← Back to Journal

Is OpenClaw Actually Secure? The Real Answer to the "21K Exposed Instances" Claim

A screenshot has been making the rounds on X. The claim: 21,000 OpenClaw instances are exposed to the public internet, and it is a “SECURITY NIGHTMARE.”

Cue the pile-on.

Before you panic, unplug your Raspberry Pi, or write off self-hosted AI agents entirely — let us actually look at what is being said, what is real, and what is being inflated for engagement.

What the “21K Exposed Instances” Claim Actually Means

The figure almost certainly comes from a Shodan or Censys scan — search engines that index internet-connected devices. Someone searched for OpenClaw’s default gateway port (or a recognizable fingerprint), found around 21K results, and called it a nightmare.

Here is the thing: exposed does not mean compromised. It means a port is reachable from the public internet. That is it.

Consider:

  • A large portion of those instances are likely intentionally public — people running OpenClaw as a cloud service, on a VPS, or behind a reverse proxy with auth
  • Some are dev environments, test boxes, or honeypots
  • Many may be older versions or services that share a fingerprint but are not actually OpenClaw at all

Shodan scans do not ask if you meant to be public. They just report what they find.

What Risks Are Actually Real

This is not a dismissal of all concerns. Self-hosting comes with real responsibilities:

1. Default configs on home networks

If you ran openclaw gateway start on your home Pi and your router’s UPnP is enabled, your gateway could be exposed without you knowing. This is worth checking.

2. No auth on the gateway

OpenClaw’s gateway does not ship with authentication enabled by default. If your port is reachable, anyone can talk to your agent. That is a real gap — one the project has acknowledged.

3. Agents with tool access

An OpenClaw agent with access to your email, files, or home automation is a high-value target. If someone can reach your gateway, they can potentially instruct your agent to do things.

4. Outdated installs

People set up OpenClaw, love it, and forget to update it. Security patches in agent runtimes matter. Do not skip them.

What Is Being Overblown

“AI agents are inherently insecure” — No. AI agents running on your hardware with your data are more private than pushing everything through a cloud API. The threat model is completely different from handing your data to a third-party service.

“You should use a managed service instead” — Managed services have their own exposure. The difference is you are trusting their security team instead of managing your own. Neither is objectively safer; they are different tradeoffs.

“21K instances proves OpenClaw is irresponsible” — Kubernetes, Redis, and Elasticsearch have all had massive exposed-instances scans. The issue is always user misconfiguration, not fundamentally flawed software.

How to Actually Lock Down Your OpenClaw Setup

Here is the practical checklist. Do this if you are running OpenClaw on anything other than localhost:

1. Check Your Exposure First

Run a quick check on your external IP using Shodan or a similar service. If OpenClaw’s port shows up, you are public. That might be intentional — but you should know either way.

2. Firewall Your Gateway Port

On Linux with ufw, deny public access to your gateway port and allow only your local network. The goal: only devices on your home network (or explicitly trusted IPs) can reach OpenClaw.

3. Use a Reverse Proxy with Auth

If you need remote access, do not expose the gateway directly. Put Nginx or Caddy in front with basic auth or OAuth. Or use Cloudflare Access for zero-trust auth with no open ports at all.

4. Use a VPN for Remote Access

Tailscale is free, takes five minutes to set up, and keeps your OpenClaw instance completely off the public internet while still being reachable from your phone or laptop anywhere. Access via the Tailscale IP instead of your public IP. No exposed ports.

5. Vet Your Skills

Skills have access to your tools, files, and credentials. Only install skills from sources you trust. Review what a skill does before adding it. The TOOLS.md and skill configs are readable — actually read them.

6. Keep OpenClaw Updated

Run openclaw update when a new version drops. That is it.

The Bigger Picture

The “exposed instances” FUD is a pattern we have seen with every self-hosted tool that gets popular. It happened with Home Assistant, Nextcloud, Pi-hole, and a dozen others. The pattern:

  1. Tool gains mainstream adoption
  2. Security researcher (or engagement-baiter) runs a Shodan scan
  3. Big scary number leads to viral post and panic
  4. Community either addresses it responsibly or overreacts

The right response is not to abandon self-hosting. It is to understand the threat model, take basic precautions, and stop conflating “internet-reachable” with “hacked.”

OpenClaw gives you real power over your own AI infrastructure. That power comes with responsibility. The checklist above covers that responsibility — it takes about 30 minutes and you are genuinely locked down.

The people saying “just use a managed AI service” are not giving you safety. They are trading one set of risks for another — and taking your data in the process.

Self-host smart. Firewall your ports. Use Tailscale. And do not let a Shodan screenshot make your security decisions for you.

Want to go deeper on securing your setup? Check out OpenClaw on Raspberry Pi: Security Risks You Should Know for the full hardware-focused breakdown.

Suggested

Want the full MarketMai stack?

Get all 7 digital products in one premium bundle for $49.

View Bundle