MissionClaw

MissionClaw claims 'self-hosted' with 'your agents run in your own VM' and 'No data leaves your infrastructure' in the FAQ. The homepage states 'Self-hosted your VM, your data' and 'VPN: wireguard'. However, there is no documentation on tenant isolation architecture, encryption at rest, whether provider employees can access VM contents, or data training policies. The self-hosted VM model is architecturally better than shared multi-tenant, but the claims are marketing-level with no technical documentation to verify.

No mention of prompt injection defenses, sandboxing, container escape prevention, or memory integrity protection anywhere on the site, docs, or policies. The homepage mentions 'Per-agent access control (allowlist)' for MCP tools, which is a basic measure. No information about code execution sandboxing despite agents having 'Browser automation' and code execution capabilities. The complete absence of any discussion of agent hijacking risks is concerning given the autonomous nature of the agents.

The FAQ states 'encrypted API key storage' which is a relevant claim but lacks any detail on encryption method, key management, or whether credentials are excluded from model context. The BYOK model means users paste API keys into the platform. The signup page shows basic password requirements ('at least 8 characters with a letter and number'). No mention of credential rotation, leak detection in outputs, or credential lifecycle management. The Terms place responsibility for 'rotating and protecting API keys' entirely on the user.

The homepage mentions 'Health checks every 15 min, auto-restart after failures' which addresses availability but not rogue behavior. The platform offers 'Per-agent access control (allowlist)' for MCP tools, which provides some least-privilege capability. However, there is no mention of spending caps, rate limiting, kill switches, behavioral monitoring, or human-in-the-loop approval for high-risk actions. Agents can apparently send messages, access external services, and execute code with no documented guardrails.

No mention of backups, data export, or disaster recovery anywhere on the site or in policies. The Privacy Policy mentions 'we retain information for as long as necessary' but provides no specifics. No SLA or uptime guarantees are published. The Terms state 'we do not guarantee uninterrupted availability or error-free operation.' There is no data portability mechanism described and no indication of what happens to VM data if the service shuts down or the user cancels.

Pricing is clearly displayed: Starter $79/mo (5 agents) and Pro $149/mo (15 agents). The BYOK model with 'Your keys, your cost -- zero platform markup' is transparent about AI costs being separate. The Terms state 'We may change pricing or plans over time' with notice 'consistent with applicable law.' No hidden fees are apparent. However, there are no hard spending caps or usage alerts mentioned for agent resource consumption, and API costs are entirely the user's responsibility with no warnings about potential runaway costs.

The company is identified as 'Bulk Studio' with a New York address (447 Broadway, 2nd Floor #1138 -- a virtual office building). Arbitration is in Cheyenne, Wyoming. No incident response process is documented. No breach notification timeline is specified in the Privacy Policy. No audit logging or agent action trail is mentioned. The Privacy Policy mentions collecting 'audit events, and security logs' as telemetry but provides no details on access or retention. No GDPR DPA is offered. No compliance certifications are claimed.

The MCP marketplace allows one-click installation of third-party tools (Apollo.io, Twenty CRM, n8n, Linear). The Terms explicitly disclaim responsibility: 'We do not control and are not responsible for third-party Marketplace Tools, including their behavior, security posture.' No vetting process for marketplace tools is described. No dependency scanning, SBOM, or build pipeline security is mentioned. Users can also submit their own agents to the marketplace. The reliance on multiple AI providers (OpenAI, Anthropic, Google) is standard but the platform provides no mitigation documentation.

The login page supports Google OAuth and email/password. Password requirements are basic ('at least 8 characters with a letter and number'). No MFA is offered. No mention of HTTPS enforcement details, security headers, penetration testing, or bug bounty. The Privacy Policy mentions 'reasonable administrative, technical, and organizational measures' but provides no specifics. No dedicated security page exists. The self-hosted VM model shifts some platform security to the user, but the dashboard and provisioning system remain provider-controlled attack surfaces.

No mention of hallucination warnings, output verification, approval workflows, undo/rollback capabilities, or transparency about AI uncertainty. The Terms state 'Outputs generated by the Service may be incomplete, incorrect, biased, or unsafe' and 'You must not rely on outputs for decisions that could cause harm without independent review,' which is a legal disclaimer but not a technical mitigation. No monitoring for prompt injection or output manipulation is described.