135,000 OpenClaw instances are exposed across 82 countries right now. 12,812 of those are exploitable via remote code execution.
Your OpenClaw instance ships with almost zero security turned on. The gateway binds to loopback, which is good. But the tool access model? Wide open. Your agent can run any shell command, read any file your OS user can reach, and accept messages from anyone who finds your Telegram bot.
The fix takes about 60 seconds. OpenClaw has three permission layers:
- Who can message your bot (dmPolicy + allowlist with numeric Telegram IDs)
- Which tools the agent has (tool profiles + deny lists)
- Shell command execution (exec.security set to deny)
One JSON file. Three settings. Done.
Full walkthrough with the complete hardened config:
👉 Read the full guide
If you want these security defaults baked in from day one, ClawHosters ships with container isolation, firewall rules, and auto-updates out of the box.
Top comments (0)