What is the best way to host OpenClaw?

It depends on your use case. For experimentation, your laptop works. For tinkerers who want physical control, a dedicated Mac Mini is popular. For technical users who want full control, a cloud VPS is the most common option. For professionals handling client data, financial information, or legal work, managed hosting on a dedicated VM provides security hardening, encrypted tunnels, and no infrastructure maintenance.

What are the server requirements for OpenClaw?

OpenClaw requires a minimum of 4 GB RAM (8 GB recommended for production), 1-2 vCPU cores (2+ recommended), and 30+ GB of SSD storage. A Linux server with Docker is the standard deployment method. GPU is not required when using external LLM APIs like Claude, GPT, or Gemini.

How much does it cost to host OpenClaw?

A cheap VPS covers the server cost. LLM API usage is extra, depending on your provider and volume. But the real cost is time: setup, security hardening, CVE monitoring, updates, TLS renewal, and ongoing maintenance. Most professionals find the operational burden exceeds the hosting savings. Managed hosting eliminates that overhead at a higher base cost.

Hosting

Where Should You Run OpenClaw?

OpenClaw is free, open-source, and runs anywhere with Docker. That flexibility is its greatest strength and its biggest risk. Your laptop, a Mac Mini, a cheap VPS, a dedicated cloud VM: each option involves real tradeoffs in security, cost, and ongoing maintenance. This guide covers them honestly.

This isn't a WordPress blog

OpenClaw operates with the same level of access you have on the machine it runs on. It can execute shell commands, read files (including SSH keys and browser cookies), send messages through your connected accounts, and install software. A single prompt injection (a malicious instruction hidden in an email, a webpage, or a chat message) can turn all of that access against you.

This isn't theoretical. The ClawJacked attack let any website take over your agent through the browser. The ClawHavoc supply chain attack found 824+ malicious skills on ClawHub. The hosting decision isn't about performance. It's about blast radius. Scan a skill before you install it.

Four ways to host OpenClaw

Your laptop or desktop

High risk

The fastest way to try OpenClaw. Install Docker, run the setup script, you're live in minutes. But the agent shares your machine, your network, your files, and your credentials. If it gets compromised, the attacker has everything you have.

The default config is localhost-only, but the common Docker setup ( -p 18789:18789 ) binds to 0.0.0.0, making it reachable by every device on your network. Security researchers consistently recommend against running it on your primary machine.

Good for:Quick testing, exploration, non-sensitive use

Watch out:Shares your files, network, and credentials

Dedicated hardware (Mac Mini, old laptop)

Moderate risk

A popular choice in the OpenClaw community. A dedicated Mac Mini running nothing but OpenClaw isolates the agent from your personal data. If compromised, the blast radius is limited to that machine.

The tradeoffs: you need to configure firewall rules, TLS, loopback binding, and a non-admin user account . You're responsible for software updates, uptime, and power. If you want remote access, you need a tunnel or VPN, which is more configuration. And you need something to run it on. A Mac Mini M4 starts at $500.

Good for:Tinkerers who want physical control and local LLMs

Watch out:Upfront cost, manual security, no remote access by default

Cloud VPS

Moderate risk

The most common choice. Rent a cheap Linux VPS, install Docker, run OpenClaw. Some providers offer one-click templates that skip the Docker setup. Good isolation from your personal machine. Always-on. Remote access by default.

The gap: you still own the security configuration. Firewall rules, TLS certificates, reverse proxy, SSH hardening (Fail2Ban, key-only auth), keeping OpenClaw updated as CVEs drop. The monthly sticker price is cheap, but the real cost is your time: setup, hardening, monitoring, and incident response add up fast.

Most VPS OpenClaw hosting runs in Docker containers. Containers share the host kernel. Known container escape vulnerabilities (CVE-2024-21626) have demonstrated that container isolation isn't equivalent to VM isolation.

Good for:Technical users comfortable with Linux sysadmin

Watch out:Security is your responsibility, time cost adds up

Managed hosting on a dedicated VM

Hardened by default

This is what Vessel does. Each agent runs on its own dedicated GCP VM (e2-standard-2: 2 vCPU, 8 GB RAM, 30 GB SSD) with its own kernel, its own memory, and its own disk. Not a container on a shared VPS. A full virtual machine with hypervisor-level isolation.

No public IP. No exposed ports. No SSH. Inbound traffic routes through an encrypted Cloudflare Tunnel. Secrets managed in GCP Secret Manager with scoped IAM. Health checks every five minutes, auto-restart on crash, security-hardened by default.

You bring your LLM API key and your expertise. Vessel handles the infrastructure, the security hardening, and the ongoing operations. Provision takes about two minutes.

Good for:Professionals who need it to work and stay secure

Tradeoff:Less low-level control than self-hosting

What self-hosting actually involves

The initial setup is the easy part. The ongoing work is what most guides don't cover. Here's what you're signing up for if you self-host OpenClaw on a VPS or dedicated machine:

Day one

Provision server, install Docker
Configure OpenClaw (YAML/Markdown config files)
Set up reverse proxy (Nginx/Caddy) with TLS
Configure firewall (UFW/iptables)
Harden SSH (key-only, Fail2Ban)
Set loopback binding, enable auth
Connect LLM provider, messaging channels

Every month after

Pull and apply OpenClaw updates
Monitor security advisories (255+ and counting)
Rotate API keys and gateway tokens
Renew TLS certificates (90-day cycle)
Review and apply OS security patches
Monitor uptime and restart on crashes
Back up Docker volumes and config

Self-hosting OpenClaw is like self-hosting email. You can. Some people should. But for most professionals, the time spent maintaining infrastructure is time not spent on the work that actually pays.

OpenClaw server requirements

Whether you self-host or use Vessel, OpenClaw needs real resources. It's running a Docker stack, maintaining persistent connections to messaging platforms, and processing LLM responses concurrently.

4-8 GB

RAM

4 GB minimum, 8 GB recommended for production

2 vCPU

Processing

1 vCPU works for testing, 2+ for real workloads

30+ GB

Storage

NVMe SSD preferred, with log retention discipline

GPU is not required when using external LLM APIs (Anthropic, OpenAI, Google). Only needed if running local models via Ollama. Vessel provisions each agent on a GCP e2-standard-2 (2 vCPU, 8 GB RAM, 30 GB SSD).

The security picture

OpenClaw has had 255+ security advisories and 14 assigned CVEs. Two critical: CVE-2026-25253 (1-click RCE via gateway token exfiltration, CVSS 8.8) and CVE-2026-28446 (pre-auth voice RCE, CVSS 9.8). Over 300,000 instances sit exposed on the public internet with no authentication, confirmed independently by Bitsight, SecurityScorecard, and Censys.

This matters for the hosting decision because the default configuration is insecure, and most users don't change it. Port 18789 open to the internet. No TLS. No access layer. The gateway token brute-forceable from the local network. If you self-host, hardening is your job. If you use managed hosting, it should be your provider's.

For the full threat analysis, read our security architecture overview. If you're already running OpenClaw, you can audit your instance for free or generate a hardened config.

What you're hosting

OpenClaw isn't a chatbot. It's a persistent AI agent runtime that works across your tools and messaging platforms, 24/7. It executes tasks, manages communications, runs research, and learns from every correction you make.

20+ messaging platforms

WhatsApp, Slack, Telegram, Discord, Microsoft Teams, Google Chat, Signal, iMessage, and more. All simultaneously.

Any LLM provider

Anthropic (Claude), OpenAI (GPT), Google (Gemini), or OpenRouter for access to all of them. Switch any time.

Thousands of skills

Gmail, GitHub, Calendar, Notion, Jira, and hundreds more via community skills and MCP integrations.

Persistent memory

Your agent remembers every conversation, every correction, every preference. It compounds over time, not resets.

For the full picture on what OpenClaw is and how it works, read our OpenClaw overview.

Choosing the right option

There's no universally right answer. It depends on what your agent touches.

You want to experiment with OpenClaw for personal use

Your laptop is fine. Use loopback binding, enable auth, don't connect anything sensitive.

You want a permanent agent and enjoy tinkering with hardware

A dedicated Mac Mini or old laptop works well. Budget time for security hardening and ongoing maintenance.

You're technical and want full control over the server

A VPS from a reputable provider. Factor in the real time cost of security maintenance, not just the monthly fee.

Your agent handles client data, financial info, or legal work

Managed hosting on a dedicated VM. The infrastructure matters when the stakes are real.

If your work involves financial data, client-privileged communications, or brand strategy across channels, the infrastructure your agent runs on isn't a commodity choice. It's a professional one. Read more about who owns your agent's knowledge.

Your agent proposes. You decide. Regardless of where you host OpenClaw, you are responsible for reviewing its output and the decisions you make based on it.