Is OpenClaw free to self-host?

The software is open source and free. Your costs are server (~$4-25/month depending on provider and spec), LLM API usage ($5-50/month depending on how actively you use it), and your time for setup and maintenance. The community estimates $10K-20K/year in developer operations overhead for production-quality self-hosted deployments — that number is about time cost, not software cost.

How do I apply the CVE-2026-25253 security patch?

Run `openclaw update` and verify you are on version 2026.2.8 or later with `openclaw --version`. For Docker: `docker compose pull && docker compose up -d --force-recreate`. The patch addresses a prompt injection vulnerability that allows malicious content in processed documents to inject instructions into the agent's context.

How often does OpenClaw have breaking changes?

1-2 times per month, based on the release history and community reports. The most common breakages after an upgrade are config schema changes (fixed by `openclaw doctor --fix`), renamed or removed skill APIs (requires manual skill code updates), and `tools.profile` resetting to `messaging` (strips permissions from the agent). Budget 20 minutes per upgrade including backup.

Can I migrate from OpenClaw to Hermes Agent without losing my data?

Hermes has a built-in migration tool: `hermes claw migrate`. It migrates config files, memory, skills, and environment variables from an existing OpenClaw installation. Not everything transfers perfectly — some OpenClaw-specific skill formats require manual adjustment — but the core migration (config, memories, API keys) is automated. The process typically takes 30-60 minutes including verification.

What is the difference between OpenClaw and Hermes Agent?

Both are persistent AI agent frameworks with messaging gateways, skills/tools systems, and persistent memory. Key differences: OpenClaw has a larger community and more third-party skills; Hermes has a built-in learning loop (creates and improves skills from experience), a more stable release cadence, MIT license, and a managed hosting option (Hermes OS). OpenClaw has CVE-2026-25253; Hermes's security advisory history is documented on the NousResearch GitHub.

Is there a way to get OpenClaw-equivalent functionality without the self-hosting maintenance overhead?

ClawHost and Blink Claw host OpenClaw directly. Hermes OS hosts Hermes Agent — same architecture as OpenClaw, with a built-in `hermes claw migrate` tool to import your existing data. It covers Docker setup, updates, Telegram gateway, web interface, and persistent memory in one click. Pick whichever matches your current setup.

How to self-host OpenClaw: complete setup guide (2026)

Before you start: what you are actually signing up for

OpenClaw releases 1-2 major point releases per month and frequently introduces breaking changes. The community estimates $10,000-$20,000 per year in developer operations overhead for self-hosted instances managed at a production quality level — largely driven by the time cost of keeping up with updates, handling schema migrations, and rewriting custom skills when API surfaces change.

For running personal workflows or experimenting: the DIY route is fine. For anything business-critical or requiring 24/7 reliability: the upgrade overhead is real. The community-maintained r/openclaw subreddit is full of threads about breaking changes that went unannounced. Several managed OpenClaw hosting options exist — ClawHost, Blink Claw, and Zeabur — and this guide covers when they make sense.

There is also a third option: Hermes Agent. The architecture is the same as OpenClaw — persistent AI agent, messaging gateway, skills/tools system — but Hermes has a different philosophy about breaking changes and ships a built-in migration tool (hermes claw migrate) for OpenClaw users. Hermes OS is managed Hermes hosting with one-click deployment. Check it out before committing 4 hours to a self-hosted OpenClaw setup, especially if stability is the deciding factor.

System requirements

Minimum for OpenClaw: 2 vCPU, 4GB RAM, 20GB SSD, Ubuntu 22.04 or 24.04. The Docker install method adds some overhead compared to native install but is more portable and easier to upgrade. If you are running on a machine with 2GB RAM, expect OOM errors on complex agent tasks.

Recommended: 4 vCPU, 8GB RAM, 40GB SSD. Run on a dedicated VPS rather than alongside other services — OpenClaw's Docker daemon and multi-container setup competes for memory. Hetzner CX22 (€3.99/month, 4GB RAM) or Hetzner CX32 (€7.49/month, 8GB RAM) are the community-recommended budget options.

Node.js 22 LTS or later is required. pnpm is the recommended package manager (npm and bun work but the official docs use pnpm). Docker and Docker Compose are required for the containerized install. Git is required for the source install method.

Installation: the fastest method (shell installer)

OpenClaw provides a shell installer for Linux and macOS:

curl -fsSL https://openclaw.ai/install.sh | bash

This installs the openclaw CLI, sets up the ~/.openclaw/ configuration directory, and handles the Node.js dependency check. After it completes:

source ~/.bashrc
openclaw --version
openclaw doctor

openclaw doctor checks your environment. Fix anything it flags before continuing — common issues are the wrong Node.js version and missing pnpm.

Run the setup wizard:

openclaw setup

This will prompt you for your LLM provider, create the main configuration file at ~/.openclaw/openclaw.json, and guide you through initial configuration. The config file uses JSON — any syntax error in it will prevent OpenClaw from starting with a cryptic error message. Use openclaw config validate to check it after any manual edits.

Installation: Docker method (recommended for production)

The Docker method is more reproducible and easier to roll back if an update breaks something. You need Docker and Docker Compose installed first (see the Hermes guide for the official Docker install commands — the process is identical).

Create a directory for your OpenClaw data:

mkdir -p ~/openclaw-data
cd ~/openclaw-data

Create a docker-compose.yml:

version: '3.8'
services:
  openclaw-gateway:
    image: ghcr.io/openclaw/openclaw:latest
    restart: unless-stopped
    volumes:
      - ./data:/home/openclaw/.openclaw
    env_file:
      - .env
    ports:
      - "3000:3000"

Create your .env file with your LLM API key:

OPENROUTER_API_KEY=sk-or-v1-your-key-here
ANTHROPIC_API_KEY=sk-ant-your-key-here  # if using Anthropic directly

Start the container:

docker compose up -d
docker compose logs -f openclaw-gateway

You should see the gateway start and connect to your configured LLM provider. If you see connection errors, check the env file — missing or malformed API keys are the overwhelmingly most common cause.

Important for Docker upgrades: OpenClaw skills and configuration must be in the mounted volume (./data), not inside the container image. If you bake skills into the image layer they will be lost on every rebuild. Verify your volume mount is correct with:

docker inspect openclaw-gateway | grep -A 5 Mounts

LLM provider and model configuration

OpenClaw supports OpenAI, Anthropic, OpenRouter, and local models via Ollama. OpenRouter is recommended for getting started — one key covers 300+ models:

openclaw config set llm.provider openrouter
openclaw config set llm.apiKey sk-or-v1-your-key
openclaw config set llm.model anthropic/claude-sonnet-4
openclaw config validate

Test the LLM connection:

openclaw -m 'What is 2+2?'

For local models via Ollama (runs 100% on your server — no API costs, no data sent externally):

openclaw config set llm.provider ollama
openclaw config set llm.model llama3.2:8b
openclaw config set llm.baseUrl http://localhost:11434

Note: Ollama requires a server with at least 8GB RAM for 7B models, 16GB for 13B. Your VPS spec determines which local models you can run.

Messaging gateway: Telegram setup

OpenClaw supports Telegram as the primary interaction channel for most users. Create a bot via @BotFather in Telegram (/newbot, follow prompts, copy the token). Get your user ID via @userinfobot.

Add the credentials:

openclaw config set messaging.telegram.enabled true
openclaw config set messaging.telegram.botToken YOUR-BOT-TOKEN
openclaw config set messaging.telegram.allowedUsers YOUR-USER-ID

allowedUsers is your security whitelist. Without it, anyone who knows your bot's username can send it commands. This is a critical setting.

The pairing approval flow: by default, new users who message your bot must go through an approval flow before the bot processes their messages. To approve a new user:

openclaw pairing approve

This is a deliberate security feature — disable it at your own risk. Anyone with access to your Telegram account (or who can social-engineer you into approving them) can command the agent.

Start the gateway and verify it works:

openclaw gateway

Send a test message from Telegram. Press Ctrl+C once confirmed, then install as a system service.

Running as a persistent service

Install the systemd service (non-Docker installation):

openclaw gateway install
systemctl --user enable openclaw-gateway
systemctl --user start openclaw-gateway
systemctl --user status openclaw-gateway

If it fails to start after reboot:

loginctl enable-linger $USER

For the Docker installation, Docker Compose's restart: unless-stopped handles this automatically. Verify:

docker compose ps

Monitor logs:

journalctl --user -u openclaw-gateway -f  # native
docker compose logs -f openclaw-gateway    # Docker

Security: what you need to know about CVE-2026-25253

CVE-2026-25253 is a prompt injection vulnerability affecting OpenClaw before version 2026.2.8. The vulnerability allows malicious content in processed documents or web pages to inject instructions into the agent's context, potentially causing it to execute unauthorized commands or exfiltrate data. The advisory is published at the OpenClaw GitHub security advisories page.

If you are running OpenClaw 2026.2.7 or earlier, update immediately:

openclaw update
openclaw --version  # verify you are on 2026.2.8+

For Docker installations:

docker compose pull
docker compose up -d --force-recreate

Beyond patching: the security model for self-hosted OpenClaw is worth understanding. The agent has full system-level access — it can execute shell commands and read local files. It processes inbound messages as instructions. Anyone with access to your connected messaging account can command it. The community-documented security checklist includes: enable the pairing approval flow, set ALLOWED_USERS explicitly, never run as root, use Docker sandbox mode for non-main sessions, do not connect accounts with access to sensitive data, and never install skills from outside the official ClawHub registry (400+ malicious plugins have been reported).

A note on ClawHub: the official OpenClaw skill registry lists 2,800+ community skills. Not all of them have been security reviewed. Treat skill installation the same way you would treat installing an npm package from an unknown author — read the source before running it in an environment with credentials.

The upgrade process: what actually happens every month

OpenClaw releases 1-2 major point releases per month. Here is the actual upgrade procedure:

# 1. Stop the gateway
openclaw gateway stop  # or: sudo systemctl stop openclaw-gateway

# 2. Backup BEFORE every upgrade (schema changes can corrupt data)
tar czf openclaw-backup-$(date +%Y%m%d-%H%M).tgz ~/.openclaw/
gpg --symmetric --cipher-algo AES256 openclaw-backup-*.tgz

# 3. Upgrade
openclaw update

# 4. Post-upgrade verification
openclaw doctor --fix
openclaw gateway restart
openclaw --version
openclaw health
openclaw config validate

That is approximately 20 minutes per upgrade when done correctly, times 2-4 upgrades per month. This is before accounting for any breaking changes that require you to rewrite custom skills or handle config schema migrations manually.

Common things that break after an upgrade: config schema changes (fix: openclaw doctor --fix), skill API changes where functions have been renamed or removed, session file format changes that make older sessions unreadable, and tools.profile defaulting to messaging which strips read/write/exec permissions from the agent. After every upgrade run openclaw config validate and verify in Telegram that the bot still responds correctly before calling it done.

The community's practical workaround for critical deployments: pin to a specific version in docker-compose.yml (image: ghcr.io/openclaw/openclaw:2026.3.12) and only upgrade when you have time to handle breakage. This means you will fall behind on security patches — which brings you back to the CVE-2026-25253 situation. There is no clean answer.

When self-hosting OpenClaw stops making sense

Self-hosting OpenClaw is the right call if you want zero monthly software cost, full data sovereignty, or the ability to run entirely local models. It is the wrong call if that 20-minute monthly upgrade process (4+ hours/year just on updates, before any breakage) is time you don't have, or if a breaking change taking down your agent on a Saturday is a problem.

Three managed OpenClaw options: ClawHost (purpose-built for OpenClaw, handles auto-updates), Blink Claw (managed service with automatic update management), and Zeabur (container deployment platform that works with the Docker image).

There is also Hermes Agent — MIT licensed, built by Nous Research, with a hermes claw migrate command that migrates your OpenClaw config, memories, skills, and environment variables. Hermes ships with a more stable release cadence: fewer breaking changes, better backwards compatibility, and managed hosting (Hermes OS) with one-click deployment and automatic updates. If you have spent three Saturdays debugging OpenClaw upgrades, that is what the migration is for.