What happened
OpenClaw was designed as a local-first personal assistant. When users deployed it to cloud VPS providers for always-on availability, the gateway port (18789) became internet-accessible — often without a firewall or authentication configured. Security researchers later found that ClawHub, the skill marketplace, contained 1,184 malicious skills, and a WebSocket vulnerability (CVE-2026-25253, “ClawJacked”, CVSS 8.8) allowed malicious websites to hijack local instances without user interaction. For a detailed timeline and analysis, see the Coral blog: The OpenClaw Security Crisis of 2026.Choose your path
Harden Your Instance
Keep your self-hosted OpenClaw instance and secure it with step-by-step hardening instructions.
Terminate Your Instance
Shut down your exposed instance entirely. Step-by-step instructions for every major cloud provider.
Alternatively: use a managed setup
If you’d rather not manage the hardening checklist yourself, Coral runs each user’s OpenClaw instance in a dedicated VM with no public IP, an authenticated proxy layer, and server-side credential storage. See How Coral Approaches OpenClaw Security for a full walkthrough of the architecture.How Coral compares to raw self-hosting
How Coral compares to raw self-hosting
| Risk | Raw Self-Hosted VPS | Coral |
|---|---|---|
| Public IP exposure | Gateway port scannable by default | No public IP; internal routing only |
| Authentication | Manual setup required | Enforced at proxy layer before reaching OpenClaw |
| WebSocket attack surface | Directly reachable from any browser | Behind authenticated proxy; no direct browser access |
| Credential storage | Plaintext local files | Server-side encrypted database; browser receives session tokens only |
| Sandbox isolation | Shared host OS | Dedicated VM per user |
| Security updates | Manual | Automatic |