EasyClaw Pro

The privacy policy states 'We do not use your private deployment data to train public models' and mentions 'access controls and monitoring,' but provides no technical details about per-user isolation, encryption at rest specifics, or multi-tenancy architecture. No documentation exists to explain how agents from different users are separated.

No information found anywhere on the site about prompt injection defenses, sandboxing, code execution isolation, human-in-the-loop controls, or memory integrity protection. The homepage and features sections focus exclusively on ease of deployment with no security features mentioned.

The privacy policy states 'Sensitive secrets are encrypted in storage' and 'Integration credentials are encrypted and retained only as needed for active deployments.' However, no details are provided about the encryption method, key management, credential rotation, or whether credentials are excluded from AI model context. This is a single marketing-level claim without technical backing.

No information found about rate limiting, spending caps, kill switches, behavioral monitoring, least-privilege controls, or any guardrails on agent actions. The platform appears to be a deploy-and-forget model with no visible controls for limiting agent behavior.

No mention of backups, data export, disaster recovery, or business continuity anywhere on the site. No status page exists. The terms state the service is provided 'as is' with no availability guarantees. The site is very early-stage with an empty blog and 'EARLY ACCESS' pricing, raising concerns about provider longevity.

Pricing is clearly displayed on the pricing page: Starter at $5/mo (early access, normally $10) and Pro at $10/mo (normally $20). The pricing page states 'Cancel anytime from your account' and the terms note 'Subscriptions renew automatically unless canceled before renewal.' The refund policy provides a specific 7-day window and 20% usage threshold. However, no hard spending caps or usage alerts are mentioned.

The privacy policy mentions 'access controls and monitoring' and the footer states 'EasyClaw is an independent product and is not affiliated with any third-party model providers.' No information about jurisdiction, GDPR compliance, audit logging, incident response process, breach notification timelines, or agent action audit trails. Contact is limited to email support with '3 business day' response time.

No information found about dependency scanning, MCP server vetting, AI provider data policies, update verification, SBOM, or build pipeline security. The homepage promotes 'Automatic OpenClaw updates. Always use the latest features without lifting a finger' as a feature, but does not mention any integrity verification for these updates.

The site uses HTTPS with HSTS enabled (max-age=63072000) via Cloudflare and is hosted on Vercel, which provides baseline platform security. Authentication is Google OAuth only with no MFA option visible. No Content-Security-Policy, X-Frame-Options, or X-Content-Type-Options headers were observed. No security.txt file exists. No mention of independent security testing or penetration testing.

No information found about hallucination mitigation, approval workflows, output verification, undo/rollback capabilities, or transparency about AI uncertainty. The platform appears to be a direct deployment pipeline with no visible safeguards between the AI model output and the messaging channel.