OpenClaw Security Approach Using LLM Router and zrok Private Sharing
A developer has detailed their approach to running OpenClaw and an LLM router inside a VM+Kubernetes environment with a single command, focusing on addressing security concerns around "little lobster" agent systems.
Security Problem and Initial Approach
The project started from concerns about the safety of OpenClaw-like agent systems. The developer notes that sandboxing alone doesn't solve the fundamental security issue: as long as the agent has execution permissions, a simple skill injection could call something like printenv and expose all injected API keys. Removing execution permissions would eliminate about 90% of functionality, and without injecting an LLM API key, the agent can't call the model at all.
LLM Router Solution
The developer initially considered using a service mesh with a sidecar to handle authentication header injection, but OpenClaw's HTTPS enforcement made this impractical. They switched to using an LLM router instead, which allows API key injection at the router level. This approach provides the added benefit of enabling users to inspect conversation logs and build their own monitoring plugins, such as using Claude Code to keep an eye on the agent.
Remote Access via zrok
Another challenge was integrating with communication apps like Slack or Telegram, which requires injecting tokens for remote access. The solution uses zrok private sharing, allowing a remote host to access the agent's admin chat through private sharing without relying on any messaging apps. The developer acknowledges this limits some capabilities—it's a trade-off. Full support for communication apps under this model would require running the gateway and the agent in separate containers, which hasn't been implemented yet.
Project Details
The project has been given the Chinese name "Xiao Long Xia" (小笼虾), with the "笼" character coming from "xiaolongbao" (soup dumplings). The implementation runs OpenClaw and the LLM router inside a VM+Kubernetes environment with a single command.
📖 Read the full source: r/openclaw
👀 See Also
Agent Passport: Identity Verification for AI Agents
Agent Passport is an open-source identity verification layer using Ed25519 authentication and JWT tokens for AI agents, addressing the problem of agent impersonation.
Scam Alert: Fake GitHub Airdrop Targets CLAW Token Users
A phishing scam is circulating that claims to offer $CLAW token airdrops for GitHub contributions. The scam uses a Google share link that redirects to a suspicious .xyz site and asks users to connect their wallets, potentially leading to wallet draining.
OpenObscure: Open-Source On-Device Privacy Firewall for AI Agents
OpenObscure is an open-source, on-device privacy firewall that sits between AI agents and LLM providers. It uses FF1 Format-Preserving Encryption with AES-256 to encrypt PII values before requests leave your device, maintaining data structure while protecting privacy.
Sieve: Local Secret Scanner for AI Coding Tool Chat Histories
Sieve scans Cursor, Claude Code, Copilot, and other AI coding assistant chat histories for leaked API keys and tokens. All scanning is local, with redaction and macOS Keychain vault.