Is Your OpenClaw Exposed? How to Check and Fix It in 30 Minutes
Is Your OpenClaw Exposed? How to Check and Fix It in 30 Minutes
Right now, there are over 42,000 OpenClaw instances visible on the public internet — most with no authentication at all. The researchers who found this described it as one of the more significant AI agent security problems currently in the wild.
Is yours one of them? Here's how to find out in 10 seconds, and how to lock it down in 30 minutes if it is.
What "Exposed" Actually Means
An exposed OpenClaw instance isn't just one with a weak password. It's one where:
- The gateway port is accessible from the public internet
- Anyone who finds that port can interact with the bot
- With no auth or a default/weak credential, they have full access
"Accessible from the public internet" means the port responds to connections from any IP address. Automated scanners (there are millions running continuously) probe every IP address on the internet for open ports. Port 8080 — the OpenClaw default — is well-known and actively scanned.
If your OpenClaw is on a public IP with port 8080 open and no authentication configured, someone has probably already found it.
The 10-Second Check
From outside your own network, check if your OpenClaw port is responding:
# Replace with your server's public IP and port
curl -I http://YOUR_SERVER_IP:8080
If you get an HTTP response back, your gateway is publicly accessible.
If you're already using Tailscale and binding to loopback, this should time out — which is what you want.
For a more thorough check, use a port scanner from an external perspective. Sites like portchecker.co let you check if a specific port on an IP is open from the outside.
Or ask your OpenClaw directly:
Audit your own security setup. Check:
1. Are you running as root?
2. What port is the gateway on?
3. Is the gateway bound to "loopback" or "0.0.0.0"?
4. Is Tailscale configured?
5. Is there an allowFrom list?
6. Is UFW enabled and what ports are open?
Give me a security score out of 10.
[→ See also: OpenClaw Self-Audit: The Prompt That Checks Your Own Security Setup]
The 5 Biggest Exposure Mistakes
1. Running on the default port (8080)
Port 8080 is documented in every OpenClaw tutorial and is the first port automated scanners check for OpenClaw instances. Running on this port is essentially advertising your setup to the internet.
Fix: Change the port to a random number between 10000–65535 in openclaw.json.
{
"gateway": {
"port": 39217
}
}
2. Binding to 0.0.0.0 instead of loopback
bind: "0.0.0.0" means "listen on all network interfaces" — including your public IP. Anyone who finds the port gets a gateway connection.
bind: "loopback" means "only listen on 127.0.0.1" — nothing external can reach it directly.
{
"gateway": {
"bind": "loopback"
}
}
3. No authentication configured
Some setups have the gateway accessible without any password. The OpenClaw dashboard loads without credentials. This is the "zero authentication" scenario from the 42,000 exposed instances research.
{
"gateway": {
"auth": {
"mode": "password",
"password": "YOUR-STRONG-30-CHAR-PASSWORD-HERE"
}
}
}
4. No Telegram allowlist
If your Telegram bot has no allowFrom list, every Telegram user who finds the bot can send it commands. This is a different attack surface from the gateway — no port scanning needed, just knowing the bot's handle.
{
"channels": {
"telegram": {
"allowFrom": ["tg:YOUR_USER_ID"]
}
}
}
5. UFW disabled or not configured
Without a firewall, every port your server is listening on is potentially accessible. Even if OpenClaw is configured securely, other services on the server might not be.
sudo ufw status
# Should show: Status: active
[→ See also: UFW Firewall Setup for OpenClaw: Close Every Port You Don't Need]
The 30-Minute Lockdown Sequence
If you've determined your setup is exposed, here's the fix in order:
Minutes 1–5: Change Port and Bind
Edit ~/.openclaw/openclaw.json:
{
"gateway": {
"port": 39217,
"bind": "loopback",
"auth": {
"mode": "password",
"password": "YOUR-STRONG-30-CHAR-PASSWORD-HERE"
}
}
}
Pick your own random port. Save and restart:
openclaw gateway restart
Minutes 6–15: Install Tailscale
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up
Follow the link to authorize, then add Tailscale config:
{
"gateway": {
"auth": {
"allowTailscale": true
},
"tailscale": {
"mode": "serve"
}
}
}
openclaw gateway restart
[→ See also: How to Set Up Tailscale with OpenClaw]
Minutes 16–20: Configure UFW
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw enable
Don't add your OpenClaw port if you're using Tailscale.
Minutes 21–25: Add Telegram Allowlist
Find your user ID via @userinfobot in Telegram, then update openclaw.json:
{
"channels": {
"telegram": {
"dmPolicy": "pairing",
"groupPolicy": "disabled",
"allowFrom": ["tg:YOUR_USER_ID"]
}
}
}
openclaw gateway restart
Minutes 26–30: Run the Verification Script
echo "=== USER CHECK ==="
whoami
echo "=== PORT AND BIND ==="
grep -E '"port"|"bind"' ~/.openclaw/openclaw.json
echo "=== TAILSCALE ==="
tailscale status
echo "=== UFW ==="
sudo ufw status
echo "=== ALLOWLIST ==="
grep -o '"allowFrom"' ~/.openclaw/openclaw.json && echo "✅ Configured" || echo "❌ Missing"
echo "=== FILE PERMISSIONS ==="
ls -la ~/.openclaw/openclaw.json
echo "=== EXTERNAL PORT CHECK ==="
echo "Manually verify: curl -I http://YOUR_PUBLIC_IP:OLD_PORT should fail"
After Locking Down: Ongoing Monitoring
One-time lockdown isn't enough. Configurations drift. Packages update. Ports get opened for debugging and never closed. Set up ongoing monitoring:
Set up a daily cron job that runs a full security audit every morning at 9am.
Check: firewall status, fail2ban, SSH config, file permissions, open ports,
and report any issues.
Send that to your OpenClaw bot. It creates the cron job and starts reporting daily.
[→ See also: How to Set Up a Daily Security Audit Cron Job in OpenClaw]
Key Takeaways
- 42,000+ OpenClaw instances are currently exposed with no authentication — this is an active, documented problem
- The 10-second check:
curl -I http://YOUR_SERVER_IP:PORT— if you get a response, your gateway is publicly accessible - The five exposure mistakes in order of frequency: default port (8080), binding to 0.0.0.0, no auth, no Telegram allowlist, no firewall
- The fix sequence takes 30 minutes: change port + bind → install Tailscale → configure UFW → add allowlist → run verification
- Tailscale is the single most impactful change — it makes the port invisible externally, which eliminates the port scanning attack vector entirely
- Set up a daily security audit cron job after fixing — it catches configuration drift before it becomes an incident
Learn alongside 1,000+ operators
Ask questions, share workflows, and get help from people running OpenClaw every day.
📚 Explore More
OpenClaw Gateway Crashes or Won't Start — Complete Fix Guide
Comprehensive troubleshooting for gateway startup failures, 1006/1008 WebSocket errors, token mismatches, health check failures, and platform-specific issues on Windows, macOS, and Linux.
How to Deploy OpenClaw on DigitalOcean (One-Click Droplet Guide)
Spin up a secure, containerized OpenClaw instance on DigitalOcean in minutes. Connect Telegram, add skills, and chat with your AI from anywhere.
Telegram
The easiest way to get started. Full bot support with groups, reactions, inline buttons, and rich media. Set up in under 10 minutes.
How to Connect OpenClaw to Google Calendar (2026 Guide)
Connect OpenClaw to Google Calendar: create events, check schedule, get reminders via WhatsApp or Telegram. Setup takes 10 minutes with the gog CLI.