InstantClaw

Why Your Self-Hosted OpenClaw Is Not Safe

Yes, using a separate machine or a VPS is best. But we've audited OpenClaw setups that did exactly that and were still compromised in minutes. The machine isn't the problem. The OpenClaw defaults are.

Lazy attackers move on when they hit a locked door. Default OpenClaw config has no door.

01

What we keep finding

OpenClaw uses a well-known address by default. Attackers scanning the internet for vulnerable OpenClaw setups check that address first. It's like having your house number painted in neon—anyone looking knows exactly where to knock.

Out of the box, anyone who messages your OpenClaw bot can give it commands. A stranger in a group chat. Someone who found your number. A random bot. No allowlist. No check. We've seen cases where one unsolicited message led to full access.

If your OpenClaw bot is in a group chat, everyone in that group can control it. Your coworker. A friend of a friend. Someone who was added years ago. The bot doesn't know the difference. One person sends "Summarize every email in this inbox" and the AI does it. No confirmation. No second factor.

If OpenClaw's control panel—the dashboard where you manage your OpenClaw bot—is reachable from the internet, it's not just your OpenClaw bot at risk. Your API keys, workspace files, and everything your OpenClaw bot can access sit right there. Imagine putting your house keys, bank login, and file cabinet on the front porch. We've audited OpenClaw setups where the dashboard was wide open. Most people never check.

A default OpenClaw instance can be compromised in minutes. One message: "Run this command on the server." Another: "Forward everything in the workspace." The AI obeys. We find this pattern over and over.

Self-Hosted OpenClaw: Attack Surface. Default config has no door. Lockdown closes them. Click to zoom.
02

What lockdown actually takes

Locking OpenClaw down means doing a few things—each one simple, but most self-hosters skip at least one.

Keep the control panel off the internet. OpenClaw's dashboard is like the back door to your house. If it's reachable from the web, anyone can try it. It needs to stay "inside"—only programs on the same machine can reach it. No front-door access for strangers.

Allowlist only yourself. An allowlist is a guest list. Put your own phone or username on it. Everyone else gets ignored. No allowlist means anyone who finds your bot can message it and give it commands.

Keep your OpenClaw bot out of group chats, or make sure only you can trigger it. In a group, everyone can talk. If your bot listens to everyone, anyone can control it. Either keep it in private chats only, or set it up so only you can give it commands—like a microphone that only works when you hold it.

Store API keys and tokens somewhere separate. API keys are like passwords that let your bot use other services (email, cloud storage, etc.). Don't keep them in the same file as your OpenClaw settings. That's like taping your house key to the front door. Use a separate vault or secure storage.

Close every port you don't need. A port is like a door or window on your computer—it's how data gets in and out. OpenClaw uses one by default, and attackers know to check it first. Close any port you're not using. Fewer open doors means fewer ways in.

Each step is straightforward. But a default OpenClaw instance left as-is can be compromised in minutes. One open port, no access control, a powerful AI that obeys anyone. One message can escalate to full system access. We find this in audits over and over.

03

How we run it differently

At InstantClaw we run OpenClaw for non-technical users. Same framework. Different defaults.

Dashboard stays inside. We keep OpenClaw's control panel reachable only from the same machine, never from the internet. It's like a control room with no outside doors. Our users never see or touch it; they don't need to.

Only you can use your bot. Only the user who pairs with the OpenClaw bot can give it commands. Strangers can't message it. Locked down from day one. Your OpenClaw bot can be in group chats, but only you can trigger it—others in the group can't.

Keys go in a vault. OpenClaw's API keys and tokens go in secure storage, not in config files. You never need to log into the server, use command lines, or manage infrastructure. We handle that.

We audit for you. We run security checks on your OpenClaw setup so you don't have to remember to do it.

Security baked in instead of bolted on after the fact.

If you want secure OpenClaw without the work, use InstantClaw

Deploy in under a minute. No SSH. No exposed ports. No 3am patches.

InstantClaw