MoltCave AI

Privacy policy states 'encryption of data at rest and in transit' and 'isolated tenant environments for each customer.' The security FAQ claims 'each user gets an isolated Kubernetes pod' while the isolation FAQ says 'dedicated virtual machine instance' — this inconsistency undermines credibility. No mention of data not being used for AI model training, no log sanitization details, and data is 'retained indefinitely while your account remains active.' Messages are explicitly sent to third-party AI providers. No employee access controls or audit trails mentioned.

No information found on prompt injection prevention, sandboxing for code execution, human-in-the-loop controls, memory integrity protection, or output sanitization. The customization FAQ reveals users can access 'the OpenClaw Control UI directly from your dashboard' for system prompt editing, but no mention of protections against hijacking via crafted messages or poisoned memory.

MoltCave manages API keys on behalf of users — 'We provision a dedicated OpenRouter API key for each customer' and 'Your LLM access is managed by us. No risk of accidentally leaking keys.' This is a specific architectural claim that reduces user-side credential risk. However, no details on how credentials are stored internally (encryption specifics, HSM, vault), no credential rotation policy, no mention of credential leak detection in outputs, and no information on how Telegram bot tokens or WhatsApp session data are protected.

No information found about least-privilege controls, tool classification or gating, resource consumption limits beyond points, emergency kill switches, or behavioral monitoring. The points system provides an indirect spending cap on AI usage, but no mention of controls over agent actions like sending messages, accessing external services, or running loops.

No information on backups, data export capability, or disaster recovery. Privacy policy mentions data portability as a user right but provides no mechanism. ToS explicitly states 'no SLAs or uptime guarantees unless explicitly agreed upon in writing.' No provider stability signals (funding, team size). The company entity 'Cave Research Limited' in Hong Kong provides minimal transparency. No mention of what happens to data if the provider shuts down.

Pricing is transparent and clearly documented: three tiers (\/\/\ monthly), annual discounts (10%), and top-up packs (\/\/\). Points system provides a natural hard cap — 'When points are exhausted, AI response generation will be paused.' Top-up points 'do not expire.' ToS states 'all fees are non-refundable' and the provider reserves the right to modify terms at any time with only website notification, no advance notice period specified.

ToS governed by Hong Kong law with binding arbitration for disputes. Privacy policy mentions 'regular security assessments' but no details. No incident response process documented, no breach notification timeline specified, no audit logging described. The privacy policy says they 'maintain logs for operational and security purposes' but no detail on what is logged or how it is protected. No GDPR compliance statement despite handling EU users' data. Contact is only an email address with no named individuals.

No information on dependency scanning, MCP server vetting, component inventory (SBOM), or build pipeline integrity. The provider relies on OpenRouter for AI models and Clerk for authentication, but does not document vetting or monitoring of these dependencies. No mention of how OpenClaw updates are validated before deployment, despite claiming 'automatic security patches.'

Authentication is handled by Clerk, a reputable third-party auth provider visible on the sign-up page. The claim that 'runners are only reachable through our authenticated app' with 'no exposed ports, no open dashboards' suggests some access control design. Privacy policy mentions 'encryption of data at rest and in transit.' However, no mention of MFA support, no security testing or bug bounty program, no details on injection prevention, SSRF protection, or platform hardening. No dedicated security page exists.

No information found on approval workflows, independent verification for high-impact decisions, prompt injection monitoring, undo/rollback capabilities, or transparency about AI uncertainty. The ToS disclaimer notes 'AI-generated responses may be inaccurate, incomplete, or inappropriate' but this is a legal disclaimer, not a technical mitigation.