OpenClaw Security Guide

guideintermediate5 min readVerified Mar 8, 2026

Essential security guide for OpenClaw covering the threat landscape, CVEs, hardening, and supply chain safety.

openclawsecuritycvehardeningsupply-chain

OpenClaw Security Guide

OpenClaw gives an AI agent full shell access, persistent memory, and connections to your email, calendar, and messaging apps. That power demands serious security practices.

This is not optional reading. As of March 2026, security researchers have found 42,665 OpenClaw instances exposed to the public internet, with 93.4% having authentication bypasses. Eight critical CVEs have been disclosed in just six weeks. The ClawHavoc campaign poisoned over 1,200 skills on ClawHub.

The Threat Model#

OpenClaw's architecture creates what security researchers call the "lethal trifecta":

  1. Full system access -- Shell commands, file system, network access with no default sandboxing
  2. Persistent memory -- The agent retains context across sessions in SOUL.md and MEMORY.md files, meaning a single compromise can permanently alter agent behavior
  3. Trust delegation -- Users grant the agent broad permissions and trust its judgment for autonomous actions
Warning

OpenClaw stores API keys, passwords, and credentials in plain text in its configuration and memory files. Versions of the RedLine and Lumma infostealers have already been spotted with OpenClaw file paths added to their must-steal lists.

## Default Configuration Risks

Out of the box, OpenClaw has several dangerous defaults:

  • Authentication disabled by default on the Gateway
  • WebSocket connections accepted without origin verification
  • Localhost connections implicitly trusted -- a disaster with reverse proxies
  • Dangerous tools accessible in Guest Mode
  • Critical config parameters leaked via mDNS broadcast
  • Gateway bound to 0.0.0.0 -- accessible from any network interface

What You Need to Do#

Immediate Actions#

  1. Update to v2026.2.26 or later -- Anything earlier is vulnerable to at least one critical CVE
  2. Enable authentication -- Set a strong Gateway token immediately
  3. Bind to localhost -- Never expose port 18789 to the public internet without a VPN
  4. Run openclaw security audit -- This checks your config for common pitfalls

Ongoing Practices#

  • Vet every skill before installing -- Check VirusTotal reports on ClawHub
  • Monitor your agent's actions -- Enable comprehensive audit logging
  • Rotate credentials regularly -- Treat Gateway tokens like admin passwords
  • Keep OpenClaw updated -- Security patches ship frequently

Security Resources#

CVE Tracker#

A living reference of all OpenClaw CVEs with severity scores, affected versions, patch status, and remediation steps.

Hardening Guide#

Step-by-step guide to securing your OpenClaw deployment: authentication, network isolation, sandboxing, secrets management, and audit logging.

Supply Chain Safety#

How to protect yourself from malicious ClawHub skills. Covers the ClawHavoc campaign, skill vetting procedures, and safe installation practices.

Key Security Stats (March 2026)#

| Metric | Value | |--------|-------| | Critical CVEs disclosed | 8 | | Internet-exposed instances | 42,665 | | Instances with auth bypass | 93.4% | | Malicious ClawHub skills (peak) | 1,200+ | | ClawHub skills with security flaws | 36% | | Minimum safe version | v2026.2.26 |

Who Should Read This#

Every OpenClaw user. This is not enterprise-only guidance. If you are running OpenClaw on your laptop with access to your email and API keys, you are a target. The ClawHavoc campaign specifically targeted individual developers and freelancers.

PreviousLLM Provider SetupNextOpenClaw Supply Chain Safety