SimpleClaw
LiveSolo-founder managed hosting with Google sign-in and free tier
Security Score: 0/100 — Basic
SimpleClaw is a minimal single-page site by solo developer Savio Martin (18, Kerala, India), self-described 'weekend side project.' Zero supplementary pages — no privacy, terms, security, pricing, docs, about — all 404. Closed-source. Only security: inherited Vercel TLS/HSTS and Google OAuth. Mentions 'secure' once in passing. For a service handling API keys and promising agents that 'do your taxes' and 'write contracts,' the complete absence of any security documentation, legal framework, or operational transparency represents the lowest tier of maturity.
10 risk categories scored 1-10 × evidence weight. Based on our methodology, grounded in OWASP Agentic Security, NIST CSF 2.0, and CIS Controls.
Zero information about data isolation, encryption, log handling, or training opt-out. Entire site contains zero mentions of data protection. Only text: 'Simple, secure and fast connection to your bot' with no specifics. No privacy policy (404), no ToS (404), no security docs.
No mention of sandboxing, container isolation, prompt injection defenses, or human-in-the-loop. Site advertises agents that 'do your taxes,' 'negotiate refunds,' 'run payroll calculations' with zero guardrails. No documentation exists.
Users must provide API keys and Telegram bot tokens but zero information on storage, protection, or isolation of credentials. No encrypted storage, secret management, or leak prevention mentioned. Onboarding presumably asks for keys with no documented handling pipeline.
Advertises highly autonomous actions (taxes, refunds, payroll, contracts/NDAs) — all high-risk. No spending limits, approval workflows, kill switches, rate limiting, or behavioral monitoring. No guardrails documented.
No backups, data export, disaster recovery, or shutdown plan. Self-described 'weekend side project' by solo 18-year-old developer raises significant continuity concerns. Urgency marketing ('only 11 left'). No data retention or deletion policy.
No pricing visible anywhere — not on homepage, pricing page 404s. Users must sign in to discover costs. 'Limited cloud servers — only 11 left' gives minimal implicit cost signal.
No privacy policy, no ToS, no legal entity, no jurisdiction, no GDPR claims, no incident response, no audit logging, no breach notification. Only contact: savio@simpleclaw.com. Creator is 18-year-old individual developer in Kerala, India with no business registration visible.
Closed-source, no public repo, no SBOM, no dependency scanning, no build pipeline info, no tool vetting. Users have zero visibility into what code runs. No documentation on AI provider connection security.
Hosted on Vercel providing baseline TLS/HSTS (max-age=63072000). Google OAuth for sign-in. No MFA beyond Google's own, no security headers beyond Vercel defaults, no pen testing, no security audits. Score reflects only inherited Vercel/Google baseline.
Advertises sensitive tasks ('do your taxes,' 'write contracts and NDAs,' 'compare insurance quotes') with no disclaimers about accuracy, hallucinations, or need for human verification. No approval workflows, undo capability, or AI reliability caveats.
Key Features
- ✓1-minute deployment
- ✓Google sign-in
- ✓One-click setup
- ✓Auto-updates
- ✓Persistent storage
- ✓Claude Opus 4.5, GPT-5.2, Gemini 3 Flash models
Integrations
Strengths
- +Free tier available (limited spots)
- +Google sign-in for easy onboarding
- +Solo founder (Savio Martin) — responsive support
- +Multi-model support (Claude, GPT, Gemini)
Weaknesses
- −Solo founder — bus factor risk
- −No unique features vs competitors
- −Generic security claims
- −Discord/WhatsApp only 'coming soon'
Verdict
Free tier and multi-model choice (Claude, GPT, Gemini). Still a straightforward option for users who value simplicity. Telegram-only for now.