Using FastAPI Guard to secure OpenClaw instances against attacks

OpenClaw security context
OpenClaw instances face significant security threats according to recent reports. A security audit revealed 512 vulnerabilities across the codebase with 8 critical issues, and over 40,000 exposed instances with 60% immediately takeable. The ClawJacked vulnerability (CVE-2026-25253) allows website hijacking through WebSocket by exploiting localhost trust assumptions. Additionally, 820+ malicious skills exist on ClawHub.
Real-world monitoring shows typical OpenClaw instances receive thousands of attacks daily, including Chinese IPs, Baidu crawlers, DigitalOcean scanners, bots attempting path traversal, .env file probing, and login brute forcing.
FastAPI Guard solution
FastAPI Guard is middleware that adds security layers before requests reach OpenClaw endpoints. Since OpenClaw runs on FastAPI (or could through an API gateway), the integration is straightforward:
from guard import SecurityMiddleware, SecurityConfig
config = SecurityConfig(
blocked_countries=["CN", "RU"],
blocked_user_agents=["Baiduspider", "SemrushBot", "AhrefsBot"],
block_cloud_providers={"AWS", "GCP", "Azure"},
rate_limit=100,
rate_limit_window=60,
auto_ban_threshold=10,
auto_ban_duration=3600,
enable_penetration_detection=True,
whitelist=["YOUR_IP_HERE"],
)
app.add_middleware(SecurityMiddleware, config=config)
Key security features
- blocked_countries: Geo-blocking that can eliminate thousands of attacks from specific countries
- blocked_user_agents: Blocks known crawlers and bots before they reach application code
- block_cloud_providers: Automatically fetches and caches cloud IP ranges to block scanner farms
- auto_ban_threshold: Bans IPs after 10 violations
- penetration detection: Catches path traversal probes for .env, /etc/passwd, and similar attacks without additional configuration
- emergency mode:
emergency_mode=True, emergency_whitelist=["YOUR_IP", "YOUR_TEAM_IP"]blocks everything except explicitly allowed IPs - trusted_proxies: Configuration for reverse proxy setups to extract real client IPs correctly
Per-route security with decorators
The decorator system allows different security configurations on specific routes:
from guard.decorators import SecurityDecorator
guard_decorator = SecurityDecorator(config)
@app.get("/api/admin")
@guard_decorator.require_ip(whitelist=["10.0.0.0/8"])
@guard_decorator.block_countries(["CN", "RU", "KP"])
async def admin():
return {"status": "ok"}
This enables monitoring usage patterns, blocking specific countries on sensitive endpoints, and requiring authentication on admin paths—capabilities static firewall rules cannot provide.
Additional capabilities
- Redis support: Built-in for multi-instance deployments with automatic synchronization of rate limits, IP bans, and cloud IP ranges
- Flask support: flaskapi-guard provides the same detection engine for Flask-based agent infrastructure
- Use cases: Beyond OpenClaw, the tool is used by startups needing public APIs for remote teams while blocking all other access, gaming platforms enforcing win conditions, and honeypot traps that log and ban malicious bots
📖 Read the full source: r/openclaw
👀 See Also

Claude Code Continues Logging Sessions After Revoke, User Reports 2-Week Support Silence
A Claude Code user reports that session logs continued appearing after revoking access, with Anthropic support unresponsive for two weeks. Logs included scopes like user:file_upload, user:ccr_inference, and user:sessions:claude_code.

Hidden Audio Signals Hijack Voice AI Systems with 79-96% Success Rate
Research shows imperceptible audio clips can force LALMs to execute unauthorized commands like web searches, file downloads, and email exfiltration with 79-96% success across 13 models including Mistral and Microsoft services.

Security Audit Finds Anthropic's MCP Reference Servers Vulnerable, Introduces Hallucination-Based Vulnerabilities
A security audit of 100 MCP server packages found 71% scored an F, including Anthropic's official GitHub and filesystem reference implementations. The audit identified Hallucination-Based Vulnerabilities that create security holes and waste tokens through reasoning loops.

Nullgaze: Open Source AI-Supported Security Scanner Released
Nullgaze is a new open source AI-supported security scanner that detects vulnerabilities specific to AI-generated code, boasting near-zero false positives.