SecurityScorecard published a deep analysis of internet-exposed OpenClaw deployments this week, and the numbers are striking. While the media coverage focused on a malware campaign that borrowed the OpenClaw name, the more important finding is about legitimate OpenClaw installations that operators left exposed without protective measures.
Here's what the research actually says — and what it means for your setup.
The Numbers
The three CVEs with CVSS scores between 7.8 and 8.8 all have public exploit code available. That means anyone can download a working exploit and run it against an exposed instance — no sophistication required.
What "Exposed" Actually Means
When SecurityScorecard says "internet-exposed," they mean the OpenClaw gateway control panel is reachable from the public internet — no VPN, no authentication layer in front, just a direct connection from anywhere in the world.
This happens for a few common reasons:
- Running OpenClaw on a VPS or cloud server and binding to
0.0.0.0(all interfaces) instead of a private interface - Port forwarding on a home router to make the gateway reachable remotely
- Following tutorials that prioritize convenience over security — many setup guides tell you to expose the port to make remote access easy
- Using a reverse proxy that unintentionally exposes the gateway port alongside the intended web traffic
The problem isn't running OpenClaw. It's running OpenClaw with the control panel accessible to the entire internet.
The name identification risk: SecurityScorecard also noted that users commonly configure their OpenClaw bots with identifiable personal or company names — making them easily findable targets. If your gateway responds to requests with your name or business name in the headers or UI, attackers can use Shodan or similar tools to find you specifically.
What an Attacker Can Do with a Vulnerable Exposed Instance
The three CVEs in the research enable remote code execution — meaning an attacker who reaches your exposed gateway can run arbitrary commands on the machine hosting it. With a CVSS of 7.8-8.8, that's high-severity without requiring any authentication.
From there, the attacker has everything OpenClaw has access to:
- Files in your workspace directory and any mounted volumes
- API keys stored in your config or environment variables
- Connected email, calendar, or messaging accounts
- Any shell commands the gateway can run via exec tools
- Your model API keys — which they can use for their own purposes at your cost
Turner's quote is worth sitting with. It applies to the malware campaign they studied — but it's also a fair characterization of many self-hosted OpenClaw setups. People move fast, follow convenience-first tutorials, and don't think about the exposure surface until something goes wrong.
The Fix: Three Config Changes That Remove You from the Risk Pool
The good news is that fixing this is not hard. The 40,214 exposed instances in SecurityScorecard's scan share a common trait: their gateways are reachable from the internet. Remove that exposure and you remove the attack surface for the CVEs entirely.
-
Bind the gateway to localhost only
In your
openclaw.json, set"gateway": {"bind": "127.0.0.1"}. This ensures the gateway only accepts connections from the local machine — not from the network. If you're running on a VPS, this is the single most important change you can make. -
Use Tailscale or a VPN for remote access
If you need to reach your OpenClaw gateway from another device or location, do it over a private tunnel — not a public port. Tailscale is free for personal use, takes about 10 minutes to set up, and means your gateway is only reachable from devices you've explicitly authorized. No port forwarding, no public exposure.
-
Update to the latest version and run
openclaw doctorThe three CVEs referenced in the SecurityScorecard report are patched in recent releases. Run
npm update -g openclawfollowed byopenclaw doctor --fixand restart your gateway. If you're on an old version, you're carrying known vulnerabilities with public exploit code — update now.
If you're on ClawReady's setup: Your gateway was configured with bind: 127.0.0.1 from day one. You're not in the 40,214. If you've made changes since your initial setup, run openclaw doctor to verify your current config state.
Why the Scale Is So Large
40,000+ exposed instances is a lot — but it reflects the pace of OpenClaw adoption in 2026. The framework went from niche to mainstream extremely quickly. A huge wave of first-time self-hosters followed tutorials written for convenience, deployed to cloud VMs, and left their gateways public-facing.
This pattern repeats with every fast-growing open-source project. It happened with Jupyter notebooks (thousands exposed with no auth), with MongoDB (hundreds of millions of records exposed), with Elasticsearch. The attack surface scales with adoption, and the attackers know it.
OpenClaw is now mainstream enough to be worth scanning for at scale. That's not a reason to avoid it — it's a reason to configure it properly.
The SecurityScorecard Research vs. the "OpenClaw Trojan" Story
Earlier this week, Tweaktown covered a malware campaign called the "OpenClaw Trojan" — malware that borrowed the OpenClaw name to appear legitimate (we covered it here). That's a separate issue from what SecurityScorecard found.
SecurityScorecard's research is about legitimate OpenClaw installations that are misconfigured and exposed. The trojan story is about a different piece of software that borrowed the name. Both are real security concerns — they just affect different populations.
- Trojan: Victims who downloaded fake OpenClaw software from phishing links
- SecurityScorecard research: Legitimate OpenClaw users with exposed gateways running vulnerable versions
If you downloaded OpenClaw from npm or GitHub, you have the real thing. The question SecurityScorecard is raising is: is your real OpenClaw exposed to the internet, and is it patched?
Quick Self-Audit
Take 5 minutes right now:
- Run
openclaw --version— compare against the latest on npmjs.com/package/openclaw - Check your
openclaw.jsonforgateway.bind— it should be127.0.0.1, not0.0.0.0 - If you're on a VPS, run
ss -tlnp | grep openclaw— if the gateway port shows0.0.0.0, you're exposed - Run
openclaw doctor— check for any config warnings
If any of those checks come back wrong, fix them before you do anything else today.
Not sure if your setup is exposed?
We'll audit your gateway binding, version, config, and network exposure. You'll get a plain-English report of what's at risk and a prioritized fix list. Takes 24 hours or less.
Book a Security Audit — $49Summary
SecurityScorecard found 40,214 internet-exposed OpenClaw instances, with 63% vulnerable to remote code execution via CVEs with CVSS scores up to 8.8 and publicly available exploit code. This is a configuration problem, not a framework problem — operators who left gateways public-facing without patching are at risk. Operators who bind to localhost, use VPN for remote access, and stay updated are not in the risk pool.
Three changes: bind to 127.0.0.1, add Tailscale for remote access, update and run openclaw doctor --fix. Do those and you're out of the 40,000.