Is Your OpenClaw Instance Secure?
Free security scan for any OpenClaw deployment. We check for exposed ports, missing TLS, known CVEs, and unauthenticated gateway access.
Non-destructive scan. No exploitation. 5 free scans per hour.
What We Check
Six non-destructive probes that take under 10 seconds. We never send payloads or attempt exploitation.
Port Exposure
Is port 18789 reachable from the public internet?
TLS Encryption
Is the gateway connection encrypted with TLS?
CVE Detection
Is the version affected by known vulnerabilities?
Auth Configuration
Can the gateway be accessed without credentials?
Version Fingerprint
What OpenClaw version is running?
Auth Mode Check
Is gateway.auth.mode explicitly configured?
How It Works
Enter Your Host
Type the hostname or IP address where your OpenClaw instance runs.
We Probe Safely
Six non-destructive checks: port, TLS, version, CVEs, auth, and config.
Get Your Score
Instant A-F grade with specific findings and remediation steps.
Why Scan Your OpenClaw Instance?
OpenClaw runs a WebSocket gateway on port 18789 that provides full control over agent sessions, tool execution, and system access. When exposed to the internet without authentication, anyone can connect and run arbitrary commands on your machine.
A SecurityScorecard STRIKE team report (January 2026) found 135,000+ exposed OpenClaw instances across 82 countries, with 63% vulnerable to unauthenticated access.
This scanner helps you verify your deployment is properly secured. For continuous protection, Curate-Me acts as a governance proxy that adds authentication, rate limiting, cost controls, and personal data scanning to any OpenClaw instance with a single base URL change.
Secure Your OpenClaw Deployment
Curate-Me wraps your OpenClaw instance in a governance proxy. Authentication, rate limiting, cost caps, personal data scanning, and a full audit trail -- zero code changes.
Get Started FreeFree tier: 1,000 requests/day, 1 runner, full governance chain