Klaus – Hosted OpenClaw for Teams

TL;DR

TL;DR: Klaus wraps OpenClaw (375k GitHub stars) in a secure, hosted EC2 environment—pre-configured OAuth integrations, automatic instance health repair via an AI SRE called ClawBert, and plans starting at $19/month for a t4g.small.

Source and Accuracy Notes

• Product site: klausai.com
• OpenClaw GitHub: openclaw/openclaw (375,920 stars, TypeScript)
• HN Launch: Show HN: Klaus – OpenClaw on a VM, batteries included (160 points)

What Is OpenClaw?

OpenClaw is a terminal-based AI agent that runs on your local machine, drives coding CLIs like Claude Code, and can autonomously execute tasks across your development environment. Its strengths are real: it’s extremely capable, highly extensible, and runs entirely on your own infrastructure.

But running it well requires real sysadmin work. You need to provision a cloud VM or run a local container, configure OAuth apps for Slack and Google Workspace manually, manage SSH keys, and handle the inevitable situations where the agent corrupts its own config mid-run. As the Klaus founders put it: “Running OpenClaw requires setting up a cloud VM or local container (a pain) or giving OpenClaw root access to your machine (insecure).”

OpenClaw sits at 375k GitHub stars—mainstream in the AI agent space—so the tooling ecosystem around it is mature. Klaus’s bet is that the bottleneck to wider adoption isn’t OpenClaw itself, but the DevOps overhead of running it reliably.

What Klaus Adds on Top

Klaus launches a dedicated EC2 instance for each user, pre-configured with credentials for OpenRouter, AgentMail, and Orthogonal. The OAuth apps for Slack and Google Workspace are already registered and working—no clipboard-pasting of client IDs or wrestling with redirect URIs.

ClawBert: Built-In AI SRE

The most interesting differentiator is ClawBert. It’s a Claude Code instance that runs automatically whenever a health check fails on your EC2 instance, or when you trigger it from the Klaus dashboard. It can:

• Read your entries in the Klaus database to understand your setup
• Execute commands directly on your EC2 instance to repair configurations
• Apply hotfixes across the fleet without manual SSH

The team describes spending their first post-launch week hand-fixing 20+ broken machines as agents hallucinated new ways to corrupt openclaw.json. ClawBert is their answer to that chaos—treating the AI agent’s own infra as something an AI can operate and repair.

Security Model

Klaus acknowledges OpenClaw’s security reputation head-on. Their mitigations:

• Each user gets an EC2 instance on a private subnet—no direct internet exposure
• Automatic OpenClaw version updates so security patches land without user action
• If breached, the exposed keys belong to Klaus, not the user
• They explicitly recommend Opus 4.6 for prompt injection resilience

Pricing

| Plan | Instance | Price | |---|---|---| | Starter | t4g.small | $19/month | | Pro | t4g.medium | $49/month | | Business | t4g.xlarge | $200/month |

All plans include $15 in token credits and $20 in Orthogonal credits one-time.

Setup Workflow

Step 1: Sign Up and Connect

1. Go to klausai.com and sign up
2. Connect your email provider (Gmail or Google Workspace via OAuth—Klaus handles the app registration)
3. Connect Slack if needed (pre-configured OAuth, no manual setup)

Step 2: Configure Your Agent

# Klaus provisions your EC2 and pre-loads your openclaw.json
# No manual VM setup required

Your OpenClaw config is pre-populated with credentials for OpenRouter, AgentMail, and Orthogonal. You add your own model keys through the Klaus dashboard.

Step 3: Define Your First Task

# Via Slack integration
@Klaus review PR #123 for security issues

# Via Klaus web dashboard
# Navigate to Agents → New Task → Describe your objective

Step 4: Monitor with ClawBert

• View ClawBert’s repair runs in the activity log
• Trigger a manual health check from the dashboard
• Review the AI SRE’s command log for transparency

Deeper Analysis

Why Klaus Matters

OpenClaw’s 375k stars represent years of real-world use, but the “zero DevOps required” promise of AI agents collides with OpenClaw’s actual operational overhead. Klaus is not the first to spot this gap—tried-and-true platformization of developer tools is a well-worn YC pattern (Heroku did it for Rails, Railway for general backend, etc.).

The ClawBert angle is where this gets interesting. The founders discovered that managing AI agents requires a different kind of infrastructure management—agents break in agent-specific ways (hallucinated config mutations, corrupted state files) that standard monitoring doesn’t catch. Treating the agent’s health as its own AI-operable problem is a reasonable response.

OpenClaw’s Scope

Klaus is an OpenClaw wrapper, not a standalone agent. The core capabilities come from OpenClaw itself—Klaus adds reliability, security hardening, and managed integrations. Users who want the raw OpenClaw experience on their own infra still have it; Klaus targets teams that want the capability without the platform engineering.

Competitive Landscape

• OpenClaw direct: Full control, full ops burden, free
• Klaus: Managed infra, $19/month minimum, OAuth included
• Continue.dev (178 Show HN points): Open-source VS Code / JetBrains extension for custom code assistants—more of an IDE integration story than an infra story
• Chamber (YC W26): GPU infrastructure agent—specialized for GPU workloads, different target user

Practical Evaluation Checklist

• Does your team need AI agent capabilities but lacks DevOps bandwidth?
• Are OAuth integrations with Slack/Google Workspace a blocker for your use case?
• Would automatic health repair for agent runaways save your team time?
• Is $19/month acceptable for not managing your own OpenClaw VM?

If yes to two or more, Klaus is worth evaluating.

Security Notes

• EC2 instances run on private subnets—intended to limit blast radius if compromised
• OpenClaw has had security concerns in the past; Klaus applies automatic updates to patch known vulnerabilities
• Connecting email via OAuth is still a trust decision; Klaus stores OAuth tokens and can access your email
• The best defense against prompt injection is model-level (Klaus recommends Opus 4.6), not infrastructure-level
• If security is the primary concern, running OpenClaw directly on isolated infrastructure is still the most paranoid option

FAQ

Q: Is Klaus affiliated with the OpenClaw open-source project? A: No. Klaus is an independent company that built a hosted platform around OpenClaw. OpenClaw remains open-source under its original license.

Q: Can I self-host Klaus? A: Not at this time. Klaus is a fully managed service. Each user gets a dedicated EC2 instance managed by Klaus.

Q: What happens if Klaus goes offline? A: Your EC2 instance continues running with whatever state it was in. ClawBert repairs won’t run, and you won’t get automatic OpenClaw updates. You can still connect to the instance directly via SSM.

Q: How does Klaus handle prompt injection attacks? A: Klaus relies on the model for prompt injection resilience and recommends using Opus 4.6 for that purpose. They acknowledge this is an ongoing research problem.

Q: Can I use my own model API keys instead of the pre-configured ones? A: Yes. Klaus pre-configures OpenRouter, AgentMail, and Orthogonal credentials, but you can swap in your own API keys through the dashboard.

Conclusion

Klaus solves the unglamorous but real problem of running OpenClaw reliably in a team environment. The 375k-star OpenClaw core is battle-tested; Klaus wraps it with managed infra, OAuth integrations, and an AI-native SRE (ClawBert) that repairs broken agent state automatically. At $19/month for a t4g.small, it’s priced for individuals and small teams who want the capability without the platform engineering.

The AI agent infra space is getting crowded, but the “make AI agents operationally boring” angle is still underserved. If you’ve been evaluating AI coding agents for your team and bounced off the DevOps overhead, Klaus is worth a look.

Visit Klaus →