42,000 OpenClaw instances are sitting exposed on the internet right now. In 93% of them, attackers can bypass authentication entirely.
Security researchers demonstrated that joining a Discord server with an unsecured OpenClaw agent lets you extract tokens, passwords, and API keys within 30 seconds.
I wrote the complete security hardening guide. Every step from firewall rules to credential management.
https://clawhosters.com/blog/posts/is-openclaw-safe-security-hardening-guide
Top comments (0)