CRITICAL
The severity is rated CRITICAL due to the broad system access OpenClaw has by default, which can lead to severe security breaches if not properly managed. Real-world exploitability is high in both homelab and production environments given the lack of robust safeguards in its default configuration.

OpenClaw is an AI agent designed for running on personal hardware or VPS environments that provides broad system access, including shell, files, and network interactions. Its autonomous nature makes it both useful and unpredictable. The default setup stores API keys in plaintext JSON files, which poses a significant security risk due to the potential for accidental exposure through config file commits or prompt injections. Tailscale’s Aperture service offers a solution by removing the need to store sensitive credentials on the machine running OpenClaw, while also providing visibility into tool calls and setting cost quotas. This helps mitigate risks associated with key leaks and unauthorized access.

Affected Systems
  • OpenClaw with Tailscale integration
Affected Versions: All versions prior to the introduction of Aperture
Remediation
  • Install and configure Aperture by following the self-service installation guide provided by Tailscale for all plans.
  • Modify the openclaw.json configuration file to use Aperture as an API provider, replacing plaintext storage with secure key management.
  • Set up cost quotas in Aperture to monitor and control spending on AI services, ensuring that usage does not exceed budgetary constraints.
Stack Impact

The impact is particularly significant for homelab setups where OpenClaw is used alongside Tailscale. Without proper configuration, API keys stored in plaintext could be easily leaked through accidental commits or other vulnerabilities.

Source →