ClawCloud

ClawCloud provides per-user isolation via dedicated VMs on DigitalOcean, claiming 'Your own isolated VM. Not shared, not throttled' and 'Each ClawCloud instance runs on a dedicated virtual machine — your data is isolated from other users.' This is a meaningful architectural choice over shared containers. However, there is no mention of encryption at rest, no data retention policy beyond 'When you delete an instance, the associated server and data are destroyed,' no documentation of employee access controls, and no statement about whether data is used for training. The privacy policy is only 5 short paragraphs with no GDPR mention. Log sanitization is not addressed.

No information found about prompt injection defenses, sandboxing for code execution, human-in-the-loop for goal changes, memory integrity protection, output sanitization, or container escape prevention. The self-hosting blog post mentions 'security hardening' as something ClawCloud handles but provides zero specifics about what this entails. SSH access is available on all plans, meaning users can directly access the VM, but no sandboxing or isolation of agent code execution is documented.

The privacy policy states 'Your AI API keys are sent directly to your provisioned server and are not stored by ClawCloud,' and the managed AI blog explains that managed-mode instances get 'its own dedicated API key, routed through OpenRouter.' For BYOK mode, the compare page says keys are 'stored and injected securely' but provides no technical details about how. There is no mention of encrypted credential storage, credential leak detection, credential rotation, or exclusion of credentials from AI model context. No documentation of how bot tokens (Telegram, Discord) are stored on the VM.

No documentation found about guardrails for agent behavior. There is no mention of least-privilege principles, high-risk tool classification, resource consumption limits beyond AI credit caps, emergency kill switches, or behavioral monitoring. The dashboard offers instance reboot and log viewing but no documented mechanism to stop a misbehaving agent's actions in real-time. The open DM policy defaults ('ClawCloud now sets dmPolicy: open and allowFrom: [*] by default') actually increase rogue risk by making bots accessible to anyone.

Backups are documented: 'daily backups' on Pro, 'hourly backups' on Max, with 'Restore with one click if anything goes wrong.' The Lite plan does not explicitly include backups. There is no mention of backup testing, verified restore procedures, or disaster recovery. Data export is not addressed — users with SSH access can presumably copy files, but there is no documented export capability. The provider is very new (all content from February 2026), which is a stability risk. Terms state 'Upon termination, your instances will be destroyed and data deleted' but no advance notice period is specified.

Pricing is clearly documented across multiple pages with specific dollar amounts: $29/mo Lite, $59/mo Pro, $129/mo Max, each with defined AI credit allocations. The managed AI system has a documented fallback — 'If your bot uses all its credits before the billing cycle ends, ClawCloud switches it to a free model automatically' rather than incurring overage charges. The FAQ states 'No contracts, no cancellation fees. Cancel from your dashboard.' However, there is no documented price change notification policy, no hard spending caps for BYOK mode, and no usage alerts documented beyond the dashboard credit bar color coding.

No audit logging, incident response process, breach notification timeline, or agent action audit trail is documented anywhere on the site. The Terms of Service are minimal (6 short sections) with no SLA, no liability framework, and no mention of security incident handling. The privacy policy does not mention GDPR, data subject rights, or data processing agreements. Server jurisdiction is disclosed as 'DigitalOcean in the NYC1 region' but there is no discussion of compliance with any privacy regulations. There is no about or team page — the provider's legal entity and operators are not identified.

No information found about MCP server or tool vetting, dependency scanning, software bill of materials, build pipeline security, or update verification. OpenClaw updates are automatic ('Each instance runs a daily update check, so future OpenClaw releases will be picked up automatically'), but there is no documentation of how updates are verified before deployment or whether there is any integrity checking. The managed AI mode routes through OpenRouter as a third-party dependency, but no vetting or data policy for OpenRouter is discussed.

Authentication uses OAuth only (GitHub and Google sign-in), which avoids password-related vulnerabilities. The site runs on Vercel with HSTS enabled (max-age=63072000). However, there is no MFA option documented, no mention of session management practices, no security testing, no bug bounty program, and no documentation of injection prevention, SSRF protection, or access control implementation. The self-hosting blog post mentions 'security hardening' being handled by ClawCloud but never specifies what hardening measures are applied to VMs.

No information found about approval workflows, independent verification for high-impact decisions, prompt injection monitoring, output manipulation detection, undo/rollback capability, or transparency about AI uncertainty. The platform appears to be a straightforward deployment service with no documented safeguards against hallucinations or trust exploitation.