Self-Hosted

Irish AI startup Jentic just launched Jentic Mini — a free, open-source, self-hosted API execution firewall specifically designed to sit between your OpenClaw agents and the external APIs they call. It handles credentials, permissions, and access control so your agents don’t have to. If you’re running OpenClaw agents that interact with external services — and especially given the recent GhostClaw malware campaign targeting AI agent skill systems — adding an execution firewall layer is no longer optional. It’s operational security. ...

CNCERT just flagged 135,000 publicly exposed OpenClaw instances. If yours is one of them, this guide is for you. The 2026 OpenClaw security advisory covers two CVEs and a systemic issue with weak default configurations. This guide walks you through the practical steps to harden your deployment — from critical patches to defense-in-depth practices that protect against prompt injection attacks. Time to complete: 30–60 minutes Applies to: All self-hosted OpenClaw deployments Urgency: High — patch the CVEs first ...

If you’ve ever wanted to run your own private AI agent without touching a Dockerfile or configuring a reverse proxy from scratch, AWS just made it dramatically easier. Amazon Web Services has officially added OpenClaw to Amazon Lightsail as a one-click blueprint — meaning you can spin up a fully functional, self-hosted AI agent in minutes, starting at approximately $3.50 per month. This is a meaningful moment for the agentic AI ecosystem. OpenClaw going from a GitHub sensation to a first-class AWS product suggests that self-hosted AI agents are no longer a hobbyist curiosity — they’re becoming a mainstream infrastructure choice. ...

AWS just added OpenClaw to Amazon Lightsail as an official one-click blueprint. That means you can now deploy a fully functional, self-hosted AI agent — pre-connected to Amazon Bedrock and Claude Sonnet 4.6 — in the time it takes to make coffee. Here’s exactly how to do it. What You’ll Need An AWS account (free tier works for the first month; the $3.50/month Lightsail tier covers basic usage) About 5 minutes A domain name (optional, but recommended for HTTPS setup) Step 1: Open the Lightsail Console Navigate to lightsail.aws.amazon.com and sign in with your AWS credentials. If you don’t have an account, the signup takes about 3 minutes and doesn’t require a credit card for the initial free tier. ...

Alibaba’s CoPaw just went open-source and it’s one of the cleanest personal agent setups I’ve seen for developers who want full control over their stack. This guide walks you through a working deployment in under 30 minutes — locally on a Mac, or on a cheap Linux VPS. Prerequisites: Python 3.11+ or Docker A machine with at least 4GB RAM (8GB+ for local models) Optional: Anthropic/OpenAI API key, or a local model via llama.cpp or Ollama Step 1: Clone the Repository git clone https://github.com/agentscope-ai/CoPaw.git cd CoPaw The repo includes a docker-compose.yml for containerized deployment and a standard Python requirements.txt for bare-metal installs. ...

The open-source personal agent space just got a serious new contender. Alibaba’s research team quietly dropped CoPaw at the end of February — an open-source framework for deploying self-hosted AI agents that runs entirely on your own hardware, supports local models, and integrates directly with Discord, iMessage, DingTalk, and Feishu out of the box. If you’ve been following the OpenClaw community, the concept will feel familiar. But CoPaw brings a distinctly different design philosophy: it’s built from the ground up for portability and model-agnosticism, with equal-class support for local inference (via llama.cpp or Apple MLX) and remote APIs. ...

If you’re running OpenClaw with browser control features, you need to patch GHSA-mr32-vwc2-5j6h today. This how-to walks you through the full process: checking your current version, verifying exposure, patching, and applying the new Docker network hardening from 2026.2.21. For the threat model and full vulnerability details, see the news article on GHSA-mr32-vwc2-5j6h. Here we focus on the practical steps. Step 1: Check Your Current Version openclaw --version If you see anything before 2026.2.21-1, you’re vulnerable. The patch was shipped in the -1 suffix release specifically for this CVE — 2026.2.21 alone is not sufficient. ...