Free OpenClaw Security Scanner
Check your agent config in 60 seconds. Scans 7 dimensions — CVEs, exposed ports, auth bypass, malicious skills, API key leaks, TLS, and monitoring — with actionable fixes.
Based on 14+ CVEs (incl. CVE-2026-25253, CVE-2026-28446), Censys/Shodan scanning, and 1,467 malicious ClawHub skills identified by Snyk.
Free. No signup required. Runs entirely in your browser.
7 Security Dimensions Analyzed
Our assessment covers every attack vector identified in Censys scanning, Oasis Security research, Snyk analysis, and 14+ CVE advisories.
Version & Patching
Check if your OpenClaw version is patched against known CVEs
Network Exposure
Assess how your OpenClaw gateway is exposed to the network
Authentication
Verify your authentication configuration strength
Reverse Proxy & TLS
Evaluate your reverse proxy and encryption setup
ClawHub Skills Security
Assess your exposure to malicious ClawHub skills
Data & API Key Protection
Check how sensitive data and credentials are protected
Monitoring & Response
Evaluate logging, monitoring, and incident response readiness
Why This Matters Now
OpenClaw gained 68K+ GitHub stars and millions of users — but 14+ CVEs have been disclosed since January 2026 and security hasn't kept pace with adoption.
CVE-2026-32302 — WebSocket Origin Validation Bypass (fixed v2026.3.11)
Mar 2026 — NVD/NIST
CVE-2026-28446 — Voice RCE affecting 42,000 instances
Feb 2026 — NVD/NIST
1,467 malicious ClawHub skills identified — 91% combine prompt injection with malware
Feb 2026 — Snyk Research
CVE-2026-25253 published — CVSS 8.8, 1-click Remote Code Execution via WebSocket origin bypass
Feb 2026 — NVD/NIST
42,665+ publicly exposed instances discovered via Censys/Shodan scanning
Feb 2026 — Censys Research
CVE-2026-24763 & CVE-2026-25157 — Command injection via Docker sandbox & SSH node
Feb 2026 — NVD/NIST
Moltbook breach: 1.5M API tokens + 35K emails exposed via misconfigured Supabase
Feb 2026 — Wiz Research
"ClawJacked" attack disclosed — brute-force gateway password from any website via localhost WebSocket
Feb 2026 — Oasis Security
OpenClaw patch v2026.1.29 released — fixes WebSocket origin bypass (CVE-2026-25253)
Jan 2026 — OpenClaw GitHub
What is the OpenClaw Security Scanner?
The OpenClaw Security Scanner is a free, browser-based tool that assesses your OpenClaw AI agent deployment against known vulnerabilities, misconfigurations, and current threat intelligence. It evaluates 7 security dimensions — version patching, network exposure, authentication, reverse proxy configuration, ClawHub skill safety, data protection, and monitoring — and generates a comprehensive security score with actionable remediation steps in under 60 seconds.
Since January 2026, 14+ CVEs have been disclosed against OpenClaw, including CVE-2026-25253 (CVSS 8.8, 1-click RCE), CVE-2026-28446 (Voice RCE affecting 42,000 instances), CVE-2026-24763 (command injection via Docker sandbox), and CVE-2026-32302 (WebSocket origin validation bypass). Censys and Shodan scans discovered 42,665+ publicly exposed instances, with 93.4% exhibiting critical authentication bypass vulnerabilities. Snyk identified 1,467 malicious ClawHub skills, 91% of which combine prompt injection with traditional malware. Combined with the Moltbook breach exposing 1.5 million API tokens, OpenClaw security has become an urgent priority for every self-hosted deployment.
OpenClaw Security Risk Comparison
| Risk Factor | Unprotected Instance | Hardened Instance |
|---|---|---|
| RCE Vulnerabilities (14+ CVEs) | Exploitable — CVE-2026-25253 (1-click RCE), CVE-2026-28446 (Voice RCE) | Patched (v2026.3.11+) |
| Network Exposure | Visible on Shodan/Censys (42,665+ found) | Localhost + VPN only |
| Authentication | None (93.4% of exposed) | Token + TLS encryption |
| ClawJacked Attack | Brute-forceable from any website via localhost WebSocket | Rate-limited + auth required |
| API Key Safety | Leaked in control panel | Env vars, restricted perms |
| ClawHub Skill Risk | 1,467 malicious skills (91% with prompt injection + malware) | Audited, least-privilege |
| Command Injection | Docker sandbox PATH (CVE-2026-24763) + SSH node (CVE-2026-25157) | Patched (v2026.1.29+) |
| Incident Detection | No logging | Monitored with alerts |
Sources: Censys, Shodan, NVD (14+ CVEs), Snyk (1,467 malicious skills), Oasis Security (ClawJacked), Wiz Research (Moltbook breach) — Jan–Mar 2026
Frequently Asked Questions
Is my OpenClaw instance vulnerable to CVE-2026-25253?
If you are running any version of OpenClaw before 2026.1.29, your instance is vulnerable to CVE-2026-25253, a critical remote code execution vulnerability with a CVSS score of 8.8. The vulnerability exploits a missing WebSocket origin header validation in the Control UI, which accepted a gatewayUrl from the query string without validation and auto-connected via WebSocket, sending the stored gateway token to an attacker-controlled server. Even localhost-only instances were vulnerable because the exploit uses the victim's browser to pivot into the local network. Update to version 2026.1.29 or later immediately.
How many CVEs affect OpenClaw as of March 2026?
As of March 2026, 14+ CVEs have been disclosed against OpenClaw. Key ones include: CVE-2026-25253 (CVSS 8.8, 1-click RCE via WebSocket origin bypass), CVE-2026-28446 (Voice RCE affecting 42,000 instances), CVE-2026-24763 (command injection via Docker sandbox PATH handling), CVE-2026-25157 (command injection via SSH node), CVE-2026-25475 (path traversal via isValidMedia), CVE-2026-32057 (Control UI client.id bypass), CVE-2026-32302 (WebSocket origin validation bypass, fixed v2026.3.11), and CVE-2026-32896 (BlueBubbles plugin webhook auth bypass). A community tracker is maintained at github.com/jgamblin/OpenClawCVEs.
How do I check if my OpenClaw is exposed on the internet?
Run 'ss -tlnp | grep 18789' on your server to check if the gateway port is bound to 0.0.0.0 (exposed) or 127.0.0.1 (safe). You can also search for your IP on Shodan (shodan.io) or Censys (search.censys.io) to see if port 18789 is visible. Censys found 21,639 exposed instances by querying HTML titles for 'Moltbot Control' and 'clawdbot Control'. Broader scanning found 42,665+ publicly exposed instances total. Our security scanner provides a comprehensive assessment of your exposure across all OpenClaw ports (18789, 18791, 18792, 18793).
What is the ClawJacked vulnerability?
ClawJacked, discovered by Oasis Security, is an attack where JavaScript on any malicious website can open a WebSocket connection to localhost:18789 and brute-force the gateway password. The rate limiter in OpenClaw exempts localhost connections, making this attack feasible even for strong passwords. Once the password is cracked, the attacker gains full remote code execution on the victim's machine. This affects users who visit malicious websites while OpenClaw is running locally.
What ports does OpenClaw use?
OpenClaw uses port 18789 for the Gateway WebSocket (primary control plane), 18791 for the Control Service (browser profile management), 18792 for the CDP Relay (browser automation bridge), 18793 for the Canvas Host, and 18800+ for managed browser instances. All ports bind to localhost by default, but misconfiguration can expose them publicly.
How do I secure my OpenClaw instance?
Essential steps: 1) Update to the latest version (>= 2026.3.11 for all known CVE patches), 2) Ensure gateway binds to 127.0.0.1 only, 3) Enable token authentication via OPENCLAW_GATEWAY_TOKEN, 4) Use a reverse proxy with TLS for remote access, 5) Audit ClawHub skills before installation (1,467 malicious skills found), 6) Store API keys in environment variables, 7) Monitor access logs, 8) Run 'openclaw security audit --deep' regularly. Official hardening guides are available from OpenClaw docs, Microsoft Security Blog, DigitalOcean, and HAProxy.
How many malicious ClawHub skills have been found?
Snyk identified 1,467 malicious skills on ClawHub, OpenClaw's skill marketplace. 91% of these combine prompt injection with traditional malware techniques to steal credentials, exfiltrate conversation data, inject malicious prompts, or execute unauthorized commands. Always review skill source code and permissions before installation, restrict skills to least-privilege access, and test in a sandbox environment first.
What happened with the Moltbook breach?
Moltbook, an AI social network built on OpenClaw, suffered a major data breach in February 2026 when Wiz Research discovered a misconfigured Supabase database. The exposure included 1.5 million API authentication tokens, 35,000 email addresses, and private messages. The vulnerability was found through a Supabase API key exposed in client-side JavaScript.
Does this scanner access my OpenClaw instance?
No. This security scanner runs entirely in your browser. It does not connect to, probe, or scan your actual OpenClaw instance. Instead, it asks you about your configuration and provides a risk assessment based on your answers matched against known vulnerabilities and threat intelligence. Your answers are never sent to any server.
Can Cognio Labs help secure my OpenClaw setup?
Yes. Cognio Labs provides professional OpenClaw setup and hardening services starting at $499. This includes secure deployment on your own server, gateway authentication configuration, reverse proxy with TLS, firewall hardening, skill auditing, and ongoing security monitoring. We also offer a comprehensive security hardening guide and a free self-hosting guide.