OpenClaw can be secure when properly configured, but out-of-the-box defaults have known risks. The biggest concerns are exposed gateway ports, malicious ClawHub skills, and credentials stored in plaintext config files. Proper security hardening is essential.
CVE-2026-25253 (CVSS 8.8) was a critical vulnerability where a malicious web page could leak the Gateway auth token via WebSocket and execute arbitrary commands on the host machine. It has been patched, but it illustrates why security hardening is not optional.
Security researchers using Censys found over 30,000 publicly exposed OpenClaw instances. This happens because the default bind setting (0.0.0.0) exposes the API to the internet when deployed on a VPS without a firewall. The fix is to bind to loopback only.
Not all of them. Security audits have found that 12-20% of ClawHub skills are malicious, depending on the study. Every skill should be treated as executable code — review the source, pin versions, and never run obfuscated commands from skill documentation.
A proper hardening process follows OWASP principles and includes: Docker container isolation, binding gateway to localhost only, exec allowlists, Composio OAuth middleware for integrations, read-only filesystem permissions, audit logging, credential rotation, network segmentation, and automated health monitoring.
Need professional help with OpenClaw?
Skip the troubleshooting. We handle setup, security, and integrations.
Book a Setup Call → View PricingRelated: Security hardening service · Security checklist · Is OpenClaw safe? · Security audit