Back to blog

Security First: How ClawOps Protects Your AI Assistant

We tested 5 popular OpenClaw hosting services. Here's what we found, and why security matters more than you think.

By Gavin

The Audit

This week, security concerns surfaced about OpenClaw hosting services. Common issues mentioned:

  • Exposed gateways (0.0.0.0 binding)
  • No pairing/auth modes
  • Weak authentication practices

We took that seriously. We reviewed our own implementation against these exact concerns.

Here’s what we found:

Problem 1: Exposed Gateways

What we found: Most services expose the OpenClaw gateway directly to the internet (0.0.0.0 binding).

Why this matters: The gateway is essentially your bot’s brain. Exposed to the internet means:

  • Anyone can probe it for vulnerabilities
  • No authentication required to access
  • Potential for denial-of-service attacks
  • You lose the security benefits of localhost-only binding

ClawOps approach: Gateway binds to 127.0.0.1 (localhost only). Access requires SSH + key authentication. Full stop.

Problem 2: No Pairing Mode

What we found: Bots accept messages from anyone, with no way to restrict access.

Why this matters: Your bot has API keys and can execute commands. If anyone can message it, they can:

  • Exhaust your API quota (costing you money)
  • Trick it into revealing configuration
  • Spam your inbox
  • Trigger expensive operations

ClawOps approach: OpenClaw’s allowlist mode is available — restrict your bot to only respond to you. Your choice. Not ours.

Problem 3: Root Directory Exposure

What we found: Several services allow web access to the root filesystem. /root was discoverable.

Why this matters:

  • Your API keys can be extracted
  • Configuration files are visible
  • You lose data confidentiality
  • Regulatory/compliance nightmare

ClawOps approach:

  • No public web dashboard
  • SSH tunnel required for any dashboard access
  • SSH key authentication (no passwords)
  • Everything is encrypted in transit

Why This Matters

Your bot is running on a VPS with your data, your API keys, and your conversations.

You should be able to trust it.

Not because we say so. Because we’ve architected it right.

Our Security Principles

1. Secure By Default

We don’t make you opt-in to security. It’s baked in.

2. No Shortcuts

Yes, a public web dashboard would be convenient. No, we’re not building one. SSH tunnel access keeps you safe.

3. Transparent Tradeoffs

We tell you what we do and why. If you want something different (and you have good reasons), let’s talk.

4. Small Attack Surface

  • Telegram bot only (no web API)
  • SSH key auth only (no passwords)
  • Single-tenant VPS (your infrastructure, not shared)
  • Spending limits per customer (no surprise bills)

The Roadmap

Already done:

  • ✅ Gateway localhost-only
  • ✅ SSH key authentication
  • ✅ Per-customer spending limits
  • ✅ Pairing mode (optional)

Coming soon:

  • 🔄 Rate limiting (prevent DOS)
  • 🔄 Audit logging (compliance + debugging)
  • 🔄 Advanced IP filtering (optional)

Long-term:

  • 🔮 On-premise deployments
  • 🔮 SOC 2 certification
  • 🔮 Enterprise audit trails

The Bottom Line

The OpenClaw ecosystem is growing fast. That’s exciting. But growth comes with responsibility.

ClawOps exists because we believe: If you’re going to run AI assistants on your infrastructure, that infrastructure should be trustworthy.

Not just functional. Not just cheap. Trustworthy.

Try ClawOps →

Questions about security? Email us at security@clawops.io or reach out on X/Twitter

Ready to deploy your AI assistant?

Get started with ClawOps in under 5 minutes.

Get Started →