OpenClaw is an open-source AI agent runtime that launched in November 2025 and became the most-starred software project on GitHub with over 200,000 stars. It turns AI models into persistent agents that work across 20+ messaging platforms (WhatsApp, Slack, Telegram, Discord, Teams, and more), connect to any LLM provider (Claude, GPT, Gemini), and execute real tasks through thousands of skills.

Yes, OpenClaw is free and open-source under the MIT license. There are no licensing fees or subscription costs for the software itself. However, you need infrastructure to run it (a server or hosting provider) and you pay for LLM API usage separately, depending on your provider and volume.

What can OpenClaw do?

OpenClaw can draft documents, manage communications across messaging platforms, run web research, execute shell commands, manage calendars and email, connect to tools like GitHub, Notion, and Jira, and learn from your corrections over time. It works 24/7 and maintains persistent memory across conversations.

The Platform

OpenClaw, Without the Ops

OpenClaw is the most-starred software project on GitHub, surpassing 300K+ stars in its first four months. It turns AI models into agents that do real work: draft documents, manage communications, run research, execute workflows. Every vessel runs OpenClaw. Vessel manages the infrastructure so you never have to.

What OpenClaw is

OpenClaw is an open-source AI agent runtime. Launched in November 2025, it hit 100,000 GitHub stars in its first ten weeks and surpassed React to become the most-starred software project on GitHub. That adoption happened because it works: persistent agents that connect to your messaging platforms, remember context, and get better as you correct them.

It's not a chatbot. It's an agent runtime: a persistent process that connects to your tools and your LLM provider of choice. It executes multi-step tasks autonomously. All data is stored as plain files on disk, not in a proprietary database.

20+ messaging platforms

Slack, WhatsApp, Telegram, Discord, Microsoft Teams, Google Chat, Signal, iMessage, and more. All run simultaneously with shared memory.

Any LLM provider

Anthropic (Claude Opus 4.6, Sonnet 4.5, Haiku 4.5), OpenAI (GPT-4.1, 4.1 Mini, 4.1 Nano), Google (Gemini 2.5 Pro, 2.0 Flash), or use OpenRouter for access to all of the above and more. Switch providers any time. No vendor lock-in.

Thousands of skills

Connect to Gmail, GitHub, Google Calendar, Notion, Jira, and hundreds of other services via community-built skills and MCP integrations.

Plain-file storage

Conversations, memory, and configuration stored as Markdown and YAML. Human-readable. Portable. No proprietary formats.

What your agent can do out of the box

Every vessel ships with built-in tools that work immediately. No plugins to install, no extensions to configure. Your agent can read and write files, browse the web, remember context across conversations, and run scheduled tasks from the moment it boots.

Built-in tools (ready to use, no setup)

Read & write files

Create, read, and edit documents in the agent's workspace. Markdown, YAML, plain text, whatever you need.

Run commands

Execute shell scripts, install packages, run code. The agent has a full Linux environment at its disposal.

Browse the web

Open pages, take screenshots, interact with sites via Playwright. Full browser automation, not just URL fetching.

Fetch web content

Download and parse web pages for research, monitoring, or data extraction. Works alongside the full browser when needed.

Persistent memory

Remember context across conversations. Corrections stick. Preferences accumulate. The agent gets sharper over time.

Scheduled tasks

Set up recurring jobs: check emails every morning, generate weekly reports, monitor a webpage for changes.

Optional capabilities (need an API key)

Web search

Search the internet for current information. Bring your own Brave Search or Perplexity API key and the agent can find answers beyond its training data.

Text-to-speech

Have the agent read text aloud using ElevenLabs. Useful for accessibility, audio summaries, or hands-free workflows.

Messaging channels (20+ platforms)

Your agent connects to the platforms you already use. All channels run simultaneously with shared memory, so the agent has the same context whether you message it on WhatsApp or Slack.

Connect with a QR code scan. No API account needed.

Create a bot via BotFather. Paste the token.

Discord

Create a bot at discord.com/developers. Add to your server.

Slack

Install as a Slack app. Works in channels and DMs.

Plus Microsoft Teams, Google Chat, Signal, email, and many more. All running simultaneously with shared context.

Why open source matters for your work

You probably don't care about MIT licenses. But you do care about what happens when a vendor shuts down, raises prices, or changes terms. Open source means the code running your agent is publicly inspectable by anyone. It's maintained by a large open-source community under the MIT license, and can't be pulled out from under you.

Compare that to proprietary agent platforms where you can't see what the code does with your data, can't verify security claims, and can't leave without losing everything. OpenClaw's data is plain files. If you ever want to move, you copy a folder.

300K+

GitHub stars

#1 software project on GitHub

MIT

License

Free, open, no lock-in

20+

Messaging platforms

Slack, WhatsApp, Teams, and more

Powerful tool. Serious deployment problem.

OpenClaw is powerful enough that developers build complex agent systems with it. But power comes with operational complexity. Setting it up properly requires Docker, VM management, networking, authentication configuration, SSL certificates, and ongoing maintenance. Most knowledge workers shouldn't need to know what any of those words mean.

And when the deployment is done poorly, the consequences are real. CrowdStrike published a detailed security analysis of OpenClaw deployments. The findings were sobering.

135K+

OpenClaw instances found exposed to the internet with no authentication

Source: Bitdefender, February 2026

12%

of community-built extensions found to be malicious in security audits

Source: CrowdStrike, 2026

This isn't OpenClaw's fault. It's what happens when a powerful developer tool gets deployed without security expertise. The same thing happened with Redis, MongoDB, and Elasticsearch before it. Powerful tools need proper deployment.

The people who benefit most from AI agents are professionals whose time is too valuable to spend on DevOps. Lawyers reviewing contracts. Consultants building deliverables. Marketing strategists running campaigns. They need the agent, not the ops.

22% of organizations already have employees running OpenClaw without IT approval. Shadow AI is here. The question is whether it's deployed safely.
Source: VentureBeat

NVIDIA recognized the same gap. Their open-source NemoClaw project adds a kernel-level sandbox layer to self-hosted OpenClaw deployments: deny-by-default network policies, filesystem restrictions, and process isolation. Vessel takes a different approach. Rather than sandboxing OpenClaw on a shared machine, each vessel runs on its own dedicated virtual machine. A hardware boundary, not a process boundary.

What “without the Ops” actually means

Every vessel is a dedicated virtual machine on Google Cloud with OpenClaw pre-configured and running. No Docker setup. No networking. No security configuration. You provision a vessel from the dashboard and your agent is running in minutes.

Task	Self-hosted	Vessel
Provision a server	You	Managed
Install & configure OpenClaw	You	Managed
Set up networking & tunnels	You	Managed
Configure authentication	You	Managed
Manage SSL certificates	You	Managed
Monitor health & auto-restart	You	Managed
Apply updates	You	Managed
Security hardening	You	Managed
Choose your LLM provider	You	You
Train the agent on your work	You	You

Behind the scenes, each vessel runs a sidecar process that monitors your agent's health, restarts it if it crashes, applies daily updates, tracks resource usage, and alerts on failures. You don't see any of this. Your agent just works.

Your data stays on your dedicated VM. No public IPs. No SSH. Inbound access only through encrypted Cloudflare Tunnels. The infrastructure isolation that matters for professionals handling sensitive work.

Inside your vessel

When you provision a vessel, here's what happens: a dedicated GCP virtual machine spins up, OpenClaw starts on your VM, a private encrypted tunnel connects it to the internet, and your access token is generated. The whole process takes minutes.

Your vessel / architecture

YoursManaged

Your AI Agent (OpenClaw)memory, skills, conversations, your corrections

Health Sidecarauto-restart, daily updates, monitoring

Dedicated VM (GCP e2-standard-2)own kernel, own disk, own network

Cloudflare Tunnelencrypted, no public IP, no inbound ports

LLM API calls (your provider, your key, no training)

Built for people who do the work, not the ops

Vessel isn't for developers who want to tinker with agent infrastructure. It's for professionals who need AI agents to get their work done: lawyers who need contract review, consultants who need research synthesis, marketers who need campaign execution, financial advisors who need compliance monitoring. Knowledge workers whose time is spent on expertise, not on keeping servers running.

If you can use Slack, you can use a vessel. The agent handles execution. You handle judgment.

Draft and review

Contracts, briefs, reports, proposals. The agent drafts in your voice; you review and correct. Corrections stick.

Research and synthesis

Gather information across sources, summarize findings, prepare briefings. Hours of work compressed into minutes.

Communication management

Email triage, client updates, follow-ups. The agent drafts; you approve. Spend less time on inbox management, more on the work that matters.

Workflow automation

Connect to your tools via Slack, email, or direct integrations. The agent executes repeatable tasks so you can focus on the work that requires your expertise.

Your agent handles sensitive work. It should run like it.

AI agents process client data, draft confidential documents, and access your accounts. An agent with the wrong security configuration isn't just a technical problem. It's a liability. 135,000 OpenClaw instances were found exposed to the internet with no authentication. That's not a hypothetical risk.

Every vessel runs on a dedicated virtual machine with its own kernel, no public IP, no open ports, and no access from other tenants. Inbound traffic goes through encrypted Cloudflare Tunnels. The infrastructure is hardened before your agent ever boots. Health monitoring, automatic restarts, daily updates, security patches: all handled, all the time.

You don't need to think about whether your agent is secure. You don't need to wonder if it crashed overnight, or if an update broke something, or if someone found an open port. That's what we do. See how provisioning works, then focus on the work the agent is doing for you.

Your expertise is too valuable to risk on misconfigured infrastructure. Vessel handles the security so you can trust the agent with real work.

Already running OpenClaw? Audit your instance for free or generate a hardened config.