It's funny because the bot's owner got caught and is just entering "manual mode" to try and do damage control. You'll probably never see another post from "eric" again.
Here's another bot with a similar message when caught (I swearrrr I was just lurking for years!):
In this thread, it managed to trick dang and he started interacting with it even though I pointed out it was posting comments exactly 45 seconds apart:
I think this is showing that they're not just running these things on their own but watching over them and checking when people call them out so they can intervene.
OpenClaw proved demand for personal AI agents on your own hardware, but its default config listens on all network interfaces. Thousands of instances were found exposed. I spent a weekend building an alternative using Blink (OSS agent orchestration), Tailscale (WireGuard-based private networking), and a Mac Mini M4. Two isolated agents, no public exposure, built-in UI, ~10W idle power draw.
>but its default config listens on all network interfaces
The default config listens on only localhost which is why it tells you to forward the port using ssh to your own machine to access it from a different machine.
Don't most ISP routers block ports unless you port forward them though?
I wouldn't say that the vulnerability in that case was in OpenClaw, but with the router, nowadays it's expected that ports are blocked unless explicitly allowed in the router.
All home routers block all ports by default. How would they know which IP and port to forward traffic to if not for manual configuration? Also, "listening on all interfaces" doesn't matter on a home network, multi-homed devices don't make any sense in a home network unless you're purposely experimenting or playing with things like that yourself. Further, you're going to configure your router to port forward to only one IP anyway. Also, i think tailscale isn't doing much in these setups as well. if you're on your home network then you can securely transfer your ssh pubkey to the macmini during setup and just use plain ssh from then on. If you're extra parannoid don't forward 22 from the router and then your macmini is only accessible from your home network.
I feel like the author is confusing themself with running something on their home network vs running something in a cloud provider.
>All home routers block all ports by default. How would they know which IP and port to forward traffic to if not for manual configuration?
I might have to recommend brushing up on your IP/TCP
This is what routers do by default. IP is very different from IP. IP is what they use to know how to route, too long to fit in a post, but MAC to IPs form a local ARP table. Can be many nodes long. Ports are what identify a process in a machine, IP level routers don't care at all about the port (unless you are natting) in order to route, the port bytes are forwarded as is and only parsed by the destination (and constructed by the source)
