Back to articles
guides

How to Secure Your OpenClaw Instance: A Step-by-Step Guide

After 42,000+ exposed instances and a major security crisis, here's exactly how to lock down your OpenClaw agent — whether self-hosted or managed.

March 18, 20264 min readAgentSource

Why Security Matters for OpenClaw

In January and February 2026, security researchers at Palo Alto Networks and Kaspersky discovered that over 42,665 publicly accessible OpenClaw instances had critical authentication bypass flaws. Malicious actors could hijack agents, access private messages, and execute commands — all without the owner knowing.

The OpenClaw team has since patched the core vulnerabilities, but the lesson stands: an improperly configured OpenClaw instance is one of the most dangerous things you can run on your computer or server.

This guide walks you through securing your setup, step by step.

Step 1: Never Run OpenClaw on Your Main Machine

The single most important security decision is isolation. Running OpenClaw directly on your personal computer gives it access to your files, emails, browser sessions, and credentials.

Instead, use containerization. Docker provides a sealed environment where OpenClaw can operate without access to your personal data. If something goes wrong, the damage is contained.

# Run OpenClaw in an isolated Docker container
docker run -d \
  --name my-openclaw \
  --restart unless-stopped \
  -v openclaw-data:/home/node/.openclaw \
  -p 18789:18789 \
  ghcr.io/openclaw/openclaw:latest

The container only sees what you explicitly mount into it. No access to your home directory, no access to your browser, no access to your email.

Step 2: Lock Down Network Access

By default, OpenClaw's web interface is accessible to anyone who knows your IP address. This is how 42,000+ instances got exposed.

Put it behind authentication. Use a reverse proxy like Caddy or Nginx with basic auth or OAuth:

# Caddy example
openclaw.yourdomain.com {
  basicauth {
    admin $2a$14$yourhashedpassword
  }
  reverse_proxy localhost:18789
}

Never expose port 18789 directly to the internet. Always use a reverse proxy with HTTPS and authentication.

Step 3: Manage API Keys Carefully

Your AI model API keys (Anthropic, OpenAI, etc.) are stored in OpenClaw's configuration. If someone gains access to your instance, they gain access to your keys.

Best practices:

  • Use API keys with spending limits set at the provider level
  • Rotate keys monthly
  • Use separate keys for OpenClaw (don't reuse your personal API key)
  • Set daily and monthly spending caps with your AI provider

Step 4: Limit Agent Permissions

OpenClaw agents can be given broad permissions — file system access, web browsing, code execution, messaging. Only enable what you actually need.

Start with the minimum:

  • Web browsing: Yes (usually needed)
  • File creation: Yes, but in a specific directory only
  • Code execution: Only if you need it
  • Messaging: Only the specific platforms you use
  • Email access: Be very careful — this is how the worst incidents happened

Step 5: Set Spending Guardrails

Runaway API costs are a real problem. Users have reported bills exceeding $200 in a single day from agents that got stuck in loops.

Set hard limits:

  1. Set a daily token budget in your OpenClaw config
  2. Set spending limits at your API provider (Anthropic, OpenAI)
  3. Monitor usage daily for the first week

Step 6: Keep Everything Updated

OpenClaw is updated frequently with security patches. Running an outdated version is one of the most common attack vectors.

# Update to the latest version
docker pull ghcr.io/openclaw/openclaw:latest
docker stop my-openclaw
docker rm my-openclaw
# Re-run with the same command from Step 1

Check for updates at least weekly. Subscribe to the OpenClaw security mailing list for critical patches.

Step 7: Monitor Activity

Review what your agent is doing regularly. OpenClaw logs all actions, but you need to actually read them.

Check for:

  • Unexpected outbound network requests
  • File modifications you didn't authorize
  • Unusually high token usage
  • Messages sent to people or services you don't recognize

If You Use Managed Hosting

Many of these steps are handled for you. But verify with your provider:

  1. Is your instance containerized and isolated?
  2. Are API keys stored with zero-knowledge encryption?
  3. Is the web interface behind authentication?
  4. Do they apply security patches promptly?
  5. Can you set spending limits?

The Bottom Line

OpenClaw is incredibly powerful, and that power requires respect. The agents that got hacked in early 2026 weren't running advanced attacks — they were just left exposed with default settings.

Take 30 minutes to properly secure your setup. It's the difference between a useful AI assistant and a security liability.

#openclaw#security#setup#guide

Related Articles

guides5 min read

OpenClaw for Business: 5 Real Use Cases That Are Working Right Now

Beyond the hype — here are five concrete ways businesses are using OpenClaw to automate work, reduce costs, and ship faster in 2026.

Mar 17, 2026
guides5 min read

Making Money with AI Agents: What's Actually Working in 2026

Forget the hype — here are the business models that are actually generating revenue with AI agents right now, backed by real numbers and examples.

Mar 15, 2026
news4 min read

The OpenClaw Security Crisis: What Happened and What to Do

In early 2026, security researchers found critical vulnerabilities in tens of thousands of OpenClaw instances. Here's the full timeline and how to protect yourself.

Mar 14, 2026