Summary
~900+ Clawdbot instances are currently exposed on the internet (visible on Shodan port 18789) without any authentication. This allows anyone to:
- Access API keys and credentials
- Execute shell commands
- Control the browser
- Read emails/calendar
- Send messages on behalf of the user
Current State
The gateway binds to 127.0.0.1 by default (safe), but users who:
- Change bind to
0.0.0.0
- Use Docker with
-p 18789:18789
- Run behind a misconfigured reverse proxy
...are fully exposed without any protection.
Proposed Solution
-
Mandatory auth token on all gateway API endpoints (except health check)
- Generate a random token on first run
- Store in config
- Require
Authorization: Bearer <token> header
-
Warning on startup if binding to 0.0.0.0 without auth token configured
-
Documentation update with security best practices:
- Cloudflare Tunnel setup
- Reverse proxy with auth
- Firewall rules
Workarounds (for affected users now)
# Block port immediately
sudo ufw deny 18789
# Or use Cloudflare Tunnel
cloudflared tunnel --url http://localhost:18789
References
Happy to contribute a PR if this approach is approved.
Summary
~900+ Clawdbot instances are currently exposed on the internet (visible on Shodan port 18789) without any authentication. This allows anyone to:
Current State
The gateway binds to
127.0.0.1by default (safe), but users who:0.0.0.0-p 18789:18789...are fully exposed without any protection.
Proposed Solution
Mandatory auth token on all gateway API endpoints (except health check)
Authorization: Bearer <token>headerWarning on startup if binding to
0.0.0.0without auth token configuredDocumentation update with security best practices:
Workarounds (for affected users now)
References
Happy to contribute a PR if this approach is approved.