Exposure Sentinel

A sentinel that watches over the OpenClaw Exposure Watchboard, checking if your IPs are publicly listed as exposed instances.

When to Use

• Security auditing: Check if your infrastructure IPs are accidentally exposed
• Proactive monitoring: Verify exposure status of critical endpoints
• Incident response: Confirm if a suspected exposure is publicly known

Quick Start

Check a Single IP

python3 skills/exposure-sentinel/scripts/check_ip.py 1.2.3.4

Check Multiple IPs

python3 skills/exposure-sentinel/scripts/check_ip.py 1.2.3.4 5.6.7.8

With Progress Output

python3 skills/exposure-sentinel/scripts/check_ip.py 1.2.3.4 -v

JSON Output (for automation)

python3 skills/exposure-sentinel/scripts/check_ip.py 1.2.3.4 --json

How It Works

1. Concurrent scanning: Uses 50 concurrent connections to scan all 3,357 pages
2. Pattern matching: Handles both full IPs and partially masked IPs (e.g., 1.2.3.•••)
3. Complete coverage: Checks every page of the exposure database
4. Typical runtime: ~85-95 seconds for full scan

Interpreting Results

• ✅ Not found: IP is not listed in the exposure database (safe)
• ⚠️ EXPOSED: IP appears on the watchboard with page links for details

Technical Details

• Source: https://openclaw.allegro.earth
• Total pages: 3,357 (100 records per page)
• Total records: ~335,000 exposed instances
• Scan rate: ~40 pages/second

About OpenClaw Exposure Watchboard

This is a public security research database listing publicly reachable OpenClaw instances for defensive awareness. If your IP appears here, it means:

1. The instance is directly exposed to the internet
2. Authentication may be disabled or weak
3. Immediate action recommended: enable auth, restrict access, patch