GuidesSecurity

Why you should never put your OpenClaw Gateway on the public internet

OpenClaw's own docs say never expose the Gateway unauthenticated. What can go wrong, and the right ways to reach your agent remotely.

July 17, 2026The Everpod team
The short answer

The Gateway is the front door to an agent that can run commands and read files on its machine. OpenClaw’s docs say it outright: never expose the Gateway unauthenticated on the open internet. If you need to reach your agent remotely — and you do — the answer is an authenticated private path to it, not a public port.

Why this rule exists

It’s tempting, once OpenClaw runs on a server, to just open the Gateway’s port so you can reach the dashboard from your phone. Here’s what that door opens onto. The Gateway is not a website — it’s the control channel for an agent that can execute shell commands, read and write files, and drive a browser on its machine. OpenClaw’s security documentation spells out the threat model for an exposed Gateway: an attacker can trigger arbitrary commands, go through the filesystem — including your agent’s memory and any credentials it can reach — and manipulate the agent itself with crafted messages (prompt injection). One exposed port turns “my agent’s home” into “a stranger’s shell on my server, with my model key attached.”

And exposed ports get found. Anyone who has run a server with SSH open has watched the login attempts roll in within hours — automated scanners sweep the whole internet continuously. A Gateway on a public port isn’t hiding; it’s waiting.

The defaults are on your side — until you fight them

Out of the box you can’t make this mistake: the Gateway binds to loopback, so only programs on the same machine can talk to it. Trouble arrives via well-meaning changes — binding to 0.0.0.0 “just to test,” a Docker port mapping that publishes the Gateway to all interfaces, a too-generous firewall rule. Each looks harmless in the moment; each is the exact misconfiguration the docs warn about. If you take one habit from this guide: after any networking or config change, run openclaw security audit — checking network exposure is one of the specific things it’s for.

How to reach your agent remotely, safely

The legitimate need behind the mistake is real: an always-on agent you can only reach from one machine is barely an agent. The safe patterns all share one shape — the Gateway stays private, and something that authenticates you carries you to it.

That third pattern is what we build at Everpod: every pod’s gateway stays off the open internet with no inbound ports, and you reach your agent’s control panel through an authenticated, private path — sign in with your email, and you’re the only one it lets through. It’s the pattern the docs recommend, operated so you don’t have to get the details right yourself.

Don’t want to run it yourself?

Everpod hosts OpenClaw for you: a private, always-on cloud computer of your agent’s own — set up, secured, and backed up, with its software kept up to date. You bring your model key and say hello.

Request early access
$29/mo · your own model key · cancel anytime