← Back to research
·7 min read·opensource

Moltworker

Moltworker runs OpenClaw on Cloudflare Workers — serverless AI assistant deployment with no local machine exposure. A Cloudflare proof of concept, explicitly unsupported.

Key takeaways

  • Cloudflare-org project running OpenClaw in Cloudflare Sandbox containers — explicitly a proof of concept, not a supported product
  • No local machine exposure — AI assistant runs entirely on Cloudflare's edge
  • ~$35/month for always-on, ~$5-6/month with sleep configuration for light use; some community estimates run above $50/month
  • Supports Telegram, Discord, Slack + browser automation via CDP
  • ~9.9K GitHub stars as of June 2026, but no commits to main since late March 2026 and no tagged releases

FAQ

How much does Moltworker cost?

$5/month Workers Paid plan + ~$30/month compute for always-on container. Configure sleep after idle to reduce costs to ~$5-6/month for light use (per the project README). Some community estimates of real-world always-on cost run above $50/month.

What's the trade-off vs self-hosted OpenClaw?

No local file access, no shell commands on your machine, no "true" personal assistant feel. But also no local security surface, no maintenance, and global edge deployment.

Is this officially supported by Cloudflare?

No. It lives in the Cloudflare GitHub org (cloudflare/moltworker), but the README is explicit that it is a proof of concept, not officially supported, and may break without notice. As of June 2026 the repo has had no commits to main since late March 2026.

Overview

Moltworker is Cloudflare's project for running OpenClaw on Cloudflare Workers.[1] Instead of running an AI assistant on your personal machine with full host access, Moltworker deploys OpenClaw in a Cloudflare Sandbox container — completely isolated from your local environment. Cloudflare positions it as a demonstration of its Developer Platform, "a proof of concept rather than a supported product."[2]

With ~9,900 GitHub stars as of June 2026, Moltworker appeals to users who want OpenClaw capabilities without the security surface of a self-hosted deployment.[1]

Note: This is marked experimental and may break without notice. Repo activity has cooled with the post-launch hype cycle: as of June 2026 there have been no commits to main since late March 2026, and the project has never shipped a tagged release.[1]

Key Stats

MetricValue (June 2026)
GitHub Stars~9.9K
Forks~1.8K
OrganizationCloudflare (org repo, explicitly unsupported)
RuntimeCloudflare Sandbox Container
Pricing~$35/month always-on
Last commit to mainMarch 29, 2026
StatusExperimental proof of concept

Cost Breakdown

Running 24/7 on a standard-1 container (1/2 vCPU, 4 GiB memory, 8 GB disk):

ResourceMonthly UsageFree TierOverageCost
Memory2,920 GiB-hrs25 GiB-hrs2,895 GiB-hrs~$26/mo
CPU (~10%)~2,190 vCPU-min375 vCPU-min~1,815 vCPU-min~$2/mo
Disk5,840 GB-hrs200 GB-hrs5,640 GB-hrs~$1.50/mo
Workers Paid$5/mo
Total~$34.50/mo

Configure SANDBOX_SLEEP_AFTER (e.g., 10m) to sleep when idle. Per the README, a container running 4 hours/day costs ~$5-6/month.[1] Note that community estimates of real-world always-on cost have run higher — one widely shared calculation pegged it at $51.64/month at Cloudflare's pricing.[3]

Requirements

Free tier services used:

  • Cloudflare Access (authentication)
  • Browser Rendering (automation)
  • AI Gateway (optional routing/analytics)
  • R2 Storage (optional persistence)

Quick Start

# Install dependencies
npm install

# Set API key
npx wrangler secret put ANTHROPIC_API_KEY

# Generate gateway token
export MOLTBOT_GATEWAY_TOKEN=$(openssl rand -hex 32)
echo "$MOLTBOT_GATEWAY_TOKEN" | npx wrangler secret put MOLTBOT_GATEWAY_TOKEN

# Deploy
npm run deploy

One-click deploy also available via Cloudflare's deploy button.

Architecture

User → Cloudflare Workers → Sandbox Container → OpenClaw → LLM Provider
              ↓                    ↓
      Cloudflare Access       R2 Storage (optional)

Key components:

ComponentPurpose
WorkersRequest routing, authentication
Sandbox ContainerOpenClaw runtime isolation
Cloudflare AccessAdmin UI protection
R2 StoragePersistent state across restarts
Browser RenderingCDP-based automation

Features

  • Control UI — Web-based chat interface
  • Multi-channelTelegram, Discord, Slack
  • Device Pairing — Secure DM authentication
  • Persistent Conversations — Chat history via R2
  • Agent Runtime — Full OpenClaw skills system
  • Browser Automation — CDP shim for web scraping
  • Admin UI — Device management, backups, restarts

Channel Support

PlatformSetup
Telegramnpx wrangler secret put TELEGRAM_BOT_TOKEN
Discordnpx wrangler secret put DISCORD_BOT_TOKEN
SlackBot token + App token secrets

Browser Automation (CDP)

Built-in Chrome DevTools Protocol shim for browser automation:

EndpointPurpose
/cdp/json/versionBrowser version info
/cdp/json/listList browser targets
/cdp/json/newCreate new target
/cdp/devtools/browser/{id}WebSocket for CDP

Includes skills for screenshots and video capture.

Persistence (R2)

Without R2, data is lost on container restart. With R2 configured:

  • Automatic backup every 5 minutes
  • Restore on container startup
  • Manual backup from admin UI
  • Paired devices and history persist

Strengths

  • Zero Local Exposure — AI never touches your machine
  • Cloudflare-Built — Created by the Cloudflare team (though explicitly unsupported)
  • Global Edge — Deploy on Cloudflare's network
  • No Maintenance — Cloudflare handles infrastructure
  • Automatic Scaling — Serverless architecture
  • Full OpenClaw — Skills system, channels, features
  • Browser Automation — Built-in CDP support

Weaknesses / Considerations

  • No Local Access — Cannot read local files or run local commands
  • Monthly Cost — ~$35/month always-on vs free self-hosted; community estimates of real-world cost have run above $50/month[3]
  • Experimental — The README is explicit: "not officially supported and may break without notice"[1]
  • Stalled Maintenance — No commits to main since March 29, 2026, and no tagged releases ever; treat the proof-of-concept label literally[1]
  • Cold Starts — 1-2 minutes when container sleeps
  • Not "Personal" — Loses the "assistant on your machine" feel
  • Cloudflare Lock-in — Depends on Cloudflare services

What Developers Say

Early reception split along the convenience-vs-control axis. One early user told InfoQ the operational appeal was real: "managing the box is a chore. This looks like the 'set it and forget it' version."[2] Another commenter, Peter Choi, questioned whether the move to managed edge hosting "alters the project's original appeal, which emphasized full local control."[2]

Cost skepticism is the other recurring theme. Wayne Vaughan calculated: "Moltworker is expected to cost $51.64 per month based on @Cloudflare's current pricing. Maybe getting a Mac Mini to run @openclaw isn't such a bad deal after all."[3]

What You Give Up

FeatureSelf-HostedMoltworker
Local file access
Shell commands
Zero cost
Instant startup✗ (cold start)
Machine learning
No maintenance
Global deployment

Ideal User

  • Security-paranoid users who don't want AI on their machine
  • Teams wanting managed deployment without DevOps
  • Cloudflare customers already in the ecosystem
  • Light users willing to pay for convenience
  • Enterprise needing audit trails and access control

Bottom Line

Moltworker answers a specific question: what if you want OpenClaw's capabilities but don't trust running an AI assistant with access to your personal machine?

The trade-off is explicit. You lose local file access, shell commands, and the "personal" in personal assistant. You gain zero local security surface, managed infrastructure, and global edge deployment.

At ~$35/month always-on (or ~$5-6/month with sleep, per the README — community estimates run higher), it's not free like self-hosted options. But for users whose threat model includes "AI with host access," the cost may be worth the isolation.

The experimental status is the main caveat, and as of June 2026 it has teeth: the repo sits at ~9.9K stars but has had no commits to main since late March 2026 and has never cut a release. This is a proof-of-concept from Cloudflare, not a production-supported product — and it is aging like one. Use accordingly.