Is Your OpenClaw Agent Publicly Listed? A Security Warning

Why this matters

OpenClaw, by default, listens on port 18789. On a local machine behind a router, that's fine — the port isn't reachable from the internet. On a VPS, cloud VM, or any server with a public IP, it's a different story: if you didn't explicitly bind to localhost or set a firewall rule, OpenClaw is accepting connections from anywhere.

An unauthenticated OpenClaw endpoint is effectively an open remote code execution interface. Whoever reaches it can ask your agent to run shell commands, read files, exfiltrate API keys stored in your environment, or use your agent's API provider credits to run their own workloads.

A public watchboard at openclaw.allegro.earth actively tracks these instances — 224,000+ at the time of writing. Each entry shows the live IP, port, auth status, and a "Leaked" or "Clean" classification based on detected credential exposure. Attackers don't need to scan for themselves; the database does the work for them.

How to check if you're affected

Run this from an external machine (not the server itself — you need to test reachability from the public internet, not from localhost):

If you get a JSON response, your OpenClaw instance is reachable from the public internet. If the connection times out or is refused, you're either already protected or not running OpenClaw on that machine.

How to fix it

You have a few layers to apply. Apply all four if you're on a public server; at minimum, do steps 1 and 3.

Step 1 — Bind to localhost only

In your OpenClaw config file, set the host to 127.0.0.1. This tells OpenClaw to only accept connections from the same machine, not from external IPs.

Step 2 — Set an auth token

If you need OpenClaw accessible from somewhere other than localhost, set an auth token. All API requests will then require a bearer token in the Authorization header.

Step 3 — Block the port at the firewall level

Even with localhost binding, adding a firewall rule as a second layer of defence is good practice. On Ubuntu/Debian with ufw:

Step 4 — If you need remote access, use SSH tunneling or a reverse proxy

If you legitimately need to reach your OpenClaw instance from another machine, don't open the port to the public internet. Instead, use an SSH tunnel so traffic stays encrypted and only authenticated SSH users can reach it:

After that, connect to http://localhost:18789 on your local machine — the connection is forwarded securely over SSH without exposing the port. For a more permanent setup, put nginx in front with TLS and HTTP basic auth, and keep the OpenClaw port firewalled.

A shared responsibility

Running any networked service on a public server comes with obligations. OpenClaw is no different — it's a powerful tool, and an unprotected instance is a meaningful attack surface. The good news is the fix is straightforward: bind to localhost, set a token, and firewall the port. Ten minutes of work closes most of the risk.

If you're not sure whether your local OpenClaw config is correctly set up, ClawKit's Doctor tool can check your config health and flag common misconfigurations before they become a problem.