Breaking: New reports highlight exposed OpenClaw (Moltbot) control panels and fake extensions. See the timeline →

Security alert · self-hosted agents · reduce exposure fast

Make OpenClaw (Moltbot) safer in 15 minutes.

OpenClaw (formerly Moltbot) is powerful — which also means misconfiguration can expose tokens, chat history, or admin panels. This site is a blunt, practical hardening guide: fix the highest-risk mistakes first.

Run 5‑minute AutoCheck → Am I exposed right now? → Manual baseline → Is Moltbot safe? →

If your dashboard/control UI is exposed to the public internet, treat it as an incident.

Most common failure mode

Exposed control panels

The fastest path to a breach is an unauthenticated or weakly-protected panel on a VPS. Start with networking hardening and verification.

Fix networking → Run exposure check →

Start here (bookmark these)

Each page is a checklist: what to do, why it matters, how to verify.

5‑minute AutoCheck

One message → Moltbot runs checks and returns Risk/Findings/Fixes.

Open →

15‑minute manual baseline

For technical users who want to verify everything by hand.

Open →

Stop exposed panels

Bind, tokens, reverse proxy mistakes, and safe remote access patterns.

Open →

In the news

Curated security reports and incidents (with fixes).

Exposed control panels

Misconfigurations leading to public dashboards and leaked secrets.

Read →

Fake VS Code extension

Malicious extension claiming to be Moltbot/Clawdbot.

Read →

Threat model shift

Why agents require guardrails.

Read →

Security topics

Access control

Who can message the bot, group rules, and approvals.

Hardening →

Secrets

Token hygiene, least privilege, and avoiding accidental leaks.

Hardening →

Fake extensions / malware

How scams show up during viral moments, and what to avoid.

Threats →

Quick check: are you exposed?

If you used a VPS + reverse proxy, do this check once before sleeping.

Run the check → Hardening guide →