ClawTrust vs Self-Hosting OpenClaw
17,000+ OpenClaw instances are visible on Shodan right now. Most were set up following the same guides you're reading.
Self-hosting OpenClaw is straightforward. Pick any VPS provider, follow a setup guide, and you have a working AI agent in about an hour. But "working" and "secure" are very different things. The default OpenClaw configuration binds the gateway to 0.0.0.0 (all network interfaces), meaning anyone on the internet can connect to your agent. Setup guides rarely cover security hardening because it is complex and varies by provider. The result: thousands of exposed instances with open ports, plaintext credentials, and no monitoring. ClawTrust exists because we saw this problem firsthand and built the solution.
Feature comparison
ClawTrust wins 8 of 10 categories
| Feature | ClawTrust | Self-Hosting (Any VPS) |
|---|---|---|
| Setup time | Under 5 minutes | 1-2 hours basic, 4-20 hours hardened |
| Open ports | Zero | Typically 2+ (SSH, gateway) |
| Internet visibility | Invisible to port scanners | Detectable by Shodan/Censys |
| Disk encryption | LUKS2 disk encryption | Rarely configured |
| Credential storage | Encrypted vault on separate infrastructure | .env file on the server |
| Tool sandbox | Docker sandbox | Depends on your configuration |
| Auto-remediation | Automated health checks + fixes | Manual troubleshooting |
| Security updates | Automated fleet-wide patching | Manual, on your schedule |
| Cost | From $79/month | From $5/month + your time |
| Customization | Dashboard + API control | Full root access, unlimited customization |
Setup comparison
ClawTrust (4 steps)
- 1Choose your plan and complete checkout
- 2Your dedicated server is provisioned with full security automatically
- 3Connect your messaging channels from the dashboard
- 4Your agent is live and secured in under 5 minutes
Self-Hosting (Any VPS) (13 steps)
- 1Choose a VPS provider and create a server
- 2Install Docker and Docker Compose
- 3Download and configure OpenClaw
- 4Bind gateway to localhost (most guides use 0.0.0.0)
- 5Configure firewall to block port 18789 from public access
- 6Set up a reverse proxy with SSL/TLS termination
- 7Harden SSH (key-only auth, fail2ban, non-standard port)
- 8Configure Docker security (resource limits, no-new-privileges, read-only)
- 9Encrypt the disk (requires full re-provision)
- 10Move credentials off the server to a secret manager
- 11Set up uptime monitoring and alerting
- 12Configure automated backups and log rotation
- 13Establish a patching schedule for OS, Docker, and OpenClaw updates
Security comparison
The fundamental problem with self-hosting is that security is opt-in, not opt-out. OpenClaw's default configuration is designed for ease of use, not security. The gateway binds to all interfaces, the auth mode can be set to "none," and mDNS broadcasting is enabled. Most self-hosted setups keep these defaults because the guides that walk you through installation don't mention them. The result is visible on Shodan: 17,000+ OpenClaw instances with open gateway ports, many with no authentication at all. ClawTrust flips this model. Security is the default. Zero ports are exposed. All connections go through an outbound-only encrypted tunnel. Credentials are stored in a separate encrypted vault and never touch the agent server. Every tool execution runs in a sandboxed Docker container. Automated health checks and self-remediation are built in. You would need significant Linux, Docker, and networking expertise to replicate this level of hardening yourself.
Total cost of ownership
Self-hosting costs as little as $5/month for a basic VPS. ClawTrust starts at $79/month. But the total cost of ownership is different. Self-hosting requires your time for initial setup (4-20 hours depending on your expertise), ongoing maintenance (OS patches, Docker updates, OpenClaw version upgrades), troubleshooting (when things break at 2 AM), and security hardening (most people skip this entirely). If you value your time at even $25/hour, the initial setup alone costs $100-500. Add monthly maintenance time and the risk cost of running an unsecured agent with access to your credentials, and the $64/month difference becomes very reasonable insurance.
The verdict
Self-hosting gives you maximum control and the lowest monthly cost. It makes sense for experienced DevOps engineers who enjoy infrastructure work and have the time for ongoing maintenance. For professionals who want a secure AI agent without becoming a sysadmin, ClawTrust handles the hard parts so you can focus on what the agent does for your business.
Frequently asked questions
What are the 17,000+ exposed instances?
Shodan (a search engine for internet-connected devices) consistently finds 17,000+ OpenClaw instances with port 18789 open to the public internet. These are real agents running on VPS providers worldwide, most set up following standard guides that don't cover security hardening.
What happens if my self-hosted agent gets compromised?
An attacker who accesses your OpenClaw instance can: read all conversations, access stored API keys and credentials, impersonate your agent on connected channels, use your AI budget for their own queries, and potentially pivot to other services using your stolen credentials.
I'm a developer. Can't I just secure it myself?
You absolutely can. The question is whether you want to spend 4-20 hours on initial hardening plus ongoing maintenance. If you enjoy infrastructure security work, self-hosting is a valid choice. ClawTrust targets professionals who would rather spend that time on their actual business.
What security certifications does ClawTrust have?
Our security posture includes automated vulnerability scanning, static application security testing, an incident response runbook, field-level encryption at rest, rate limiting protections, and comprehensive audit logging. Security architecture documentation is available on request.
Can I switch to self-hosting later if I want?
Yes. Your agent configuration, skills, and workspace data are yours. You can export everything and set up your own server at any time. There's no lock-in.
Do I need technical knowledge to use ClawTrust?
No. The dashboard handles all configuration. Connecting messaging channels, setting AI models, managing skills, and monitoring your agent are all done through the web interface. No command line or server management required.
Learn more
Ready to skip the security headaches?
Production-ready AI agent with enterprise security. Under 5 minutes.