Managed OpenClaw, now with guardrails·v2.1 shipped

The safest way to run OpenClaw in production.

ControlClaw wraps OpenClaw in an AI firewall. We block prompt injections, ask for your approval on risky actions, and handle the boring parts — hosting, updates, browser sessions, integrations — so you don't have to.

Start a 14-day trialSee how it worksNo credit card required
Live traffic · controlclaw.bot
Website
public traffic
Email
inbound
User
via Telegram
Corporate DB
internal
ControlClaw firewall
OpenClaw
hardened runtime
Trusted by teams at
◆ Norwood
Heliograph
★ Stride
Quorum/AI
Harbor Labs
▲ Fieldnote
Features

Everything you need to ship an OpenClaw bot without losing sleep.

You build the assistant. We handle hosting, hardening, permissions, updates, browser sessions, and the messy edges of running AI in production.

AI firewall, always on

Every message in and out is inspected for prompt injection, jailbreaks, credential exfiltration, and tool abuse. Block, allow, or ask — your choice, per policy.

allow · fetch calendarask · send $4.2k invoiceblock · "ignore previous..."

Fully managed

We run, monitor, patch, and auto-update OpenClaw. Best-practice plugins pre-installed, tuned, and battle-tested — zero CLI required.

Secure by default

HTTPS everywhere, SSO, audit logs, least-privilege tokens. See who (human or AI) is connected, and revoke in one click.

Persistent browser sessions

One (or several) real Chrome sessions with saved logins and a residential IP. Watch the stream, take over for captcha, hand back to the bot.

Batteries included — open from anywhere

Web embed, Telegram, WhatsApp, Slack, Discord, email — flip a switch, your bot is there. No infra, no webhooks to wire, no SDK. All GUI, no CLI.

✓ telegram✓ whatsapp✓ slack✓ web embed✓ email✓ api

Full observability

Every request, block, and approval — timestamped and searchable. Export to Datadog, Sentry, or S3.

Human-in-the-loop

For risky actions — payments, deletions, emails — the bot pings you for approval. You decide, it continues.

Runs on your infra

SaaS by default. Pin to a specific AWS AZ, or deploy on-prem for air-gapped environments. Same managed experience.

How it works

A control layer that sits between you and OpenClaw.

Every message — from a human, an agent, or a webhook — flows through ControlClaw first. We inspect it, apply your policy, and only then talk to OpenClaw. Responses go back the same way.

Sources
Humansweb · mobile
AI agentsAPI
MessengersTG · WA · Slack
WebhooksHTTPS
ControlClaw — control layer
Identity & auth
Bearer tokentok_•••v7e
Principaluser:jamie@acme
MFAverified
Policy engine
Prompt injection scanpass
Payments > $1,000ask human
Destructive deleteblocked
Observability
Audit logs3://ctrl/audit
Tracesotlp://dd
RedactionPII masked
OpenClaw + tools
OpenClaw v2.8auto-updated
Chrome sessionresidential IP
Plugin registry40+ curated
Memory & vector DBisolated per tenant
Permissions · interactive

Different rules for humans and AI agents.

A human asking their own bot to send an email? Fine. An agent trying the same thing via API? Let's double-check. Toggle between the two to see how ControlClaw reacts.

Human in the driver's seat

When you or your team talk to the bot directly, ControlClaw trusts but verifies. Routine actions fly through. Only high-stakes operations — payments, data exports, destructive ops — pause for a second look.

Read/write your own dataallow
Payments over $1,000ask
Delete > 10 records at onceask
Export customer PIIblock
JM
jamie@acme.com
Web session · Chrome 124
Policy: production
Integrations

One bot, everywhere your customers are.

Flip a toggle in the dashboard. Your OpenClaw assistant shows up on Telegram, WhatsApp, Slack — or embedded on your site with a single script tag.

TG

Telegram

Paste your BotFather token, done. Groups, channels, and DMs.

1-click
WA

WhatsApp

Business API, managed onboarding. Shared or dedicated numbers.

Verified
SL

Slack

Add to workspace, pick channels, keep the audit trail inside Slack too.

OAuth

Web embed

Drop-in widget or full iframe. Theme-matched to your site.

<script>

Chrome sessions

Real browser with your logins, residential IP. Watch the stream live.

+ captcha handoff

Email

Dedicated inbox. Your bot replies from @yourdomain.

DKIM

Discord

Slash commands, role-aware permissions, DMs.

Bot

REST API

Every GUI feature exposed over HTTPS. SDKs in TS, Python, Go.

OpenAPI 3.1
Security & compliance

Built for teams who get asked hard questions by their security team.

Hardened OpenClaw, isolated tenants, signed updates, and deployment options that fit your threat model.

Hardened by default

Every ControlClaw instance ships with the boring, critical stuff already turned on.

Isolated per tenant
Dedicated runtime, memory, and vector DB. Your data doesn't share a process with anyone else's.
Signed, atomic updates
OpenClaw and plugins patched on our side. Rollback in 30 seconds if something misbehaves.
SSO, SCIM, and scoped tokens
Log in with Okta, Google, Entra. Per-token scopes (read-only, approve-only, etc.) and instant revocation.
Full audit trail
Every prompt, tool call, approval, and block — 90 days hot, export to S3 or SIEM.
PII redaction
Emails, phone numbers, card numbers auto-masked in logs and telemetry.
Deployment options

Pick the infra that fits your compliance story.

  • SaaS (default) — multi-tenant, multi-region, 99.95% SLA.
  • Single-tenant AWS — pin to a specific AZ, your VPC peering, your KMS keys.
  • On-prem — air-gapped deploy via OCI images. Same managed experience, your datacenter.
  • Bring your own LLM — route to Claude, OpenAI, or your internal gateway.
SOC 2 Type IIGDPRHIPAA-readyISO 27001DPA on request
Pricing

Start free. Scale when it works.

Every plan includes the AI firewall, auto-updates, web embed, and a Chrome session. No surprise bills — caps and alerts on everything.

Starter
$29/month
For solo founders and side projects.
  • 1 bot, 5k requests/mo
  • 1 Chrome session
  • Telegram + web embed
  • Community Slack
Start free trial
Most popular
Team
$149/month
For growing teams who need to ship.
  • 5 bots, 100k requests/mo
  • 5 Chrome sessions, residential IP
  • All integrations (TG, WA, Slack, Discord, email)
  • SSO, audit log export
  • Email + shared Slack support
Start free trial
Enterprise
Custom
Your AZ, your VPC, your compliance team's dream.
  • Unlimited bots & sessions
  • Dedicated AWS AZ or on-prem
  • Custom policy engine, BYO LLM
  • SOC 2 report, DPA, BAA
  • 24/7 on-call, named CSM
Talk to sales
Customers

From solo founders to security teams at real companies.

We were building our own firewall around OpenClaw and getting nowhere. ControlClaw covered 90% of our threat model out of the box — we shipped three weeks earlier.
Priya Raman
Head of Engineering, Norwood
The human-in-the-loop approval flow is the thing we didn't know we needed. Our bot makes $4k invoice decisions every day now — and I sleep fine.
Marcus Lee
Founder, Stride
Audit log export to our SIEM made the InfoSec conversation a two-week review instead of a quarter. Deployed in our AZ, passed the pen-test clean.
Sarah Okafor
Staff Security Eng, Quorum/AI
FAQ

Questions teams ask us before signing.

What exactly does the AI firewall catch?
Prompt injections (including indirect ones from web content and emails), jailbreaks, attempts to exfiltrate system prompts or credentials, tool-abuse patterns, and anything matching your custom policies. You can allow-list, block-list, or route to a human.
Do I have to change my OpenClaw code?
No. Point your existing OpenClaw config at ControlClaw's endpoint, or start from one of our templates. We're a drop-in proxy + management layer.
How are you different from just self-hosting OpenClaw?
Self-hosting means you own hardening, updates, plugins, the Chrome farm, the messenger integrations, the audit trail, the policy engine, and the 3am pager. We do all of that and the AI firewall on top. You keep the business logic.
What happens when the firewall blocks something legitimate?
Every block is logged with the exact rule that fired. Your team can review, allow-list, and the policy adapts. Most customers see <0.3% false positives after the first week.
Where does my data live?
By default, EU or US regions of your choice. Enterprise plans can pin to a specific AWS AZ or run on-prem. Nothing is ever used to train models.
Can I bring my own LLM?
Yes, on Team and Enterprise. Route to Claude, OpenAI, a private Azure/Bedrock endpoint, or your internal gateway. The firewall works the same.

Put your OpenClaw bot in safe hands today.

14-day trial. No credit card. Import your existing config, plug in Telegram, watch the firewall do its thing.

Start free trialBook a demo