SafeClaw Setup Wizard — Secure OpenClaw in 10 Minutes

Step 1: Upload Your Config

Paste your OpenClaw config (YAML or JSON). We scan locally — nothing leaves your browser.

Step 2: Scan Results

Here's what we found. Fix the red items first.

--

Analyzing...

Step 3: Change Port & Strengthen Token

Default port 18769 is a known target. Let's change it.

1

Change Gateway Port

Pick any port between 10000-65535 that isn't 18769. Edit your config:

gateway: port: # was 18769

2

Generate Strong Gateway Token

Your gateway token is the master key. Make it long and random:

openssl rand -base64 32

Then set it in your config:

gateway: token: "YOUR_GENERATED_TOKEN"

Step 4: Lock Down Network Access

Your OpenClaw gateway should NEVER be exposed to the public internet.

!

CRITICAL Install Tailscale

Tailscale creates a private VPN so only your devices can reach the agent. Free for personal use.

# Install Tailscale (Linux) curl -fsSL https://tailscale.com/install.sh | sh sudo tailscale up # Then bind OpenClaw to Tailscale IP only: gateway: host: "100.x.x.x" # your Tailscale IP port:

⚡

Firewall Rules

If you can't use Tailscale, at minimum block the port from public access:

# UFW (Ubuntu/Debian) sudo ufw deny sudo ufw allow from YOUR_IP to any port # iptables sudo iptables -A INPUT -p tcp --dport -s YOUR_IP -j ACCEPT sudo iptables -A INPUT -p tcp --dport -j DROP

Step 5: Audit Skills & Finish

Community skills are the #1 attack vector. 15% contain malicious code.

!

CRITICAL Review Installed Skills

List all skills and check each one:

# List installed skills ls ~/.openclaw/skills/ # For EACH skill, check: # 1. Publisher has GitHub history (not a 1-week-old account) # 2. Read the full SKILL.md # 3. No curl|bash or wget|sh commands # 4. No outbound requests to unknown domains # 5. No env var reads (process.env, $VAR)

🔒

Docker Sandboxing

Run OpenClaw in Docker with restricted permissions:

# docker-compose.yml additions: services: openclaw: security_opt: - no-new-privileges:true read_only: true tmpfs: - /tmp networks: - openclaw-net # isolated network

✓

You're Done!

Restart OpenClaw with your new config. Your agent is now significantly harder to attack than 95% of OpenClaw instances out there.

🛡️

Hardened. Want managed hosting instead?

Get SafeClaw Managed Hosting →

🛡️ SafeClaw Setup Wizard