Summary

923 Clawdbot gateways are currently exposed on Shodan with no authentication, giving attackers full shell access and API key exposure. The clawdbot doctor command should warn users when their gateway is dangerously configured.

The Problem

While Clawdbot's onboarding flow has safeguards (defaulting to loopback and forcing auth when exposed), these checks:

1. Only run during clawdbot onboard - not on config edits or startup
2. Can be bypassed via CLI flags (--bind all) or manual config editing
3. Don't warn existing users who may have misconfigured setups

Evidence

Shodan query: "clawdbot" port:18789

• 923 exposed instances (as of Jan 2026)
• Many with auth.mode: "off"
• Full gateway access = shell execution, API key extraction, message impersonation

Proposed Fix

Add network exposure checks to doctor-security.ts:

const gatewayBind = cfg.gateway?.bind ?? "loopback";
const authMode = cfg.gateway?.auth?.mode ?? "off";

const exposedBindings = ["all", "lan", "0.0.0.0"];
const isExposed = exposedBindings.includes(gatewayBind);

if (isExposed && authMode === "off") {
  warnings.push(
    `- CRITICAL: Gateway bound to "${gatewayBind}" with NO authentication.`,
    `  Anyone can fully control your agent.`,
    `  Fix: clawdbot config set gateway.bind loopback`
  );
}

Additional Recommendations

1. Startup block: Refuse to start if bind != loopback && auth == off
2. Auto-remediation: clawdbot doctor --fix should auto-switch to safe config
3. Banner warning: Show warning on every gateway start if exposed

Impact

• Severity: Critical (RCE equivalent)
• Affected: Users who manually set bind: "all" or older configs
• Fix complexity: Low (few lines of code)

Related

• Shodan results: https://www.shodan.io/search?query=%22clawdbot%22+port%3A18789
• Tweet: https://x.com/AlexDotEth/status/2015587937660841992