Securing ClawdBot with Cloudflare Tunnel

Securing ClawdBot with Cloudflare Tunnel

ClawdBot is a powerful AI assistant that runs locally on your machine. While it's convenient for connecting to WhatsApp, Telegram, Discord and other messengers, using it with default settings poses security risks. This guide covers the dangers of exposed ClawdBot instances on Shodan and how to secure them using Cloudflare Tunnel.

What is ClawdBot?

ClawdBot is an open-source personal AI assistant based on Claude AI. It runs locally on your machine and connects to various messenger platforms through a Gateway server.

Key Features

• Runs locally (Mac, Windows, Linux, Raspberry Pi)
• Supports WhatsApp, Telegram, Discord, Slack, and more
• WebSocket-based Gateway (default port: 18789)
• Complete data privacy

The Problem: Exposed ClawdBot Instances on Shodan

Searching for port 18789 on Shodan reveals publicly exposed ClawdBot Gateway instances across the internet.

Why is this dangerous?

1. Unauthorized Access: Anyone can connect to the Gateway without authentication
2. Conversation Leakage: All AI conversations could be exposed
3. API Key Theft: Connected Claude API keys could be stolen
4. Bot Hijacking: Attackers could take control of your messenger bots

Many users enable external access with --bind 0.0.0.0 for convenience, without setting up firewalls or authentication.

The Solution: Cloudflare Tunnel

Cloudflare Tunnel allows secure access to your server without directly exposing ports to the internet.

Benefits

• No Port Exposure: No need to open port 18789 to the internet
• DDoS Protection: Cloudflare's protection applied automatically
• Access Policies: Control access by email, IP, and more
• Free: Basic features are completely free