Currently, more and more netizens are trying to deploy OpenClaw AI robots. This kind of personal assistant robot based on artificial intelligence technology has a very good experience, but the higher the permissions given by the user, the higher the potential security risks.
In addition to daily use that may expose some sensitive information to the AI model, if the OpenClaw instance is deployed through a cloud server and exposed to the public network, the potential security risk is higher, so users are not recommended to directly expose the instance to the public network.
There is an OpenClaw instance scanner built by a developer. Observation data shows that there are currently a total of 234,900 instances exposed on the public network. A small number of the instances are already offline, and most of the instances are still online.
Of course, don't be too nervous, because the scanner can only detect the instance through IP + port, but you also need a token to access the console. Without a token, you cannot directly access the configuration files and other tasks in the instance.
However, if other security issues occur in OpenClaw such as certain vulnerabilities, attackers can exploit the vulnerabilities and exposed instances to launch attacks. Users who deploy OpenClaw are advised to check the configuration to reduce the potential attack surface.
The following are the security recommendations from Blue Dot:
1. The gateway only monitors local loopback:
Suggestion: gateway.bind=127.0.0.1 or only intranet IP, do not listen to 0.0.0.0 (meaning to accept access from all IPs)
2. If you want to access the public network, please use reverse generation and strong authentication:
Recommendation: Configure OAuth/BasicAuth/IP whitelist at the reverse proxy level, do not directly expose the native WS port (port 18789)
3. DM/Group Allow List for Strict Communication Channels:
Recommendation: Whether it is Telegram or Discord, strictly limit the sender or group, and do not allow others to access the bot
4. Enable and check the pairing mechanism:
Recommendation: OpenClaw Pairing must be turned on, and old devices and old Tokens need to be cleaned regularly to prevent potential leaks
5. Run security audit regularly: openclaw security audit –deep
Suggestion: Set up a daily scheduled task for OpenClaw to run an audit, and send you the audit results and provide security insights.
6. Minimize permissions principle:
Recommendation: Disable unnecessary high-risk tools such as exec, browser, nodes, etc. by default and enable them as needed.
7. Update the new version in time:
Recommendation: OpenClaw changes very quickly and has many vulnerabilities. It is recommended to upgrade to the new version in time to fix the vulnerabilities.