#15

Clawhost (Dev)

Live

Managed SaaS hosting claiming 10K+ agents deployed

From

$25/mo

Security

Basic 2.8/100

Price Range

$25/mo – $25/mo

Free Tier

Integrations

5 platforms

Security Score: 2.8/100 — Basic

Clawhost (Dev) is an early-stage Beta product with polished marketing but extremely thin security posture. No docs, no security page, no status page, no about page. Claims limited to Privacy Policy (AES-256-GCM, isolated containers, TLS) — none verifiable. GitHub has one empty repo ('ClawOS'). Terms warn about data loss/interruptions contradicting '99.9% uptime SLA.' No MFA, no named team, Czech base with Delaware law. clawhost.com is a separate 'coming soon' page. Users would entrust API keys and autonomous agents to a provider with essentially zero verifiable evidence.

10 risk categories scored 1-10 × evidence weight. Based on our methodology, grounded in OWASP Agentic Security, NIST CSF 2.0, and CIS Controls.

Can anyone else see my data?2/10

Privacy policy claims 'isolated container environments for each user' and FAQ states 'each instance runs in an isolated container with end-to-end encryption.' No documentation on isolation mechanism, no security page, no third-party audit. Claims unverifiable.

Can someone take over my agent?1/10

No mention of prompt injection protections, sandboxing, memory integrity, or human-in-the-loop. FAQ promotes '100+ integrations' and '24/7 autonomous' but zero info on how hijacking is mitigated.

Are my keys and passwords safe?2/10

Privacy policy claims 'AES-256-GCM encryption for stored secrets and API keys' and 'we never have access to your plaintext API keys after encryption.' Meaningful claim but unverifiable — no key management docs, no audit, no bug bounty. No credential leak detection or rotation.

Can my agent do things I didn't authorize?1/10

No guardrails, rate limiting, spending caps, kill switches, behavioral monitoring, or approval workflows. Promotes '24/7 autonomous operation' and 'close your laptop and relax' with no rogue-agent prevention.

Can I lose my data or get locked out?1/10

Terms explicitly warn Beta: 'unexpected downtime, data loss, or service interruptions' and 'we may reset or migrate data.' Privacy policy mentions 30-day deletion and 7-day log retention. '99.9% uptime SLA' claim contradicts Beta disclaimer. No backups, export, or DR. No status page.

Will I get unexpected bills?3/10

Single plan $25/mo with 'no per-launch fees, no hidden costs.' Yearly saves $50. Terms: 'price changes communicated in advance.' No spending caps for API usage, refunds 'non-refundable except where required by law.'

Who's responsible when something goes wrong?1/10

Czech Republic per GitHub. No company registration, named team, or address. Only contact: legal@clawhost.dev. No incident response, breach notification, GDPR specifics, or audit logging. Delaware governing law despite Czech base — unusual.

What if a tool or dependency gets compromised?1/10

No dependency management, tool vetting, CI/CD security, or SBOM docs. GitHub 'ClawOS' repo completely empty (0 code). Claims '100+ integrations' with no info on how they're secured or vetted.

Is the platform itself secure?2/10

Login shows email+password only, no MFA. No security headers docs, pen testing, bug bounty, or security.txt. Privacy claims 'TLS/SSL' and 'secure SSH' — baseline expectations. No CAPTCHA on signup.

Can I trust what my agent tells me?1/10

No hallucination warnings, output verification, approval workflows, or undo capabilities. Homepage promotes full autonomy without caveats about AI reliability or human oversight.

V = VerifiedD = DocumentedC = ClaimedU = Unknown

Isolated containersEnd-to-end encryption99.9% uptime SLANo exposed ports