72
Grade: C

Security Assessment Complete

Last scan: 2 hours ago ā€¢ Next scan: in 5 days

Critical
1
Fix immediately
High
2
Within 7 days
Medium
3
Within 30 days
Total Tests
8
All categories

Vulnerabilities Found

āš ļø Gateway Exposed Without Authentication

Gateway Exposure

Critical

Your OpenClaw gateway is publicly accessible on the internet without any authentication. This allows anyone to send requests to your AI agent, potentially causing unauthorized access, data exfiltration, or resource exhaustion.

Impact: Attackers can fully control your OpenClaw instance, access sensitive data, execute arbitrary skills, and rack up API costs.
šŸ”§ Auto-Generated Fix Available 
{
  "gateway": {
    "bind": "127.0.0.1",
    "authentication": {
      "enabled": true,
      "method": "token",
      "token": "GENERATE_SECURE_TOKEN"
    },
    "rate_limiting": {
      "enabled": true,
      "requests_per_minute": 60
    }
  }
}

āš ļø Unverified Skills With Dangerous Permissions

Skill Tampering

High

Found 2 unverified skills with dangerous permissions (file-manager, custom-skill). These skills have not been vetted and request file system and network access.

Impact: Malicious skills could steal data, execute unauthorized commands, or compromise the entire deployment.
šŸ”§ Auto-Generated Fix Available 
# Enable skill vetting
{
  "skills": {
    "require_verification": true,
    "scan_before_install": true,
    "blocked_permissions": [
      "file_system_write",
      "shell_execution"
    ]
  }
}

āš ļø Memory Not Sandboxed

Memory Exploit

Medium

Memory is not sandboxed between sessions. Cross-session data leaks are possible if an attacker can manipulate memory pointers.

Impact: Could lead to information disclosure between different users or sessions.
šŸ”§ Auto-Generated Fix Available 
{
  "memory": {
    "sandboxing": {
      "enabled": true,
      "per_session": true,
      "cross_session_isolation": true
    }
  }
}

Scan History

Security Scan Completed
Found 6 vulnerabilities: 1 critical, 2 high, 3 medium
2 hours ago
Critical Fix Applied
Gateway authentication enabled
1 day ago
Weekly Scan Completed
Found 3 vulnerabilities: 1 high, 2 medium
7 days ago