OpenClaw is an open-source AI agent that connects to your chat apps and acts on your behalf. It went from 9,000 to over 200,000 GitHub stars in a matter of weeks. Security researchers have already found over 135,000 instances sitting wide open on the internet.

Getting OpenClaw to run is easy. Getting it to run well is a different problem. This guide covers every option, what each one actually costs, and which trade-offs matter.

What OpenClaw needs

Before picking a deployment method, it helps to know what you are working with.

OpenClaw is a Node.js application that runs as a persistent background process. It connects to one or more messaging channels (Telegram, Discord, WhatsApp, and others), routes messages through an LLM, and takes actions through skills and integrations. The core loop is: receive a message, reason about what to do, act, observe the result, repeat.

Minimum requirements:

  • 2 vCPU, 2 GB RAM for basic usage
  • 4 vCPU, 4-8 GB RAM for production with browser automation
  • An API key for at least one LLM provider (Anthropic, OpenAI, Google, Fireworks, or any OpenAI-compatible endpoint)
  • Persistent storage for workspace data, memory files, and conversation history
  • A bot token for your messaging channel of choice

RAM matters more than CPU. If an OpenClaw instance runs out of memory, it does not degrade gracefully. It crashes.

Option 1: Just install it

The fastest way to try OpenClaw. The official one-liner detects your OS, installs Node if needed, and launches the onboarding wizard. Or if you already have Node 22+:

npm install -g openclaw@latest
openclaw onboard --install-daemon

The wizard walks you through API keys, channel tokens, and gateway auth. The --install-daemon flag installs a background service (launchd on macOS, systemd on Linux) so OpenClaw keeps running after you close the terminal.

This is how most people start. No Docker, no servers, no configuration files. You are chatting with your agent within minutes.

The downside is the same as running anything on your daily machine. Your agent stops when your laptop sleeps or restarts. OpenClaw has shell access by design, so it can reach everything your user account can reach. And there is no network isolation between your agent and the rest of your system.

Good for: Trying OpenClaw, learning how it works, short experiments.

Not good for: Anything you want running when you are not actively watching it.

Cost: $0 (plus LLM API costs).

Option 2: Docker

Docker adds a layer of isolation. OpenClaw runs inside a container with its own filesystem, and you control exactly which directories and ports it can access. The official Docker image works on any machine with Docker installed.

This is better than a bare install for security. The agent cannot reach your browser profiles, SSH keys, or system files unless you explicitly mount them. But it still runs on your machine, so uptime depends on your laptop staying open and Docker Desktop not deciding to update.

Good for: Local development with better isolation, testing configurations before deploying elsewhere.

Not good for: Always-on agents. Same uptime limitations as Option 1.

Cost: $0 (plus LLM API costs).

Option 3: Dedicated hardware

The Mac Mini as an always-on OpenClaw server has become a popular setup. Apple Silicon sips power (under 10W idle), runs silent, and macOS handles sleep/wake well for headless operation. The unified memory architecture also helps if you want to run local models through Ollama alongside OpenClaw.

Recommended configurations:

  • Mac Mini M2 (8 GB) works fine for cloud-only models (Anthropic, OpenAI, Google)
  • Mac Mini M4 (16-32 GB) if you want to run local models (7B-34B parameters) alongside OpenClaw
  • An HDMI dummy plug ($8-10) is recommended for headless operation. Without it, macOS can break screen recording permissions and GUI rendering.

The same approach works with any small form factor PC or home server. The Mac Mini just happens to hit a sweet spot of power efficiency, silence, and iMessage integration that no Linux box offers.

The trade-off is that you still own all the security and maintenance responsibilities. You patch it, you monitor it, you back it up.

Good for: People who want a dedicated always-on agent they physically control, iMessage integration, local model inference.

Not good for: People who do not want to maintain another machine. Also not ideal if you need remote access from outside your home network without additional tooling (Tailscale, Cloudflare Tunnel, etc.).

Cost: $500-800 one-time for the hardware, plus electricity (~$2-5/month), plus LLM API costs.

Option 4: VPS

Rent a VPS from DigitalOcean, Hetzner, Contabo, or Hostinger. Install OpenClaw directly or pull the Docker image. Configure your API keys and channels. Set up a systemd service or Docker restart policy to keep it running.

It works. Thousands of people run OpenClaw this way. But it comes with a list of responsibilities that grows over time.

What you need to handle yourself:

  • TLS and reverse proxy. If you want to access the OpenClaw web interface remotely, you need a domain, a reverse proxy (nginx or Caddy), and SSL certificates. Let’s Encrypt is free but needs auto-renewal configured correctly. A misconfigured proxy is how most of those 135,000 exposed instances happened.
  • Authentication. OpenClaw ships with authentication disabled by default. If you expose port 18789 without adding auth, anyone can access your agent, and everything it has access to.
  • Security patches. OpenClaw had six vulnerabilities in a single disclosure in early February 2026, including CVE-2026-25253 (one-click remote code execution, CVSS 8.8). Each patch means pulling the new image, testing it, and restarting your container. Miss one and you are exposed.
  • Monitoring. No built-in health checks. If your agent crashes at 3 AM, you find out when you notice it stopped responding.
  • Backups. No built-in backup system. The workspace directory (~/.openclaw) holds your agent’s memory, skills, and configuration. Lose it and your agent starts over from scratch.
  • Cost control. This is the one people learn the hard way. A misconfigured agent loop can send hundreds of API calls per minute. Community members have reported overnight bills of $200 or more from runaway loops. There are no built-in guardrails.

Good for: People who are comfortable with Linux administration, want full control, and are willing to invest the ongoing maintenance time.

Not good for: People who just want a working agent without the ops work.

Cost: $5-24/month for the VPS, plus $20-80/month in LLM API costs, plus your time (estimated 2-8 hours initial setup, 1-4 hours per month ongoing).

Option 5: Kubernetes

If you are running multiple agents, need strong isolation between them, or want proper production infrastructure, Kubernetes is the right tool.

Kubernetes gives you everything a VPS does not: automated restarts, resource limits, network isolation, rolling updates, health probes, and scheduling. The trade-off is complexity. Setting up a Kubernetes cluster from scratch is a significant investment, and managing one is a skill set of its own.

We open-sourced a Kubernetes operator specifically for OpenClaw. It turns a single YAML file into a fully secured deployment: StatefulSet, NetworkPolicy, ServiceAccount, PVC, PDB, ConfigMap, health probes, gateway auth, and drift reconciliation. Every agent runs as UID 1000, all Linux capabilities dropped, seccomp enabled, read-only root filesystem, default-deny egress.

I wrote a full deployment guide if you want to go this route.

Good for: Teams, multi-agent setups, people who already have a Kubernetes cluster, and anyone who needs strong security guarantees.

Not good for: People unfamiliar with Kubernetes. The learning curve is real, and debugging a failing pod is harder than debugging a Docker container.

Cost: Depends on your cluster. A minimal k3s setup on a single VPS starts at around $15/month. A proper multi-node cluster on a cloud provider runs $50-200/month before API costs.

Option 6: Managed hosting

Managed hosting means someone else handles the infrastructure, security, updates, monitoring, and uptime. You sign up, connect a channel, and your agent is live. No servers to manage, no patches to apply, no 3 AM crashes to debug.

Several managed OpenClaw hosting services have launched since January 2026, with prices ranging from around $18 to $49/month.

We built OpenClaw.rocks because we think the security and operations burden of self-hosting is the biggest barrier to OpenClaw adoption. I am biased here, obviously. But I also think the comparison should be honest.

What you give up with managed hosting:

  • Full root access to the underlying system
  • The ability to run arbitrary system-level modifications
  • The lowest possible price (a $5 VPS is cheaper than any managed service)

What you get:

  • No security patching. When a CVE drops, the hosting provider handles it.
  • No monitoring setup. Health checks, restarts, and alerting are built in.
  • No TLS configuration. HTTPS works out of the box.
  • No authentication headaches. Access control is handled.
  • Updates without downtime. New OpenClaw versions roll out automatically.

Good for: Anyone who wants a working agent without the infrastructure work. Also good for people who tried self-hosting and got tired of maintaining it.

Not good for: People who need full system-level control or who want to spend the absolute minimum.

Cost: $18-49/month depending on the provider, plus LLM API costs (unless included in the plan).

The security question

This deserves its own section because it is the single biggest factor in choosing how to run OpenClaw.

OpenClaw was designed to run on localhost. The security model assumed you would access it from the same machine. Then it went viral, and hundreds of thousands of people exposed it to the internet.

The numbers are stark:

An unsecured OpenClaw instance is not just a data leak. It is a proxy that can act as you: send messages in your name, access your accounts, spend your money, and execute code on your server.

If you self-host, you need to take security seriously: enable authentication, set up a reverse proxy with TLS, restrict network access, keep the image updated, and audit any third-party skills before installing them. The Adversa AI hardening guide is a good starting point. We wrote a full breakdown of the OpenClaw security crisis with a practical checklist and an explanation of why static gateway tokens are not enough.

If you use managed hosting, these are someone else’s problem. That is the core value proposition.

Cost comparison

Here is a realistic breakdown for running a single always-on OpenClaw agent:

Dedicated hardwareSelf-hosted (VPS/K8s)Managed hosting
Infrastructure$500-800 once$5-200/mo$18-49/mo
LLM API costs$20-80/mo$20-80/mo$20-80/mo (or included)
Domain + TLSN/A (local)~$1/moIncluded
Setup time1-3 hours2-20 hoursMinutes
Ongoing maintenance1-2 hours/mo1-6 hours/moNone
Security patchingManualManualAutomatic

The time investment is the hidden cost. Every hour you spend debugging a Docker networking issue, renewing an SSL certificate, or applying a security patch is an hour you could spend on something else. For some people, that tinkering is the point. For others, it is a tax.

Which is right for you?

There is no single “best way.” It depends on what you value.

Just want to try OpenClaw? Install it on your machine with the one-liner. Zero cost, zero commitment. You will know within an hour whether it is useful to you.

Want a dedicated always-on setup you physically control? A Mac Mini or home server gets you there. Add Docker for isolation if you want a safety net between OpenClaw and the rest of your system.

Want full control on remote infrastructure? Self-host on a VPS. Use our Kubernetes deployment guide if you want proper isolation and security defaults. Either way, read the security hardening guides before exposing anything to the internet.

Want an agent that just works, stays online, and stays secure? Use managed hosting. OpenClaw.rocks gets you from zero to a running agent in under a minute, with security handled, updates automated, and everything running on EU infrastructure.

The best way to run OpenClaw is whichever way lets you focus on what the agent actually does for you, instead of how it runs.

Want the basics first? Read our FAQ on what OpenClaw is and what it can do.

Ready to try it? Get started at OpenClaw.rocks or explore the open-source Kubernetes operator if you prefer to run your own infrastructure.