Require a token and keep the gateway private

configuration & security

// what it does

The gateway can run shell commands, so it treats every non-loopback client as hostile: bind stays loopback by default and auth is mandatory. openclaw doctor --generate-gateway-token mints a token; set gateway.auth.mode to token (or password/trusted-proxy) and restart. Only widen gateway.bind to lan or tailnet with auth and a firewall.

// shell

$ openclaw doctor --generate-gateway-token
$ openclaw config set gateway.auth.mode token
$ openclaw gateway restart

// gotcha

Never bind the gateway unauthenticated on 0.0.0.0 — that is remote code execution for anyone who can reach the port. If you are compromised, contain by setting bind loopback, rotating gateway.auth.token, and restarting.

// resources