Key takeaways
- Official Cloudflare project running OpenClaw in Cloudflare Sandbox containers
- No local machine exposure — AI assistant runs entirely on Cloudflare's edge
- ~$35/month for always-on, less with sleep configuration
- Supports Telegram, Discord, Slack + browser automation via CDP
FAQ
How much does Moltworker cost?
$5/month Workers Paid plan + ~$30/month compute for always-on container. Configure sleep after idle to reduce costs to ~$10-15/month for light use.
What's the trade-off vs self-hosted OpenClaw?
No local file access, no shell commands on your machine, no "true" personal assistant feel. But also no local security surface, no maintenance, and global edge deployment.
Is this officially supported by Cloudflare?
It's an official Cloudflare project (cloudflare/moltworker) but marked experimental. May break without notice.
Overview
Moltworker is Cloudflare's official project for running OpenClaw on Cloudflare Workers.[1] Instead of running an AI assistant on your personal machine with full host access, Moltworker deploys OpenClaw in a Cloudflare Sandbox container — completely isolated from your local environment.
With 9,000+ GitHub stars, Moltworker appeals to users who want OpenClaw capabilities without the security surface of a self-hosted deployment.
Note: This is marked experimental and may break without notice.
Key Stats
| Metric | Value |
|---|---|
| GitHub Stars | 9K+ |
| Organization | Cloudflare (official) |
| Runtime | Cloudflare Sandbox Container |
| Pricing | ~$35/month always-on |
| Status | Experimental |
Cost Breakdown
Running 24/7 on a standard-1 container (1/2 vCPU, 4 GiB memory, 8 GB disk):
| Resource | Monthly Usage | Free Tier | Overage | Cost |
|---|---|---|---|---|
| Memory | 2,920 GiB-hrs | 25 GiB-hrs | 2,895 GiB-hrs | ~$26/mo |
| CPU (~10%) | ~2,190 vCPU-min | 375 vCPU-min | ~1,815 vCPU-min | ~$2/mo |
| Disk | 5,840 GB-hrs | 200 GB-hrs | 5,640 GB-hrs | ~$1.50/mo |
| Workers Paid | — | — | — | $5/mo |
| Total | ~$34.50/mo |
Configure SANDBOX_SLEEP_AFTER (e.g., 10m) to sleep when idle. A container running 4 hours/day costs ~$10-15/month.
Requirements
- Workers Paid plan ($5/month)
- [Anthropic API key](https://console.anthropic.com/) or Cloudflare AI Gateway
Free tier services used:
- Cloudflare Access (authentication)
- Browser Rendering (automation)
- AI Gateway (optional routing/analytics)
- R2 Storage (optional persistence)
Quick Start
# Install dependencies
npm install
# Set API key
npx wrangler secret put ANTHROPIC_API_KEY
# Generate gateway token
export MOLTBOT_GATEWAY_TOKEN=$(openssl rand -hex 32)
echo "$MOLTBOT_GATEWAY_TOKEN" | npx wrangler secret put MOLTBOT_GATEWAY_TOKEN
# Deploy
npm run deploy
One-click deploy also available via Cloudflare's deploy button.
Architecture
User → Cloudflare Workers → Sandbox Container → OpenClaw → LLM Provider
↓ ↓
Cloudflare Access R2 Storage (optional)
Key components:
| Component | Purpose |
|---|---|
| Workers | Request routing, authentication |
| Sandbox Container | OpenClaw runtime isolation |
| Cloudflare Access | Admin UI protection |
| R2 Storage | Persistent state across restarts |
| Browser Rendering | CDP-based automation |
Features
- Control UI — Web-based chat interface
- Multi-channel — Telegram, Discord, Slack
- Device Pairing — Secure DM authentication
- Persistent Conversations — Chat history via R2
- Agent Runtime — Full OpenClaw skills system
- Browser Automation — CDP shim for web scraping
- Admin UI — Device management, backups, restarts
Channel Support
| Platform | Setup |
|---|---|
| Telegram | npx wrangler secret put TELEGRAM_BOT_TOKEN |
| Discord | npx wrangler secret put DISCORD_BOT_TOKEN |
| Slack | Bot token + App token secrets |
Browser Automation (CDP)
Built-in Chrome DevTools Protocol shim for browser automation:
| Endpoint | Purpose |
|---|---|
/cdp/json/version | Browser version info |
/cdp/json/list | List browser targets |
/cdp/json/new | Create new target |
/cdp/devtools/browser/{id} | WebSocket for CDP |
Includes skills for screenshots and video capture.
Persistence (R2)
Without R2, data is lost on container restart. With R2 configured:
- Automatic backup every 5 minutes
- Restore on container startup
- Manual backup from admin UI
- Paired devices and history persist
Strengths
- Zero Local Exposure — AI never touches your machine
- Official Cloudflare — Maintained by Cloudflare team
- Global Edge — Deploy on Cloudflare's network
- No Maintenance — Cloudflare handles infrastructure
- Automatic Scaling — Serverless architecture
- Full OpenClaw — Skills system, channels, features
- Browser Automation — Built-in CDP support
Weaknesses / Considerations
- No Local Access — Cannot read local files or run local commands
- Monthly Cost — ~$35/month always-on vs free self-hosted
- Experimental — May break without notice
- Cold Starts — 1-2 minutes when container sleeps
- Not "Personal" — Loses the "assistant on your machine" feel
- Cloudflare Lock-in — Depends on Cloudflare services
What You Give Up
| Feature | Self-Hosted | Moltworker |
|---|---|---|
| Local file access | ✅ | ✗ |
| Shell commands | ✅ | ✗ |
| Zero cost | ✅ | ✗ |
| Instant startup | ✅ | ✗ (cold start) |
| Machine learning | ✗ | ✅ |
| No maintenance | ✗ | ✅ |
| Global deployment | ✗ | ✅ |
Ideal User
- Security-paranoid users who don't want AI on their machine
- Teams wanting managed deployment without DevOps
- Cloudflare customers already in the ecosystem
- Light users willing to pay for convenience
- Enterprise needing audit trails and access control
Bottom Line
Moltworker answers a specific question: what if you want OpenClaw's capabilities but don't trust running an AI assistant with access to your personal machine?
The trade-off is explicit. You lose local file access, shell commands, and the "personal" in personal assistant. You gain zero local security surface, managed infrastructure, and global edge deployment.
At ~$35/month always-on (or ~$10-15/month with sleep), it's not free like self-hosted options. But for users whose threat model includes "AI with host access," the cost may be worth the isolation.
The experimental status is the main caveat. This is a proof-of-concept from Cloudflare, not a production-supported product. Use accordingly.