⚠ 42,000+ OpenClaw instances exposed with default configs — CrowdStrike/Trend Micro, March 2026

OpenClaw is the most powerful AI agent platform on the internet. And right now, most people running it are one misconfiguration away from disaster.

Forty-two thousand exposed instances. Twenty percent of ClawHub skills flagged for credential theft. Self-hosting OpenClaw is harder — and riskier — than the tutorials let on. RightClaw gives you a hardened, managed OpenClaw VM in minutes, so you get all the power with none of the exposure.

Get Started — $1 First Month See pricing ↓

Backed by Right Servers — 18+ years of enterprise infrastructure. Canadian-owned. Canadian data. PIPEDA compliant.

rightclaw — openclaw status

$ openclaw status

  ██████╗ ██╗ ██████╗ ██╗  ██╗████████╗ ██████╗██╗      █████╗ ██╗    ██╗
  ██╔══██╗██║██╔════╝ ██║  ██║╚══██╔══╝██╔════╝██║     ██╔══██╗██║    ██║
  ██████╔╝██║██║  ███╗███████║   ██║   ██║     ██║     ███████║██║ █╗ ██║
  ██╔══██╗██║██║   ██║██╔══██║   ██║   ██║     ██║     ██╔══██║██║███╗██║
  ██║  ██║██║╚██████╔╝██║  ██║   ██║   ╚██████╗███████╗██║  ██║╚███╔███╔╝

  RightClaw v2.1.4 — Managed OpenClaw Instance

  ┌─────────────────────────────────────────────┐
  │  Security Status                            │
  ├─────────────────────────────────────────────┤
  │  UFW Firewall       [✓ ACTIVE]             │
  │  fail2ban           [✓ RUNNING]            │
  │  SSH Key-Only Auth  [✓ ENFORCED]           │
  │  Port Randomization [✓ ENABLED]            │
  │  OS Patches         [✓ CURRENT]            │
  │  OpenClaw Version   [✓ LATEST]             │
  ├─────────────────────────────────────────────┤
  │  Agent Status: ● RUNNING                    │
  │  Model: Claude 3.7 Sonnet (your key)     │
  │  Skills loaded: 3 (all vetted)             │
  │  Data residency: Kitchener, ON 🇨🇦          │
  └─────────────────────────────────────────────┘

  Overall: HARDENED ✓

The OpenClaw security crisis is real — and it's happening right now.

OpenClaw went viral for good reason. When Oliver Henry's "Larry" agent hit millions of views doing TikTok automation, everyone wanted in. And they got in — fast, and mostly wrong.

Here's what the data actually shows:

42,000+

OpenClaw instances exposed

Currently exposed to the public internet with default configurations — no firewall rules, default ports, no authentication hardening. Source: CrowdStrike and Trend Micro threat intelligence, March 2026.

1 in 5

ClawHub skills flagged

Skills on ClawHub — the official OpenClaw skill marketplace — were found to contain credential-harvesting code or active reverse shells in the March 2026 security audit. You may have already installed one.

Most tutorials skip the hard part. Getting OpenClaw running on a VPS takes 20 minutes. Getting it secure takes days of reading documentation on UFW, fail2ban, SSH hardening, port management, and update policies — if you know what you're doing. Most people don't. Most tutorials don't tell you that.

This isn't FUD. These are the numbers. And if your OpenClaw instance is processing your email, your client data, your Stripe webhooks — the exposure isn't theoretical. It's your business.

What actually happens when it goes wrong.

When a compromised OpenClaw instance is exploited, the attacker isn't just reading your files. They're reading your agent's files — which means your:

▶

API keys For every service your agent touches: Slack, Gmail, Stripe, Notion, your CRM

▶

Client data Your agent has processed emails, documents, conversations

▶

OAuth tokens Permanent access to your connected accounts — even after you change your password

▶

Business logic Your automations, your workflows, your competitive intelligence

One reverse shell in a ClawHub skill. One open port. One week of your agent running exposed. That's the attack surface. And once the data is out, it's out. You built this agent to work for you. A misconfigured instance hands it — and everything it touches — to someone else.

What RightClaw does differently.

RightClaw is managed OpenClaw hosting built by an infrastructure company that's been running production servers since 2007. We provision a private, VMware-isolated Ubuntu VM for you, harden it before you ever log in, install OpenClaw with a secure configuration, and keep it patched and monitored — so you don't have to become a sysadmin to run a powerful AI agent.

You get the full power of OpenClaw. We take the liability off your plate.

Here's what that looks like in practice:

✓

Security hardened by default

Your VM ships with UFW configured, fail2ban active, SSH key-only authentication, and non-standard port assignments. Your agent starts secure. You don't need to know what any of that means.

✓

Curated, vetted skill recipes

We don't point you at ClawHub. We maintain our own library of audited skill recipes — reviewed for security, tested for functionality. The 20% malware problem is a ClawHub problem, not a RightClaw problem.

✓

Managed updates and patching

OpenClaw updates, OS security patches, and dependency upgrades happen on a managed schedule. You don't get a notification at 11pm asking if you want to reboot. We handle it.

✓

Private VM, not a shared container

Your OpenClaw instance runs on its own dedicated VM. Your neighbours' workloads don't affect your performance, and your data doesn't share memory space with a stranger's agent. This is what "isolated" actually means.

✓

Human support

When something breaks or you want to do something new with your agent, you can talk to a person. Not a bot. Not a knowledge base. A person who knows the product.

✓

Canadian data residency

Your data stays in Canada. Kitchener, Ontario, to be precise. PIPEDA compliant. We don't train AI on your data, share it with third parties, or move it across borders.

What you'd pay to build this yourself.

Let's be honest about what a secure, managed OpenClaw deployment actually costs when you piece it together:

A DevOps engineer to harden your server

Configuring UFW, fail2ban, SSH key auth, port hardening, and a security baseline. Re-engage every time there's an OS update or a new vulnerability.

$450–$1,800 per engagement

RightClaw: included in every plan.

An ongoing managed security retainer

To get the equivalent of "someone is watching this server and patching it," a managed security retainer for a single VPS runs $200–500/month from a competent MSP.

$200–$500/month from a competent MSP

RightClaw Managed: $29.99/month. Total.

A VA to handle your inbox, calendar, and follow-ups

A competent remote VA in North America or Europe costs $3,000–5,000/month. Your RightClaw agent does it 24 hours a day, 7 days a week, without sick days, without onboarding, without severance.

$3,000–$5,000/month for a remote VA

RightClaw Managed: $29.99/month.

A skill audit and vetting process

To audit ClawHub skills yourself — reading source code, testing in a sandbox, verifying network behaviour — you're looking at 2–5 hours per skill if you know what to look for. We've already done it.

2–5 hours per skill, at your hourly rate

RightClaw: included.

VPS hosting + OpenClaw installation

A comparable private Ubuntu VPS on a reputable host: $20–60/month. Add OpenClaw setup time (2–4 hours if you've done it before): $300–600 in your time, once. And that's before any of the hardening above.

$20–$60/month + $300–$600 setup

RightClaw Starter: $9.99/month — fully provisioned, fully configured.

Total realistic cost to replicate RightClaw Managed yourself: $2,000–$7,000 first month, then $200–500/month to maintain.

RightClaw Managed $29.99/mo $1 your first month. The math isn't close.

Who RightClaw is built for.

Pick the profile that fits. Each plan has a right home.

Solopreneurs & small teams

Your 24/7 AI employee. No terminal required.

You didn't start a business to become a sysadmin. You want an agent that handles your inbox, books your meetings, follows up with leads, and never calls in sick — without you touching a command line.

OpenClaw pre-installed and hardened
Curated, audited skill recipes — skip the ClawHub roulette
When something breaks, email us. A human responds.

Start for $1 — Managed Plan →

Agencies & growing teams

Serve twice as many clients without hiring twice as many people.

Your team is maxed out. Your margins are getting squeezed. An AI agent that handles repetitive deliverables — reporting, content, client comms, data wrangling — is the leverage you've been looking for.

One agent per client, or one agent across your whole operation
Managed infrastructure means your team ships, not babysits servers
Scale to Enterprise when you need multi-instance control

Talk to us about Agency plans →

Developers & technical builders

Production-grade OpenClaw infra without the babysitting.

You know what you're doing. You don't want to spend your weekends patching servers and reading UFW documentation. You want a clean, isolated VM with SSH access, a known-good security baseline, and a provider who won't wake you up at 3am.

Full SSH access on all plans. Your VM, your rules.
Managed patching means OS updates happen on schedule, not when you remember
$9.99/month for a hardened private VM beats the DIY alternative on time alone

Get Starter for $1 →

Running OpenClaw for your clients? Let's talk.

MSPs, IT consultancies, and agencies serving 20+ clients have different needs: multi-instance monitoring, white-label options, and a partner who's been in enterprise infrastructure since 2007.

You bring your own AI model. We build the infrastructure around it.

RightClaw doesn't bundle an LLM. You connect your own API key — from Anthropic (Claude), OpenAI (GPT-4o), DeepSeek, Gemini, or any OpenClaw-compatible provider. This is a deliberate choice, and it's better for you in three specific ways:

You control your AI spend.

You pay your LLM provider directly, at their published rates. No markup. No opaque "included credits" that run out. You see exactly what your agent costs to run, and you choose the model that fits your budget and use case.

Your data goes directly to your provider — not through us.

When your agent makes an API call, it goes from your VM to your chosen provider. Right Servers never sees your prompts, your completions, or your context. That's a meaningful privacy difference.

You can switch models without switching platforms.

Want to move from GPT-4o to Claude 3.7 to DeepSeek R2? Change your API key in your config. No migration, no new account, no data transfer. The infrastructure stays the same.

Getting an API key takes about 3 minutes on any major LLM platform. If you get stuck, we have documentation — and humans who can help.

Simple, honest pricing.

No contracts on Starter or Managed. Cancel anytime.

Starter

^$9.99_/mo

$1 your first month

For developers and technical users who want clean infrastructure without the overhead.

Private VMware-isolated VM
Hardened security baseline (UFW, fail2ban, SSH key-only)
Full SSH access
Managed OS security patching
Canadian data residency (Kitchener, ON)
Uptime monitoring
Email support
Curated skill recipe library
Priority support

Get Starter — $1 First Month

⭐ Most Popular

Managed

^$29.99_/mo

$1 your first month

For solopreneurs and agencies who want a working AI agent without touching a terminal.

Everything in Starter
Curated, audited skill recipe library
Ongoing threat monitoring
Priority email support
Human help with agent configuration
Bring your own LLM API key (Claude, GPT-4o, DeepSeek, Gemini)

Get Managed — $1 First Month

Enterprise

Custom

—

For MSPs, agencies, and businesses running OpenClaw at scale.

Everything in Managed
Multi-instance monitoring
White-label options
Dedicated support contact
Onboarding call
SLA
Skill vetting on request

Full feature comparison on our pricing page. No long-term contracts on Starter or Managed. Cancel anytime.
See full pricing →

Straight answers to the questions you're already thinking.

No sales spin. Just honest answers.

I already self-host OpenClaw. Why would I pay for this?

Because self-hosting OpenClaw means you're also self-hosting the security risk, the patching responsibility, and the 3am "something broke" incidents. If your current instance is hardened, patched, and monitored — genuinely, not just "I think it's fine" — then Starter probably isn't for you. But if you set it up with a tutorial and moved on, there's a real chance you're one of the 42,000. RightClaw Starter costs $9.99/month and gives you a known-good baseline. The audit to confirm your current setup is secure will cost you more in time than a year of Starter.

Why do I need my own API key? Isn't that complicated?

Getting an API key from Anthropic, OpenAI, or any major LLM provider takes about 3 minutes — you create an account, add a payment method, and copy a key. The reason we don't bundle an LLM is because you shouldn't want us to. When you use your own key, your prompts go directly to your provider — not through us. You control the cost, the model, and the data flow. It's a feature, not a limitation.

What if I want to cancel?

Cancel anytime. No contracts on Starter or Managed. Log into the portal, click cancel, done. We don't make it difficult. If you cancel mid-cycle, you keep access until the end of your paid period. We'd rather earn your business every month than lock you in.

Is this just another container service?

No. Your OpenClaw instance runs on a dedicated VMware virtual machine — not a shared container, not a namespace on a Kubernetes cluster, not a Docker instance that lives next to a hundred other tenants. Dedicated VM means dedicated resources: memory, CPU, and storage that aren't affected by your neighbours. It also means stronger isolation — your data isn't co-resident with anyone else's workloads at the kernel level. This is the same infrastructure model we've used for enterprise clients since 2007. We know the difference.

How is Right Servers different from the other managed OpenClaw services?

Most of the "managed OpenClaw" services that appeared in the last few months are new companies — some are already listed for sale on Flippa. Right Servers was founded in May 2007 at Wilfrid Laurier University in Waterloo, Ontario. We own hardware. We have data centre relationships built over 18 years. We have 119+ clients who've trusted us with their infrastructure through multiple economic cycles. We're a Canadian company operating under Canadian privacy law. We're not going to disappear when the OpenClaw hype cycle fades. Our business existed long before OpenClaw, and it will exist long after.

About Right Servers.

Right Servers Inc. was founded in May 2007 by a group of students at Wilfrid Laurier University in Waterloo, Ontario. We started by running servers in a data centre before most of our current competitors had a GitHub account.

In the 18+ years since, we've built and managed infrastructure for hundreds of Canadian businesses — from shared hosting to dedicated servers to private cloud deployments. We own our hardware. We have relationships with our data centres. We've been through the dot-com aftermath, the cloud migration wave, and every security incident cycle in between.

We are not a startup. We are not a side project. We are not listed on Flippa.

When OpenClaw went viral and a dozen new "managed hosting" services appeared overnight, we built RightClaw the way we build everything: starting with the security baseline, not bolting it on at the end.

What that means for you:

🇨🇦 Your VM runs in Canadian infrastructure, subject to Canadian privacy law (PIPEDA)

🔒 Your data never crosses the border, never trains an AI model, never gets sold

👤 If something goes wrong, you can talk to a person — one who's been in infrastructure for nearly two decades

📅 When you sign up today, we plan to still be here in five years. And ten.

🏗 Right Servers. Infrastructure you can forget about. In a good way.

50 spots. $1 first month. Your agent starts today.

The launch offer is 50 spots per tier at $1 for your first month. Not a trial. Not a limited feature set. The full product, for $1, for 30 days. When the spots are gone, the price goes to standard. If you've been watching the OpenClaw space and wondering when to get in — this is the moment.

Get Started — $1 First Month Talk to our team →

No contract. Cancel anytime. Canadian infrastructure. Your data stays yours.