How long does it take to set up MyOpenClaw?

Your personal AI assistant is ready in 90 seconds. Simply pick a username, and we handle everything else - provisioning, SSL, and configuration.

What messaging platforms does MyOpenClaw support?

MyOpenClaw supports WhatsApp, Telegram, Slack, Discord, and more. Connect all your channels from one unified dashboard.

Do I need technical knowledge to use MyOpenClaw?

No! MyOpenClaw is designed for non-technical users. Zero DevOps required - we handle all the infrastructure, updates, and security.

Can I get my own custom subdomain?

Yes! Every user gets their own subdomain: yourname.myopenclaw.cloud with automatic SSL certificate.

What happens if I want to cancel?

You can cancel anytime. There are no long-term contracts or hidden fees. Your data remains accessible until the end of your billing period.

How is this different from ChatGPT?

ChatGPT is a chat interface you visit. OpenClaw is an autonomous AI agent that lives on your messaging apps and acts on your behalf. It can manage files, run code, browse the web, and integrate with your tools. It remembers everything across conversations and works 24/7.

What happened to Clawdbot and Moltbot?

OpenClaw was previously known as Clawdbot, and before that, Moltbot. The project has evolved significantly: same open-source community, much more powerful software. MyOpenClaw.cloud supports the latest version.

Do I need my own API key?

Yes, you'll need an API key from an AI provider like Anthropic, OpenAI, or Google. This takes about 2 minutes to set up and gives you full control over your AI usage and costs. We walk you through it during onboarding.

How does billing work?

Billing is monthly. You're charged when you subscribe, and your plan renews automatically each month. You can cancel anytime from your dashboard — no hidden fees or penalties.

Can I upgrade or downgrade my plan?

Yes. You can switch between Starter, Pro, and Business plans at any time from your dashboard. Upgrades take effect immediately with prorated billing. Downgrades apply at the end of your current billing period.

What payment methods do you accept?

We accept all major credit and debit cards (Visa, Mastercard, American Express) through our payment partner Polar. All transactions are processed securely with industry-standard encryption.

Is there a free trial?

There's no free trial, but you can cancel anytime with no penalties. Your instance stays active until the end of your billing period. At $29/month for Starter, there's minimal risk to try it out.

Is this an official OpenClaw service?

MyOpenClaw.cloud is an independent managed hosting service. We are not affiliated with or endorsed by the OpenClaw open-source project. We provide hosting, support, and a streamlined experience on top of the open-source software.

Security Alert

Is Self-Hosted OpenClaw Safe?

135,000+ OpenClaw instances are publicly accessible without authentication. The ClawHavoc supply chain attack (Feb 2026) compromised hundreds of self-hosted setups. Here's what you need to know.

Get Secure Hosting Supply Chain Details

135,000+

Self-hosted instances reachable without authentication (Cisco Talos, 2026)

341

Malicious skills placed on ClawHub in the ClawHavoc campaign (Feb 2026)

MyOpenClaw instances affected — all skills are version-pinned + hash-verified

The 3 security risks of self-hosting OpenClaw

These aren't theoretical. All three have been exploited in the wild.

No authentication by default

Critical

Out of the box, OpenClaw binds its HTTP gateway to 0.0.0.0 (all interfaces) with no authentication. Anyone who can reach your IP and port can send messages to your AI, access your memory, and invoke your integrations. 135,000+ instances on the public internet are reachable this way.

Cisco Talos published warnings about exposed OpenClaw instances being used as open proxies. Search engines like Shodan index thousands of them daily.

Supply chain attacks (ClawHavoc)

High

In February 2026, the ClawHavoc campaign placed 341 malicious skills on ClawHub — the community skill registry. These skills executed arbitrary code on installation. Self-hosted users running `clawhub install` without version pinning were silently compromised.

The attack exploited the fact that `clawhub install @latest` trusts whatever the registry serves. Hardcoded @latest references are the attack surface.

Unpatched instances

Medium

OpenClaw ships frequent updates, often with breaking config changes. Many self-hosters fall behind — running versions months out of date, missing security patches. Staying current requires reading changelogs, testing compatibility, and manually updating on your schedule.

Version fragmentation also makes community support harder. The most common self-hosting issues are already fixed in the current release.

How MyOpenClaw handles security

Every protection below is active on every instance, by default.

Gateway token authentication

Every MyOpenClaw instance is protected by a unique HMAC-SHA256 gateway token. No token, no access — your AI is not reachable from the public internet without it.

Version-pinned, hash-verified skills

We don't use @latest. Every skill installed on MyOpenClaw instances is pinned to an exact version with SHA-256 hash verification. ClawHavoc-style attacks cannot substitute a malicious package.

Automatic security updates

We track every OpenClaw release. Security patches are tested and deployed automatically. Your instance stays current without you touching a terminal.

Encrypted secrets at rest

Setup passwords, gateway tokens, and API keys are encrypted with AES-256-GCM before storage. Key rotation is supported without re-encrypting existing records.

Supply chain audit

All integrations go through a manual verification process before we ship them. Only official CLIs and verified ClawHub registry entries are included — community forks excluded regardless of quality.

Isolated dedicated machines

Your instance runs on its own Fly.io machine, isolated from other users. Network policies prevent cross-tenant traffic. No shared compute, no shared storage.

Read our full supply chain security details

Still self-hosting? Check this immediately.

If you run self-hosted OpenClaw, verify these three things now:

1Check openclaw.json: confirm auth.enabled is true and you have a strong gateway token set
2Verify your bind address: it should be 127.0.0.1, not 0.0.0.0 — unless you're behind a properly configured reverse proxy
3Audit your installed skills: remove any that aren't pinned to an exact version, especially anything installed with @latest

Secure OpenClaw hosting in 90 seconds

Skip the configuration gauntlet. MyOpenClaw deploys OpenClaw with authentication enabled, supply chain protections active, and automatic security updates — before you've finished your coffee.

Start Secure Hosting

Starts at $29/mo. Cancel anytime. No contracts.

FAQ

OpenClaw security questions

Security researchers and Cisco Talos have documented over 135,000 publicly reachable OpenClaw instances — meaning they respond on port 8080 (or their configured port) without requiring authentication. The actual number is likely higher, since many instances are behind NAT but still accessible via their public IP through port forwarding.

ClawHavoc was a February 2026 supply chain campaign that placed 341 malicious skills on ClawHub, the community skill registry. The skills appeared legitimate but executed arbitrary code at install time — reading API keys from environment variables, exfiltrating memory files, and establishing persistence. Self-hosted users who ran `clawhub install <skill>@latest` were at risk. MyOpenClaw was not affected because all skills are version-pinned and hash-verified before installation.

Not automatically — it depends on the managed provider. MyOpenClaw was specifically built with the self-hosted security gaps in mind: gateway token auth (no open access), version-pinned skills (ClawHavoc protection), automatic updates (no unpatched versions), and encrypted secrets at rest. A poorly configured managed host could be worse than a well-configured self-hosted setup.

Technically, as the infrastructure provider, we have access to the underlying machine. In practice: your API keys are encrypted at rest and never logged, your conversation history and memory files live on your persistent volume, and our team does not routinely access customer data. We publish a security-focused CLAUDE.md detailing our supply chain hardening for full transparency.

Yes. The key steps are: (1) set `auth.enabled: true` in openclaw.json with a strong gateway token, (2) bind to 127.0.0.1 instead of 0.0.0.0, (3) put it behind a reverse proxy with HTTPS, (4) pin all skill versions manually — never use @latest, (5) set up automatic OS and OpenClaw updates. This is 4-6 hours of work and requires ongoing maintenance. MyOpenClaw does all of it by default.