If you're also running OpenClaw on a cloud server, check it immediately after reading this article. Don't wait until you log in to your server and find several unfamiliar processes or your chat history has been completely exposed; by then, it will be too late for regrets.
Where exactly is the problem?
The security vulnerability of OpenClaw, simply put, stems from its over-reliance on user input during its design. It listens on 0.0.0.0:18789 by default, meaning that as long as your server has a public IP address, the entire world can scan this port. Attackers can use search engines like Shodan to find a long list of targets by entering "port:18789".
Even more serious is that OpenClaw runs directly with host machine privileges by default, instead of being isolated in a Docker container. Once compromised, attackers gain complete control of the server. Add to that the fact that API keys, OAuth tokens, and chat logs are all stored in plaintext, it's like leaving your house key under your shoe door.
There's also an even more insidious tactic called "indirect suggestion injection". An attacker can hide malicious commands in a webpage. When your OpenClaw accesses that page, it will obediently execute the commands—downloading scripts, deleting files, sending emails, and more.
How to "Save Yourself" on a Cloud Server
First Move: Make Port 18789 Disappear from the Public Internet
The most direct method is to prevent this port from being exposed to the public internet. Configure OpenClaw to listen on 127.0.0.1 instead of 0.0.0.0, so that only the server itself can access it.
Then how do you access it? Use an SSH tunnel. Execute this command on your local computer:
ssh -L 18789:127.0.0.1:18789 root@yourserverIPKeep your terminal open, and access http://127.0.0.1:18789 in your browser. The traffic will be securely forwarded to the server through the encrypted SSH tunnel. When an attacker scans your server IP, port 18789 will not respond at all; it will remain completely invisible.
The second strategy: Use Docker to confine OpenClaw within a "cage"
Don't let OpenClaw run directly on the host machine anymore. Isolate it with Docker containers; even if compromised, attackers will only gain container privileges, not access to the host machine.
Docker deployment is simple. First, install Docker:
curl -fsSL https://get.docker.com | sudo shCreate `docker-compose.yml`:
yaml
services:
openclaw:
image: ghcr.io/openclaw/openclaw:latest
container_name: openclaw-gateway
restart: always
ports:
- "127.0.0.1:18789:18789"
volumes:
- ~/openclaw/data:/home/node/.openclaw
environment:
- NODE_ENV=productionNote the `ports` line: `127.0.0.1:18789:18789`. This means it's bound to the local machine only and not exposed to the public internet.
Third tip: Double protection with security groups and firewalls
Cloud vendors' consoles usually have security group functions. Go in and delete the inbound rules for port 18789, or only allow your local IP address. Simultaneously, enable the firewall on the server:
sudo ufw enable
sudo ufw allow ssh
sudo ufw deny 18789In case of a misconfiguration, the firewall will still provide an extra layer of protection.
Fourth tip: Minimize privileges, don't give a "master key"
In OpenClaw's configuration file, explicitly restrict the commands it can execute and the directories it can access. Set up manual confirmation for sensitive operations (deleting files, sending emails, transferring funds), don't let AI act arbitrarily. Change API keys regularly; use short-term keys whenever possible.
OpenClaw is indeed a good tool, but using it effectively requires not treating it like a "toy" and leaving it on the public internet. Spending half an hour configuring these steps is much more worthwhile than spending an entire night recovering data after being hacked.
