How long does it take to set up MyOpenClaw?

Your personal AI assistant is ready in 60 seconds. Simply pick a username, and we handle everything else - provisioning, SSL, and configuration.

What messaging platforms does MyOpenClaw support?

MyOpenClaw supports WhatsApp, Telegram, Slack, Discord, and more. Connect all your channels from one unified dashboard.

Do I need technical knowledge to use MyOpenClaw?

No! MyOpenClaw is designed for non-technical users. Zero DevOps required - we handle all the infrastructure, updates, and security.

Can I get my own custom subdomain?

Yes! Every user gets their own subdomain: yourname.myopenclaw.cloud with automatic SSL certificate.

What happens if I want to cancel?

You can cancel anytime. There are no long-term contracts or hidden fees. Your data remains accessible until the end of your billing period.

How is this different from ChatGPT?

ChatGPT is a chat interface you visit. OpenClaw is an autonomous AI agent that lives on your messaging apps and acts on your behalf. It can manage files, run code, browse the web, and integrate with your tools. It remembers everything across conversations and works 24/7.

What happened to Clawdbot and Moltbot?

OpenClaw was previously known as Clawdbot, and before that, Moltbot. The project has evolved significantly: same open-source community, much more powerful software. MyOpenClaw.cloud supports the latest version.

Do I need my own API key?

Yes, you'll need an API key from an AI provider like Anthropic, OpenAI, or Google. This takes about 2 minutes to set up and gives you full control over your AI usage and costs. We walk you through it during onboarding.

How does billing work?

Billing is monthly. You're charged when you subscribe, and your plan renews automatically each month. You can cancel anytime from your dashboard — no hidden fees or penalties.

Can I upgrade or downgrade my plan?

Yes. You can switch between Starter, Pro, and Business plans at any time from your dashboard. Upgrades take effect immediately with prorated billing. Downgrades apply at the end of your current billing period.

What payment methods do you accept?

We accept all major credit and debit cards (Visa, Mastercard, American Express) through our payment partner Polar. All transactions are processed securely with industry-standard encryption.

Is there a free trial?

There's no free trial, but you can cancel anytime with no penalties. Your instance stays active until the end of your billing period. At $29/month for Starter, there's minimal risk to try it out.

Is this an official OpenClaw service?

MyOpenClaw.cloud is an independent managed hosting service. We are not affiliated with or endorsed by the OpenClaw open-source project. We provide hosting, support, and a streamlined experience on top of the open-source software.

135,000 exposed: the real security risk of self-hosting OpenClaw

OpenClaw is impressive software. It's also one of the most widely-exposed applications on the internet right now — and most people running it don't realize it.

The numbers

Bitsight found 135,000+ self-hosted OpenClaw instances publicly accessible on the internet. Over 15,000 are vulnerable to remote code execution. A security audit found 512 vulnerabilities, 8 of them critical.

Cisco called self-hosted OpenClaw a "security nightmare." Kaspersky flagged it as unsafe. Gartner said the design is "insecure by default." None of this is speculation — it's documented and actively being exploited.

The default config is the problem

Install OpenClaw and the gateway binds to 0.0.0.0 with auth disabled. Anyone on your network — or the internet if your firewall has any gaps — can send commands to your AI assistant.

Most users never change this. Most tutorials don't mention it.

The ClawHavoc supply chain attack

In February 2026, security researchers found what they called the ClawHavoc campaign: 341 malicious skills uploaded to ClawHub, OpenClaw's skill marketplace.

They looked legitimate. Descriptions, icons, star ratings. They installed quietly during normal clawhub install commands.

Self-hosted users who updated skills during this period likely had their API keys, gateway tokens, and file system contents exfiltrated.

ClawJacked: the WebSocket hijack

The same month, researchers published details on "ClawJacked" — malicious websites that can hijack a local OpenClaw instance via WebSocket. Local gateways often run without origin checking.

Visit a malicious link, and your entire OpenClaw instance — conversations, API keys, connected integrations — can be taken over without any visible sign.

The one-click RCE

The most severe CVE let attackers achieve full remote code execution with a single HTTP request to an exposed gateway. The attack exploited an unvalidated gatewayUrl parameter to steal auth tokens and run privileged shell commands.

No user interaction required.

What to do if you're self-hosting

If your instance is reachable from the internet (test: does http://your-ip:3000 load without a password?):

Set GATEWAY_TOKEN in your .env — immediately

Firewall port 3000 — never expose it directly

Audit your installed skills — remove anything you didn't explicitly install

Update OpenClaw — the RCE is patched in v2026.2.x+

Put nginx or Caddy in front — with authentication

How MyOpenClaw.cloud is different

Every instance runs in an isolated Fly Machine with no public port exposure. The only access is through our authenticated gateway.

Skills are pinned to verified versions with SHA-256 hashes. The ClawHavoc attack didn't reach our users. OpenClaw updates are tested by us before they reach your instance. All API keys and secrets are encrypted with AES-256-GCM.

You don't manage any of this. It's just done.

Who should still self-host?

Self-hosting makes sense if you have real ops experience and can correctly configure a firewall, reverse proxy, and auth — or if you need air-gapped infrastructure, want to run local models via Ollama, or genuinely enjoy the ops work.

If you don't know what 0.0.0.0 means, don't self-host.

The honest bottom line

OpenClaw was optimized for getting started quickly, not for running safely in production. That's a reasonable design tradeoff. The problem is that most users don't know they're making a security decision when they paste the install command.

If you're self-hosting, audit your setup today. If you're just getting started, a managed service removes the entire attack surface.

Start your secure, managed OpenClaw instance →

135,000 Exposed: The Real Security Risk of Self-Hosting OpenClaw