Moltworker
Cloudflare's project is an open-source proof of concept for running OpenClaw inside a Cloudflare Sandbox container. It is not a formal managed SaaS product, and Cloudflare says it is experimental, unsupported, and may break without notice.
The project combines a Worker entrypoint, a sandboxed OpenClaw container, an administration interface, authentication through Cloudflare Access, optional persistent storage, and optional browser and model-routing services.
Quick answer: This is a self-deployed Cloudflare architecture for OpenClaw, not an all-in-one hosted assistant subscription. It can remain available in the cloud, but the user must deploy, secure, fund, and maintain the stack.
Who this is forNon-technical professionals, solopreneurs, and lean teams who want recurring browser, file, research, and monitoring workflows without self-hosting OpenClaw, configuring a server, or keeping a personal computer awake.
What Is Moltworker? A Cloudflare Self-Deployment Pattern
The search phrase “managed hosting” can be misleading here. The project uses managed Cloudflare infrastructure, but the user deploys and operates the application in their own Cloudflare account. It is not a supported Cloudflare-hosted OpenClaw service with a dedicated customer plan.
Its architecture has several parts:
| Component | Function |
|---|---|
| Worker entrypoint | Routes requests between the user, admin interface, and sandbox |
| Cloudflare Sandbox | Runs the standard OpenClaw Gateway inside a container |
| Cloudflare Access | Protects administrative endpoints and validates identity |
| Device pairing | Requires approval before a new client can use the Gateway |
| R2 storage | Optionally preserves configuration and conversation data across restarts |
| Browser Rendering | Optionally gives OpenClaw a remote headless-browser path |
| AI Gateway | Optionally routes model traffic and centralizes usage visibility |
This is a cloud deployment of OpenClaw rather than a new agent runtime. OpenClaw provides the assistant, workspace, skills, conversations, and channels; the Cloudflare project provides the hosting adaptation.
Moltworker Cost Stack: Workers, Sandbox, R2 & Models
There is no standalone Moltworker pricing plan. The deployment requires a paid Workers plan for Sandbox containers, and usage can generate separate container, storage, network, logging, browser, and model costs.
The total depends on choices such as:
- Container size and how long it stays awake
- Active CPU use and provisioned resources
- Whether persistent storage is enabled
- Browser Rendering usage
- Worker, Durable Object, and network activity
- Model provider and token consumption
- Log volume and retention
Do not reduce this to “OpenClaw hosting for the base Workers subscription.” The official repository's own estimate shows that continuous container operation can cost materially more than the plan fee, and actual usage varies.
Sleeping the container can reduce compute costs, but the next request may have a noticeable cold start. Budget caps also need to account for model and platform services separately.
Source note: This section summarizes public pages available at review time. A missing public workflow or architecture detail is treated as a public evidence gap to verify with the provider, not as proof that the feature is unavailable.
Moltworker Setup Burden, Cloudflare Access & Model Keys
Moltworker packages OpenClaw's Control UI and documented Telegram, Discord, and Slack paths. Channel support still depends on the packaged OpenClaw version, required tokens, and correct policy configuration.
Setup is not one click in the SaaS sense. The operator must:
- Create the Cloudflare deployment and required bindings.
- Add model credentials or configure AI Gateway billing.
- Generate and store a Gateway token.
- Enable Cloudflare Access for the administration interface.
- Pair each new device.
- Configure R2 if state must survive container restarts.
- Add channel credentials and optional browser settings.
- Monitor costs, backups, logs, and upstream compatibility.
BYOK is supported through direct model credentials or Cloudflare AI Gateway configuration. The repository currently documents an Anthropic path most directly, while AI Gateway can provide broader routing options. Avoid claiming that every OpenClaw provider works automatically without configuration.
Source note: This section summarizes public pages available at review time. A missing public workflow or architecture detail is treated as a public evidence gap to verify with the provider, not as proof that the feature is unavailable.
Moltworker Public Evidence to Verify for Production Use
The OpenClaw process runs inside a Cloudflare Sandbox container, but the full deployment is tied to Cloudflare Workers, Access, Sandbox APIs, and optional R2, Browser Rendering, and AI Gateway services.
This creates both benefits and constraints:
| Benefit | Constraint |
|---|---|
| Isolated cloud container | Requires Cloudflare-specific deployment and billing |
| Cloud authentication layer | Access policies and secrets must be configured correctly |
| Optional persistent backup | Data is ephemeral without R2 credentials |
| Optional sleeping container | Wake-up delay after inactivity |
| Remote browser capability | Additional service configuration and usage |
| OpenClaw in the cloud | Upstream changes can break an unsupported proof of concept |
Calling the design “serverless OpenClaw” hides the container. The Worker is the entrypoint, while the agent runs in a provisioned Sandbox container with memory, CPU, disk, and lifecycle behavior.
The project also requires Cloudflare Access and device pairing for the Control UI. Development mode can bypass those controls and should not be presented as appropriate for an internet-facing deployment.
Source note: This section summarizes public pages available at review time. A missing public workflow or architecture detail is treated as a public evidence gap to verify with the provider, not as proof that the feature is unavailable.
Moltworker vs MoClaw When You Do Not Want to Operate Infra
Moltworker is a build-it-yourself cloud deployment. MoClaw is a managed cloud AI computer intended for users who want to assign work rather than assemble the hosting stack.
Disclosure: We make MoClaw. Cloudflare's project is described from its official repository and engineering post.
| Area | Moltworker | MoClaw |
|---|---|---|
| Service model | Experimental open-source deployment recipe | Managed cloud AI computer |
| Agent runtime | OpenClaw in a Cloudflare Sandbox | Provider-managed assistant environment |
| Setup | Cloudflare project, secrets, Access, storage, and channels | Account and supported workflow configuration |
| Persistence | Optional R2 backup and restore | Managed environment storage behavior |
| Browser work | Optional Browser Rendering integration | Supported browser capability in the cloud computer |
| Scheduling | OpenClaw schedules while the container is available | Managed schedules designed for persistent operation |
| Maintenance | User tracks Cloudflare and OpenClaw changes | Provider manages the underlying environment |
Choose Moltworker when learning or controlling the Cloudflare architecture is part of the goal. Choose MoClaw when browser, file, skill, and scheduled work matter more than operating the infrastructure.
Security Questions: Access Policies, Pairing & Secrets
Sandboxing reduces direct host exposure, but cloud security still depends on identity, secrets, network routes, storage, and application configuration.
For Moltworker, the official setup expects:
- Cloudflare Access protecting administrative endpoints
- A Gateway token for remote Control UI access
- Explicit device pairing
- Separate secrets for channels and browser access
- R2 credentials if persistence is enabled
- Development bypasses kept away from public deployments
A local OpenClaw host has a different risk profile. It may expose personal files, browser sessions, or network resources available on that machine. The Cloudflare container separates the agent from a personal computer, but it places sensitive state and service configuration in a cloud account.
Neither model is automatically safer for every task. Minimize connected accounts, use dedicated credentials, and review what a skill or browser session can reach.
Source note: This section summarizes public pages available at review time. A missing public workflow or architecture detail is treated as a public evidence gap to verify with the provider, not as proof that the feature is unavailable.
Questions
Can I Move an Existing OpenClaw Workspace to Moltworker?
Potentially, but migration should follow the current repository's storage and restore guidance. Back up the workspace first and do not assume local paths, browser sessions, or every plugin will transfer unchanged.
Does Moltworker Support OpenClaw Skills?
It runs OpenClaw and includes a Cloudflare browser skill. Other skills depend on their packages, binaries, network access, credentials, and compatibility with the sandbox image.
Can I Set a Single Budget Cap?
Not necessarily. Platform resources and model usage may be billed through different services. Configure alerts and limits wherever the chosen Cloudflare and model-provider accounts support them.
Is Moltworker Production-Supported by Cloudflare?
No. Cloudflare calls it an experimental proof of concept, not a Cloudflare product, and warns that it may break without notice. It should not be marketed as a production-supported managed service.
Moltworker is useful for experimenting with OpenClaw on Cloudflare infrastructure. Its strongest limitation is also its defining feature: the operator owns a multi-service Cloudflare deployment rather than receiving a complete hosted assistant.
Want a claw without the setup?
MoClaw is a hosted cloud claw — OpenClaw-style automation, always on, with no Docker, VPS, or server to babysit. Bring your own key.