Free security audit

Is your OpenClaw agent secure?

Over 135,000 OpenClaw instances are exposed to the internet with no authentication. Check yours in seconds. Free, no signup required.

Enter the public URL or IP address of your OpenClaw instance. We'll check what an attacker can see from the outside.

Examples: myserver.com:18789 · https://claw.mydomain.com · 45.55.123.45:18789

Running locally or behind NAT?

What we check

Internet Exposure

Is your instance reachable from the public internet? If it is, anyone can attempt to connect. Censys found 135,000+ exposed instances in February 2026.

Access Layer

Is there a gateway like Cloudflare Access or Tailscale in front? Without one, your OpenClaw is directly exposed. The OpenClaw security docs recommend always using a reverse proxy.

Authentication

Does your gateway reject unauthenticated connections? 93% of exposed instances have no auth configured.

TLS Encryption

Is traffic encrypted? Without TLS, credentials and agent commands travel in plaintext. Even a basic Nginx + Let's Encrypt setup fixes this.

Known Vulnerabilities (CVEs)

CVE (Common Vulnerabilities and Exposures) is a global database run by MITRE that assigns unique IDs to publicly disclosed security bugs. Each vulnerability gets a CVSS score (0-10) measuring severity: 9.0+ is critical, 7.0+ is high. You can look up any CVE at the National Vulnerability Database (NVD).

OpenClaw has 255+ security advisories. We check your version against the 24 most severe, including:

CVE-2026-25253

ClawJacked: 1-click RCE via token theft

CVSS 8.8 · HIGH

CVE-2026-28446

Pre-auth voice RCE

CVSS 9.2 · CRITICAL

CVE-2026-28363

safeBins bypass via GNU options

CVSS 9.9 · CRITICAL

Sources: NIST NVD · OpenClaw Security Advisories · OpenClawCVEs Tracker · Censys Research

Common questions

Your expertise deserves its own machine.

Private VMs. No shared infrastructure. Your agents, your data, your rules.

Create Your Vessel →