ML 137: OpenClaw: Web Browsing and Remote Access (30 pts extra)
What You Need
- A virtual machine with OpenClaw running on it, which you prepared in project ML 135
Purpose
To install skills that make OpenClaw more useful.
Getting a Gemini API Key
In a web browser, go to
https://aistudio.google.com/
Log in with a Google account.
In the lower left, click "Get API key" button.
At the top right, click "Create API key".
Click the "Create key" button.
On the right side, click the little paper icon
to copy your API key,
as shown below.
Storing the Key in your Config File
This is an insecure practice, by the way.
Using anenvironment variable is more secure,
but less convenient.
Execute this command:
nano ~/.openclaw/openclaw.json
Make your "tools" section like this,
"tools": {
"profile": "full",
"allow": [
"*"
],
"web": {
"search": {
"gemini": {
"apiKey": "AIzaSyCDdZRwG3f4AefLWqdeHkB3T4py_NSt7Es"
}
},
"fetch": {
"enabled": true
}
},
as shown below.
Save the file with Ctrl+X, Y, Enter.
Execute this command to restart the gateway:
openclaw gateway restart
Flag ML 137.1: Search (10 pts)
In the OpenClaw dashboard, on the Chat tab,
enter this prompt:
Search the Web for openclaw security vulnerabilities,
and present a brief summary of the most important three.
The flag is covered by a green rectangle in the image below.
|
Creating Cloudflare Tunnels
To remotely access your OpenClaw server, publish the service
to a public URL. I did this using a real domain name.
If you don't have a real domain name, set up a Cloudflare
Quick Tunnel instead as explained in project H 112,
publishing port 18789.
Installing Cloudflared
On your host system, in a Web browser,
go to
Cloudflare Zero Trust Downloads.
In the Linux section, find the .deb
link appropriate for your processor type,
as shown below.
If you are using a Mac M1 or later, use the ARM64 version.
Otherwise, use the "amd64/x86-64" version.
Right-click the Download link and copy the URL.
On your Linux server, execute these commands,
pasting in the URL you copied as the argument
for the "wget" command:
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
sudo dpkg -i cloudflare*
Creating a Tunnel
Log in to Cloudflare One.
On the left side, click Networks, Connectors.
Click the blue "Create a tunnel" button.
Click the white "Select clourflared" button.
Enter a name for your tunnel, such as OpenClaw.
Click the blue "Save tunnel" button.
In the "Select your device's operating system" field,
select Debian, as shown below.
Choose an architecture: if you are on a Mac M series, choose arm64-bit.
Otherise, choose 64-bit.
A box on the bottom shows the command to start cloudflared on
your Linux server, outlined in red in the image below.
Click the little paper icon in the top right of that box to
copy the command.
Execute the command on your Ubuntu Linux virtual machine,
as shown below.
In the Cloudflare "Configure" page,
at the bottom right,
click the blue Next button.
On the "Route Traffic" page,
make these:
- Hostname: I recommend using openclaw for your subdomain
- Domain: select your real domain name
- Path: leave blank
- Service Type: http
- Service URL: localhost:18789
At the bottom right,
click the blue
"Complete setup" button.
Viewing your Published Service
On your host system, in a Web browser,
go to the URL you chose above.
You see a message saying that further
configuration is needed,
as shown below.
Configuring Web Access
On your Ubuntu server,
execute this command:
nano ~/.openclaw/openclaw.json
Add this code to the "gateway" section,
as shown below,
using your URL, not mine.
"controlUi": {
"allowedOrigins": [
"https://yoururl.domain.com",
"http://localhost:18789",
"http://127.0.0.1:18789"
]
}
Also copy the "token" value and save it on your
host system.
Save the file with Ctrl+X, Y, Enter.
Execute this command to restart the gateway:
openclaw gateway restart
Connecting to the Published Service
On your host system, in the page showing
your openclaw page,
enter the token you copied above and click
the Connect button.
You see "pairing required" error,
as shown below.
On your Ubuntu server,
execute this command:
openclaw devices list
Find the pending request, and its Request
ID,
as shown below.
Execute this command, using your
Request ID:
openclaw devices approve 55afbc2e-d5bf-4338-8161-d931961eb559
If you are too slow, the request may time out,
and you'll need to click "Connect" in your browser
and repeat the process.
When it works, you'll see an "Approved" message,
as shown below.
On your host system, in your Web browser,
you should see the OpenClaw page.
Troubleshooting
When I did this on March 19, 2026, the Web page
showed a giant triangle covering everything.
This is a known OpenClaw bug which was recently fixed.
I fixed it by running these commands:
openclaw update
openclaw gateway restart
openclaw --version
Version 2026.3.13 works, and exec works too.
|
Flag ML 137.2: Process (10 pts)
In the OpenClaw dashboard, on the Chat tab,
enter this prompt:
I am connecting with a cloudflare tunnel. What process is running locally to enable that?
The flag is covered by a green rectangle in the image below.
|
Installing SSH Server
On your Ubuntu machine,
execute these commands:
sudo apt update
sudo apt install openssh-server -y
Publishing SSH via ngrok
We need to expose SSH on the Ubuntu server OpenClaw with a public URL.
Another risky move.
In your Ubuntu machine,
execute this command:
sudo snap install ngrok
Sign up at https://ngrok.com/download/linux
Use a smartphone authenticator app to scan the QR code.
On the Welcome page,
at the top left, click
"Your Authtoken",
as shown below.
On your Ubuntu server, execute these commands,
inserting your correct authtoken into the first one.
ngrok config add-authtoken 3BBIs8pfUaGj5Bxxxxxxxxxxx1T8ch97qPRDH3v
ngrok tcp 22
An error message appears, saying you need to add a
payment method to your ngrok account,
as shown below.
Open the URL in the error messsage
and add a credit card there.
Execute this command again:
ngrok tcp 22
This shows you a public URL to reach SSH on
your OpenClaw server
as shown below.
Flag ML 137.3: SSH Remotely (10 pts)
On your host computer, in a Terminal or PowerShell window,
execute this command, replacing the URL, port number, and user
name with the
correct values for your server:
ssh student@8.tcp.us-cal-1.ngrok.io -p 12574
The flag is covered by a green rectangle in the image below.
|
References
OpenClaw Web Tools
Posted 3-19-26
Flag 3 added 3-20-26