OpenClaw security tips

Setup cost: as little as $5Time to setup: ~10 minutes

I recently set up OpenClaw on a Hetzner CAX11 VPS managed through Coolify and spent some time locking it down. Here's what I learned.

Want the TL;DR? Copy the AI agent prompt below and paste it into OpenClaw, Claude Code, or any AI with shell access - it'll walk you through everything.

Step 1: Foundation

You shouldn't be running OpenClaw on your personal machine. It's a security risk. Instead, you should be running it on a dedicated machine.

Your personal machine has browser sessions, credentials, SSH keys - everything. OpenClaw executes tools, runs plugins, handles network traffic. A misconfiguration on your daily driver could expose all of that. Isolating onto a dedicated box reduces the blast radius.

Here's my traffic flow:

Your machine (node) --> Tailscale (encrypted tunnel) --> VPS (OpenClaw) --> AI provider API

Using this configuration OpenClaw is only reachable via your private tailnet. No public internet access.

Infrastructure Options

  • Hetzner VPS (my setup) - CAX11 (or CX23 if available) at $5/month
  • Other cloud VPS - AWS, DigitalOcean, Linode, Vultr all work
  • Local hardware - Pi or dedicated PC if you prefer on-prem

Step 2: Security Checklist

SSH Hardening

Disable password auth, restrict root login:

PasswordAuthentication no
PermitRootLogin no
MaxAuthTries 3

Ensure you have at least one SSH key in ~/.ssh/authorized_keys BEFORE disabling password auth, and confirm VPN connectivity works BEFORE tightening firewall rules. Lock yourself out remotely and you'll need console access.

Network Access Control

Don't expose your gateway to the public internet. Use Tailscale or WireGuard so it's only accessible within your private network.

# Allow tailnet traffic only
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow in on tailscale0
sudo ufw enable

OpenClaw Config

Key settings in ~/.openclaw/openclaw.json:

{
  "gateway": {
    "bind": "loopback",
    "controlUi": { "allowInsecureAuth": false },
    "trustedProxies": ["127.0.0.1", "::1"]
  },
  "discovery": { "mdns": { "mode": "minimal" } }
}
  • bind: loopback — only listen on 127.0.0.1, not 0.0.0.0
  • allowInsecureAuth: false — the default, keep it that way
  • trustedProxies — only loopback to prevent auth bypass
  • mdns.mode: minimal — "full" leaks operational hints on LAN

Lock down permissions:

chmod 600 ~/.openclaw/openclaw.json
chmod 700 ~/.openclaw/

Fail2ban

Basic SSH jail — 3 attempts, 1 hour ban:

[sshd]
enabled = true
maxretry = 3
findtime = 600
bantime = 3600

Auto Updates

Don't babysit a headless box:

sudo apt install -y unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades

Skills & Plugins

Treat third-party skills as executable code. Only install from trusted sources. There have been reports of malicious skills on public registries.

Run the Audit

OpenClaw has built-in security checks:

openclaw security audit --deep
openclaw security audit --fix  # auto-remediate

Aim for 0 critical / 0 warnings after every config change.

Costs

  • OpenClaw - Free
  • Tailscale - Free
  • Hetzner CAX11/CX23 - $5 month
  • OpenRouter - Pay as you go

Token usage

OpenClaw can chew through tokens quickly. If you're using a paid provider like OpenRouter, you'll want to set budget limits on your API keys & ensure you've reviewed the LLM pricing.

I found a nice balance between DeepSeek 3.2 and Kimi K2.5. Personally i've configured both & run DeepSeek on the main agent, then can spin off Kimi subagents for more specialized tasks as needed.

Note: If posting questions anywhere, avoid pasting raw output from openclaw status, tailscale status, or ss -tulnp — they contain hostnames, paths, and network identifiers.

Questions or tips? Hit me up on X.

Stay secure 🦞