Disaster is coming. Thousands of ClawdBots are live right now on VPSs… with open ports to the internet… and zero authentication. This is going to get ugly. If your agent can: - browse the web - call tools - access files/secrets - hit internal endpoints …then an unauthenticated public endpoint is basically “please take over my bot”. This isn’t theoretical. The internet is a nonstop scanner. Fix it today: 1) close the port / firewall to VPN or IP allowlist 2) add auth (JWT/OAuth, at least a strong secret) + TLS 3) rotate keys (assume compromise) 4) rate limit + logs + alerts Agents are powerful. Demo-grade deployments on the open internet are not.

What you can do to be much more protected? #### 1. Deployment and Hosting Basics - Run in Sandboxed Mode - Use a Dedicated Device or VM - Self-Host Privately #### 2. Network and Access Control - Avoid Public Exposure - Firewall and Brute-Force Protection - Disable mDNS if Unneeded - Configure Trusted Proxies #### 3. Credentials and Secrets Management - Use Secrets Managers - Never Share Sensitive Files - Least Privilege Principle #### 4. Data and Privacy Handling - Treat Conversations as Sensitive - Use .clawdignore Carefully - Prompt Injection Guardrails #### 5. Monitoring and Incident Response - Regular Monitoring - Incident Plan - Auto-Updates and Self-Improvement

“ClawdNet”

I asked Clawdbot to get me free stuff, and so far it’s gotten me a double-digit number of Netflix and Spotify accounts, and a bunch of bank accounts belonging to other Clawdbot users. 😂

Top 10 vulnerabilities and suggested fixes-

😎😎😎

worth noting: Clawdbot supports `mode: local` (no exposed ports) and `auth.mode: token` out of the box - use it!

Many people are reporting to me that after they asked Clawd about those security holes, it detected and fixed some of them - a bit ironic, but worth checking.