
- Network egress is locked to domains you approve — not available in stock OpenClaw.
- 70+ high-risk actions are blocked by default. OpenClaw has exec approvals, but Clawctl pre-configures them with secure defaults so nothing slips through.
- Every action is logged. Searchable. Exportable. Full audit trail — not available in stock OpenClaw.
- Prompt injection defenses are layered: action blocking + egress controls + approval workflows.
Your agent code doesn't change. Your prompts don't change. You just stop being one of the 1,000+.
Fix it now. Deploy a secured OpenClaw instance in 60 seconds. Your current agent works as-is. Secure your agent ->
What If You've Already Been Compromised?
If your instance has been exposed, assume compromise. Seriously.
Immediately:
- Rotate all API keys (LLM providers, external services)
- Check your LLM billing for unexpected usage
- Review any databases or files your agent had access to
- Check for unauthorized outbound connections
Then:
- Move to managed hosting with audit logs
- Enable approval workflows for high-risk actions
- Set up network egress controls
You can't audit what happened on an unmonitored instance. That's the worst part. You'll never know exactly what an attacker did.
With managed hosting, you would.
The Math
Self-hosting with proper security: 20-40 hours of engineering + ongoing maintenance.
Managed hosting: $49/month.
One compromised API key: $500-50,000 in billing fraud.
One data breach: $160 per compromised customer record — that's the IBM 2025 Cost of a Data Breach Report average. Shadow AI breaches cost $670K more than standard incidents. (IBM)
Gartner predicts that by 2028, 25% of enterprise breaches will be traced back to AI agent abuse. (Gartner)
The question isn't whether you can afford managed hosting.
It's whether you can afford not to.
Sources: