openclaw.host

The FAQ states 'Your conversations and configurations are stored on isolated, encrypted infrastructure. We don't read, train on, or share your data. You can export or delete everything at any time.' The security risk blog post claims 'Chaque bot tourne dans un conteneur isolé, lui-même dans un réseau privé virtuel. Impossible pour un bot d'attaquer son voisin.' However, these are marketing claims from a pre-launch service with no verifiable details about encryption implementation, isolation technology, employee access controls, or log sanitization. No specifics on encryption at rest (algorithm, key management) are provided.

The security guide extensively covers OpenClaw's built-in protections (pairing system, Gateway auth, sandbox modes, prompt injection awareness) but these describe the upstream open-source project's features, not the managed platform's own additions. The blog claims 'Proxy Inverse Blindé' with 'Traefik, WAF' filtering attacks, which names specific technologies but lacks detail on configuration. The security guide honestly states 'prompt injection is not solved' and recommends limiting tools and using sandbox mode. No information on the managed platform's specific sandboxing or container escape prevention beyond the vague 'isolated container' claim.

The FAQ states users can 'bring your own OpenAI, Anthropic, or any LLM API key' and the platform also offers a 'default model.' The configuration guide describes environment variable syntax for API keys in self-hosted setups, but there is zero documentation on how the managed platform stores user-provided credentials. No mention of encrypted credential storage, secret management systems, credential rotation, or leak detection in outputs. The CGV mentions 'Allocation et gestion des clés API' as a service but provides no security details.

No information found about the managed platform's guardrails for preventing agents from going rogue. The self-hosting guides describe tool allow/deny lists and sandbox modes in openclaw.json, but there is no documentation of rate limiting, spending caps, kill switches, behavioral monitoring, or human-in-the-loop approval workflows specific to the managed hosting platform. The pairing guide warns that 'Even an approved user can send 1000 messages in an hour and burn a fortune in tokens' for self-hosters, and claims the managed platform has 'smart rate limiting' and 'per-user monitoring' but provides no specifics.

The FAQ claims '99.9% uptime SLA' and 'You can export or delete everything at any time,' and the CGV states the service aims for 24/7 availability but 'ne garantit aucun niveau de disponibilité spécifique, sauf mention contraire dans l'offre souscrite.' The FAQ also claims 'persistent storage for your conversations and configs.' No information on backup strategy, restore procedures, data export formats, or what happens if the provider shuts down. The provider is a sole proprietor ('entrepreneur individuel') with a 3-week-old website, raising stability concerns.

The FAQ clearly states 'Plans start at 15 euros per month for a personal instance. Volume and enterprise plans are available for teams. No hidden fees, no per-message pricing.' The CGV documents a 30-day notice for price changes: 'l'utilisateur sera informé au moins 30 jours avant l'application du nouveau tarif et pourra résilier son abonnement avant l'entrée en vigueur des nouveaux prix.' This is the most concrete, documented claim on the site. However, there is no mention of hard spending caps, usage monitoring dashboards, or alerts for API consumption spikes.

The CGU identifies the operator as 'Hugo Morlet, entrepreneur individuel' with French jurisdiction and GDPR compliance claims. Data subjects have 'droit d'accès, de rectification, de suppression, de limitation et de portabilité.' The CGV limits liability to 'montant des sommes effectivement perçues au titre du service concerné au cours des 12 derniers mois.' The security risk blog claims '24/7 monitoring, real-time alerts' and a 'dedicated security team' but provides no verifiable evidence. No incident response process is documented, no breach notification timeline is stated, and no audit logging capabilities are described for the managed platform.

No information found about the managed platform's approach to supply chain security. No mention of dependency scanning, MCP server vetting, SBOM, build pipeline security, or how third-party tools and updates are verified. The configuration guide describes model fallback chains but does not address AI provider data policies. The store lists 21 apps all marked 'COMING SOON' with no information about vetting or security review processes for these future integrations.

The blog claims 'Traefik, WAF' as a reverse proxy and mentions 'SSL' in the FAQ, suggesting TLS is in use. The blog post on security risks claims container isolation and network segmentation ('réseau privé virtuel'). However, there is no mention of MFA, SSRF protection, security headers, access control testing, or independent security audits. The platform dashboard and APIs are not yet publicly accessible (pre-launch), so nothing can be independently verified. The footer self-identifies as 'service d'hébergement communautaire non officiel' (unofficial community hosting service).

No information found about misinformation or trust exploitation mitigations. No mention of approval workflows, independent verification for high-impact decisions, undo/rollback capabilities, output manipulation monitoring, or transparency about AI uncertainty. The guides discuss prompt injection risks for the open-source project but do not describe any managed platform features to address hallucination, output manipulation, or trust exploitation.