Is Your OpenClaw Exposed?
Check your OpenClaw security configuration in 30 seconds. Get a detailed risk assessment with actionable fixes based on real-world threat intelligence.
Based on CVE-2026-25253, Astrix Security research, and 42,665+ exposed instance analysis.
Free. No signup required. Runs entirely in your browser.
7 Security Dimensions Analyzed
Our assessment covers every attack vector identified in the Astrix Security research and current CVE advisories.
Version & Patching
Check if your OpenClaw version is patched against known CVEs
Network Exposure
Assess how your OpenClaw gateway is exposed to the network
Authentication
Verify your authentication configuration strength
Reverse Proxy & TLS
Evaluate your reverse proxy and encryption setup
ClawHub Skills Security
Assess your exposure to malicious ClawHub skills
Data & API Key Protection
Check how sensitive data and credentials are protected
Monitoring & Response
Evaluate logging, monitoring, and incident response readiness
Why This Matters Now
OpenClaw gained 135K GitHub stars in weeks — but security hasn't kept pace with adoption.
CVE-2026-25253 published — CVSS 8.8 Remote Code Execution
Feb 2026 — NVD/NIST
42,665 publicly exposed instances discovered via internet-wide scanning
Feb 2026 — Astrix Security
341 malicious ClawHub skills identified stealing data and credentials
Feb 2026 — The Hacker News
Moltbook breach: 1.5M API tokens + 35K emails exposed
Feb 2026 — Wiz Research
OpenClaw patch v2026.1.29 released — fixes WebSocket origin bypass
Jan 2026 — OpenClaw GitHub
What is the OpenClaw Security Scanner?
The OpenClaw Security Scanner is a free, browser-based tool that assesses your OpenClaw AI assistant deployment against known vulnerabilities, misconfigurations, and current threat intelligence. It evaluates 7 security dimensions — including version patching, network exposure, authentication, reverse proxy configuration, ClawHub skill safety, data protection, and monitoring — to generate a comprehensive security score with actionable remediation steps.
In February 2026, Astrix Security discovered 42,665 publicly exposed OpenClaw instances, with 93.4% exhibiting critical authentication bypass vulnerabilities. Combined with CVE-2026-25253 (CVSS 8.8 RCE), 341 malicious ClawHub skills, and the Moltbook breach exposing 1.5 million API tokens, OpenClaw security has become an urgent priority for every self-hosted deployment.
OpenClaw Security Risk Comparison
| Risk Factor | Unprotected Instance | Hardened Instance |
|---|---|---|
| RCE Vulnerability (CVE-2026-25253) | Exploitable with 1 click | Patched (v2026.1.29+) |
| Network Exposure | Visible on Shodan/Censys | Localhost + VPN only |
| Authentication | None (93.4% of exposed) | Token + TLS encryption |
| API Key Safety | Leaked in control panel | Env vars, restricted perms |
| ClawHub Skill Risk | 341 malicious skills | Audited, least-privilege |
| Incident Detection | No logging | Monitored with alerts |
Source: Astrix Security ClawdHunter research, NVD CVE-2026-25253, The Hacker News (Feb 2026)
Frequently Asked Questions
Is my OpenClaw instance vulnerable to CVE-2026-25253?
If you are running any version of OpenClaw before 2026.1.29, your instance is vulnerable to CVE-2026-25253, a critical remote code execution vulnerability with a CVSS score of 8.8. The vulnerability exploits a missing WebSocket origin header validation, allowing attackers to hijack your session with a single malicious link. Update to version 2026.1.29 or later immediately.
How do I check if my OpenClaw is exposed on the internet?
Run 'ss -tlnp | grep 18789' on your server to check if the gateway port is bound to 0.0.0.0 (exposed) or 127.0.0.1 (safe). You can also search for your IP on Shodan (shodan.io) to see if port 18789 is visible. Our security scanner above provides a comprehensive assessment of your exposure across all OpenClaw ports (18789, 18791, 18792, 18793).
What ports does OpenClaw use?
OpenClaw uses port 18789 for the Gateway WebSocket (primary control plane), 18791 for the Control Service (browser profile management), 18792 for the CDP Relay (browser automation bridge), 18793 for the Canvas Host, and 18800+ for managed browser instances. All ports bind to localhost by default, but misconfiguration can expose them publicly.
How do I secure my OpenClaw instance?
Essential steps: 1) Update to the latest version (>= 2026.1.29), 2) Ensure gateway binds to 127.0.0.1 only, 3) Enable token authentication via OPENCLAW_GATEWAY_TOKEN, 4) Use a reverse proxy with TLS for remote access, 5) Audit ClawHub skills before installation, 6) Store API keys in environment variables, 7) Monitor access logs. Our free security scanner checks all of these configurations.
What are the 341 malicious ClawHub skills?
In February 2026, security researchers identified 341 malicious skills on ClawHub, OpenClaw's skill marketplace. These malicious skills can steal credentials, exfiltrate conversation data, inject malicious prompts, or execute unauthorized commands. Always review skill source code and permissions before installation, and restrict skills to least-privilege access.
What happened with the Moltbook breach?
Moltbook, an AI social network built on OpenClaw, suffered a major data breach in February 2026 when Wiz Research discovered a misconfigured Supabase database. The exposure included 1.5 million API authentication tokens, 35,000 email addresses, and private messages. The vulnerability was found through a Supabase API key exposed in client-side JavaScript.
Does this scanner access my OpenClaw instance?
No. This security scanner runs entirely in your browser. It does not connect to, probe, or scan your actual OpenClaw instance. Instead, it asks you about your configuration and provides a risk assessment based on your answers matched against known vulnerabilities and threat intelligence. Your answers are never sent to any server.
Can Cognio Labs help secure my OpenClaw setup?
Yes. Cognio Labs provides professional OpenClaw setup and hardening services starting at $499. This includes secure deployment on your own server, gateway authentication configuration, reverse proxy with TLS, firewall hardening, skill auditing, and ongoing security monitoring. We also offer a comprehensive security hardening guide and a free self-hosting guide.