Skip to content
openclaw-os
DE EN
Security

Security hardening after CVE-2026-25253.

Early 2026 over 135,000 OpenClaw instances were found unprotected on the internet — CVSS 9.9. We harden your setup before someone learns from that.

Book free check See packages
The problem

Why this matters right now.

Default setups expose the local dashboard, accept any channel message without mention check and route data to LLMs without classification. CVE-2026-25253 exploited exactly these gaps.

Our approach

Here's how we do it.

We patch every known vulnerability, set requireMention globally, define channel allowlists, sandbox the daemon, document data classification and ship an audit trail for the next compliance audit.

What's included

The full package.

CV

CVE patch

Latest OpenClaw version installed, all known CVE patches verified, update strategy for future ones.

RM

requireMention

Global on: OpenClaw answers only when explicitly addressed. No 'reply to anything' mode.

AL

Allowlists

Channel, user, group allowlist — only explicit contexts trigger the agent.

SB

Daemon sandbox

macOS: AppArmor-style profiles via systemd on Linux. Daemon only has the permissions it needs.

DC

Data classification

Per skill: which data class (public, internal, confidential) is allowed in? Sensitive data doesn't go to cloud LLMs.

AT

Audit trail

Every LLM call logged: user, channel, skill, data class, provider, tokens — audit-grade.

How it works

From first call to a productive OpenClaw workflow.

  1. 01

    Analyse

    30-min check + process map. We pinpoint the 3 workflows where OpenClaw saves time fastest, and which channels are mandatory.

  2. 02

    Setup

    Daemon, channels, skills, MCP, allowlists, requireMention, Tailscale and the live dashboard configured cleanly and live.

  3. 03

    Training

    Your team works on real tasks: WhatsApp inbox triage, weekly Slack-DM reports, voice-memo-to-CRM, skill maintenance.

  4. 04

    Operations

    calver updates, skill extensions, channel care, security reviews, backups and an emergency off-switch — so OpenClaw doesn't fade out.

Packages

Three entry points. One outcome: OpenClaw that works.

All packages & add-ons →

Starter

For small teams and 2–3 workflows on one channel

€1,850 one-time

+ from €180 / month maintenance & care

  • OpenClaw daemon installed, hardened, monitorable (launchd/systemd)
  • 1 messaging channel (WhatsApp, Telegram, Slack or iMessage) cleanly paired
  • 2–3 productive skills (inbox triage, research or reporting)
  • 2 MCP tool integrations (e.g. Drive, Notion, Slack, CRM, calendar)
  • Allowlists, requireMention, GDPR defaults and backup plan
  • 2-hour intensive training + 30 days of care
Book a check

Business

★ Most picked

For SMBs with several roles, channels and tool integrations

€5,900 one-time

+ from €490 / month maintenance & care

  • OpenClaw rollout for up to 25 users with Tailscale mesh
  • 4–6 channels in parallel (WhatsApp, Slack, Telegram, Teams, voice …)
  • 6 team- or role-specific skills (sales, marketing, operations …)
  • 5 MCP integrations + voice (STT/TTS) configured
  • Half-day workshop on-site or remote
  • Security hardening incl. CVE protection and GDPR docs
Book a check

Enterprise

For sensitive data, compliance and fleet rollout

from €14,900 one-time

+ from €1,290 / month maintenance & care

  • Enterprise setup with central config, fleet auth and audit trail
  • Custom MCP server or internal tool adapters incl. code review
  • 10+ skills, departmental playbooks, train-the-trainer programme
  • Voice, canvas, Tailscale, backup and SIEM integration
  • Governance documentation for ISMS, GDPR and ISO 27001
  • Monthly security and optimisation reviews
Book a check
Related services

These pair well with this.

OpenClaw Workshop

One day with your team: install daemon, pair channels, curate skills, scope MCP, harden defaults — together.

Learn more

AI Operating System

OpenClaw as the central work layer for inbox, offers, reports, research, calendar and CRM.

Learn more

Daemon Setup

launchd, systemd, Node 24, openclaw onboard, clean restart paths — observable, restartable, monitored.

Learn more
Frequent questions

Still open questions?

Write us at hello@openclaw-os.com or book a call directly. We'll take the time.

What was CVE-2026-25253 exactly?
A critical vulnerability in OpenClaw before v2026.4.x: the local dashboard was bound on 0.0.0.0:18789 instead of 127.0.0.1:18789, without auth. Attackers could remotely trigger skills, exfiltrate data and manipulate daemon processes.
Is updating to the latest version enough?
No. Updating closes the specific gap, but allowlists, requireMention and audit trail are configured separately — and protect against zero-days.
Do you also do pen-tests?
On request, as add-on: 'post-incident security audit'. Forensics, hardening, patch strategy and new allowlists in one bundle.
What does a complete OpenClaw setup cost?
Starter starts at €1,850, Business at €5,900 and Enterprise from €14,900. Ongoing maintenance starts at €180/month. LLM costs (OpenAI, Anthropic, local models) run separately.
Is OpenClaw only useful for engineers?
No. That's the whole point of openclaw-os.com: OpenClaw becomes a work assistant for inbox, offers, reports, meetings, research, knowledge and routines — over the channels your team already uses (WhatsApp, Slack, Telegram, iMessage, voice).
Which channels make sense?
We usually start with the channel your team already lives in: WhatsApp and Telegram for external comms, Slack/Teams internally, iMessage on macOS, Discord for communities. The multi-channel strategy follows reality, not technology.
Next step

Book a call.
30 minutes that pay off.

Pick a slot — we confirm automatically and send you the Google Meet link.

Intro call · 30 min · free

Pick a slot that works.

No commitment. We review your OpenClaw use cases, surface three productive levers, and send a short recap afterwards.

Booking loads only after your click

Clicking the button loads the Cal.com calendar. Data may be transmitted to Cal.com at that point.

Open on Cal.com

The site works fine without Cal.com. Booking is a separate, voluntary feature.

Powered by Cal.com · The calendar loads only after your action. Trouble? Write to hello@openclaw-os.com.

This site only uses technically necessary features. Analytics loads only after consent. Cal.com booking loads only when you actively open it.