Self-host Clawdbot on VPS | Secure installation guide Skip to main content
AI & Automation

Clawdbot (Moltbot)

By ServerPoint's Team January 30, 2026

Why self-host Clawdbot on a VPS?

Running Clawdbot on a dedicated VPS instead of your personal computer offers several advantages:

  • 24/7 availability: Your AI assistant runs even when your laptop is closed
  • Security isolation: Keep the powerful agent separate from your main machine
  • Access from anywhere: Connect via messaging apps from any device
  • Consistent environment: No interruptions from system updates or restarts

Requirements

  • A VPS with at least 2 GB RAM and 20 GB disk space
  • Ubuntu 22.04 or newer (this guide uses Ubuntu)
  • An API key from Anthropic (Claude) or OpenAI
  • Basic familiarity with Linux command line

Step 1: Deploy your VPS

Deploy a Linux VPS through ServerPoint’s Client Portal. Ubuntu 24.04 LTS is recommended.

Once deployed, SSH into your server:

ssh root@your-server-ip

Step 2: Initial server setup

Update your system and create a non-root user:

apt update && apt upgrade -y
adduser clawdbot
usermod -aG sudo clawdbot

Switch to the new user:

su - clawdbot

Step 3: Install Node.js

Clawdbot requires Node.js 18 or newer:

curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
sudo apt install -y nodejs

Verify the installation:

node --version
npm --version

Step 4: Install Clawdbot

Install Clawdbot globally:

sudo npm install -g clawdbot

Run the onboarding wizard:

clawd onboard

This will prompt you to:

  1. Enter your Anthropic or OpenAI API key
  2. Connect messaging platforms (WhatsApp, Telegram, etc.)
  3. Configure memory and preferences

Step 5: Configure the firewall

Critical: Never expose Clawdbot’s gateway port (18789) to the public internet.

Configure UFW to block external access:

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw enable

The gateway should only be accessible from localhost or through a secure tunnel.

Step 6: Install Tailscale for secure remote access

Tailscale provides a zero-trust network that lets you access your Clawdbot instance securely without exposing ports:

curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up

Follow the authentication link to connect your server to your Tailscale network.

Once connected, you can access Clawdbot’s gateway via your server’s Tailscale IP address, which is only accessible from devices on your Tailscale network.

Step 7: Secure the configuration

Set proper permissions on Clawdbot’s configuration files:

chmod 700 ~/.config/moltbot
chmod 600 ~/.config/moltbot/config.json

Generate a strong gateway token:

openssl rand -hex 32

Add this token to your configuration at ~/.config/moltbot/config.json:

{
  "gateway": {
    "bind": "127.0.0.1",
    "port": 18789,
    "token": "your-generated-token-here"
  }
}

Binding to 127.0.0.1 ensures the gateway only accepts local connections.

Step 8: Run Clawdbot as a service

Create a systemd service for automatic startup:

sudo nano /etc/systemd/system/clawdbot.service

Add the following:

[Unit]
Description=Clawdbot AI Assistant
After=network.target

[Service]
Type=simple
User=clawdbot
WorkingDirectory=/home/clawdbot
ExecStart=/usr/bin/clawd
Restart=on-failure
RestartSec=10

[Install]
WantedBy=multi-user.target

Enable and start the service:

sudo systemctl daemon-reload
sudo systemctl enable clawdbot
sudo systemctl start clawdbot

Check the status:

sudo systemctl status clawdbot

Step 9: Security hardening

Enable DM pairing mode

By default, Clawdbot should require verification before processing messages from unknown contacts. Verify this is enabled in your configuration.

Use allowlists

For maximum security, configure an allowlist to only accept messages from specific contacts:

{
  "access": {
    "denyByDefault": true,
    "allowlist": ["your-phone-number", "your-telegram-id"]
  }
}

Run security audits

Periodically audit your Clawdbot installation:

clawd security audit --deep

Rotate tokens regularly

Change your gateway token and API keys every 30-90 days.

Alternative: Docker installation

For additional isolation, run Clawdbot in Docker:

docker pull moltbot/moltbot
docker run -d \
  --name clawdbot \
  --restart unless-stopped \
  -v ~/.config/moltbot:/root/.config/moltbot \
  moltbot/moltbot

Accessing your Clawdbot

Once running, interact with your Clawdbot through the messaging platforms you configured during onboarding. Messages are processed 24/7 as long as your VPS is running.

For direct gateway access (debugging, admin tasks), connect through Tailscale:

# From a device on your Tailscale network
curl -H "Authorization: Bearer your-token" http://your-tailscale-ip:18789/health

Costs

  • VPS: Starting around $8/month at ServerPoint
  • Clawdbot: Free (open source)
  • API usage: Pay-per-use for Claude/OpenAI (varies by usage)
  • Tailscale: Free for personal use

Deploy a VPS and run your own secure Clawdbot instance today.

Back to all applications
Sign up free!Already a user? Log in