- Exposed Clawdbot servers risk full access to private chats, API keys, and bot tokens. Lock down your setup immediately.
- Attackers can impersonate users across Telegram, Discord, Slack, Signal, and WhatsApp if Control interfaces are misconfigured.
- Even “secure” setups fail if localhost auto-approvals aren’t properly configured. IP whitelisting and trusted proxies are essential.
A critical security gap has put hundreds of Clawdbot users at risk, as exposed gateways and admin panels leave sensitive data vulnerable. Security firm SlowMist reported that multiple Clawdbot instances are publicly accessible, with flaws that could enable credential theft and even remote code execution.
The exposure affects API keys, bot tokens, OAuth secrets, and months of private chat logs. Developers, AI engineers, and organizations running Clawdbot must urgently review their deployments to prevent unauthorized access.
The problem arises from Clawdbot’s architecture. Its gateway handles AI agent logic, including message routing, tool execution, and credential management, while the web-based Control interface manages integrations, conversation histories, and API keys.
When left misconfigured or exposed, attackers can access the entire system. “Imagine you come home and find the front door wide open, your butler cheerfully serving tea to whoever wandered in off the street,” explained Jamieson O’Reilly, highlighting the severity of the exposure.
Exposed Gateways and Control Interfaces
Attackers with Control interface access can read full configurations and conversation histories. They can impersonate operators across Telegram, Discord, Slack, Signal, and WhatsApp. They can modify messages, exfiltrate data, and execute commands remotely.
Several publicly exposed instances allowed root access with no authentication. O’Reilly noted, “Full credential theft, complete conversation history, active impersonation capabilities… you can maintain access indefinitely without the operator ever knowing.”
Many deployments included default authentication, but a key flaw auto-approves localhost connections, which reverse proxies often misinterpret as local. Consequently, even secure configurations can inadvertently expose sensitive data to the internet. SlowMist and researchers stress the importance of IP whitelisting, configuring gateway.auth.password, and setting trusted proxies to prevent unauthorized access.
