Three months ago, OpenClaw was an open-source project with a GitHub repo and a community Discord. Today it's an ecosystem. NVIDIA, Cisco, Amazon, and a dozen security vendors have built products around it. Conferences are dedicating entire tracks to it. The phrase "Claw ecosystem" is now something people say with a straight face.
It's getting hard to keep track of what exists, what each piece does, and how they all fit together. This post is my attempt at a comprehensive map — every major tool, platform, and framework in the OpenClaw ecosystem as of late March 2026.
Bookmark this. I'll keep it updated.
The Core
OpenClaw
What it is: The open-source AI agent itself. Runs on your devices, connects to messaging platforms (WhatsApp, Telegram, Slack, Discord, Google Chat), executes skills, browses the web, manages files, and takes autonomous actions.
Current version: 2.0 (released March 2026)
Key features in 2.0: Revamped ClawHub skill marketplace, improved memory system, multi-agent coordination, voice mode, built-in cron scheduling.
Governance: Moving to a foundation. Creator Peter Steinberger joined OpenAI in February but committed to keeping the project independent and open source.
GitHub: github.com/openclaw/openclaw
ClawHub
What it is: The official skill marketplace for OpenClaw. Community-contributed skills that extend the agent's capabilities — integrations, automations, tools, and workflows.
The problem: Malicious skills have been a persistent issue. 71 malicious skills were discovered in a single audit in February. 1,000+ malicious skills were found earlier in the year. The 2.0 update added community flagging and basic vetting, but the review process is still far from robust.
Use with caution: Vet skills before installing. Minimize the number of installed skills. Prefer skills from known authors with source code you can review.
Deployment Platforms
Clawdy (That's Us)
What it is: One-click managed deployment for OpenClaw. Provisions isolated cloud instances with authentication proxy, SSL, firewall, API key isolation, and managed updates.
Where it runs: Hetzner Cloud (EU and US regions)
What it handles: Infrastructure provisioning, security configuration, SSL/TLS, authentication, API key proxying, automated updates, monitoring.
Best for: Users who want a running, secured OpenClaw instance without infrastructure expertise. Small teams and individuals who need always-on deployment without the ops burden.
Website: clawdy.app
Amazon Lightsail
What it is: AWS's simple VM service with an official OpenClaw blueprint. Launches a pre-configured VM with OpenClaw installed.
What it handles: VM provisioning and OpenClaw installation.
What it doesn't handle: SSL, authentication, firewall configuration, updates, monitoring, or API key isolation. All of that is manual.
Best for: AWS ecosystem users who want full server control and are willing to handle security configuration themselves.
Self-Hosted (DIY)
What it is: Running OpenClaw on your own hardware or VPS. Any Linux server with the install script.
Best for: Developers who want full control and have the infrastructure knowledge to secure it properly.
The risk: 220,000+ instances are currently exposed to the internet due to insecure default configurations.
Security Frameworks
NVIDIA NemoClaw
What it is: Enterprise security layer for OpenClaw, announced at GTC 2026. Adds three layers: input guardrails (prompt injection filtering), sandboxed execution (skill isolation), and runtime monitoring (behavior tracking).
Built on: NVIDIA OpenShell secure runtime.
Includes: Groq integration for accelerated inference.
Strengths: Single-command deployment, meaningful reduction in runtime risk, institutional backing from NVIDIA.
Limitations: Guardrails are bypassable by sophisticated attacks. Sandboxes have known escape vectors. Monitoring is reactive, not preventive. Doesn't handle infrastructure security.
Cisco DefenseClaw
What it is: Zero-trust agent governance framework, launched at RSAC 2026. Built on NVIDIA's OpenShell runtime.
Key components:
- AI Bill of Materials (ABOM) — inventory of models, skills, and data sources
- Sandbox scanners — pre-deployment testing of skills
- Code-guard tools — runtime monitoring of agent-generated code
Strengths: Governance and compliance features that enterprises need. Strong visibility into agent components and behavior.
Limitations: Doesn't handle infrastructure security. Requires operational expertise to monitor and respond to alerts.
NVIDIA OpenShell
What it is: Secure runtime environment designed specifically for AI agents. The container layer that NemoClaw and DefenseClaw run on top of.
Think of it as: A hardened container optimized for agent workloads, with process isolation, filesystem restrictions, and network controls.
NSFOCUS Multi-Layer Defense
What it is: A defense system specifically designed for OpenClaw deployments, with network-level, application-level, and agent-level protections.
Announced at: RSAC 2026
SentinelOne Purple AI
What it is: AI agent red-teaming and security testing. Proactively tests agents for prompt injection vulnerabilities, data exfiltration paths, and privilege escalation.
Best for: Organizations that need to validate agent security before production deployment.
Zenity
What it is: Shadow AI governance platform. Discovers and monitors AI agents deployed without IT's knowledge (including unsanctioned OpenClaw instances).
Best for: Enterprise security teams who need visibility into agent proliferation across their organization.
AI Models and Providers
OpenClaw works with any AI provider through API integration. The most commonly used:
OpenRouter
What it is: AI model aggregator that provides a single API for accessing models from multiple providers (Anthropic, OpenAI, Google, Meta, Mistral, and others). The most popular way to power OpenClaw agents.
Why it's popular: Model flexibility. Switch between providers and models without changing configuration.
Groq
What it is: Ultra-fast inference platform with custom hardware (LPUs). Integrated into NemoClaw for accelerated agent responses.
Best for: Latency-sensitive workflows where agent response speed matters.
Notable Models for Agent Work
- Claude Opus 4.6 — Top-tier reasoning and instruction following. Expensive but excellent for complex multi-step agent workflows.
- GPT-5.4 — OpenAI's latest. Strong general-purpose performance with improved tool use.
- GLM-5 (Zhipu AI) — Frontier-level performance at ~90% lower cost. Strong for business automation workflows.
- Kimi K2.5 (Moonshot AI) — Optimized for multi-agent coordination and swarm workflows.
Monitoring and Observability
Axiom
What it is: Log aggregation and analytics platform. Used by several OpenClaw deployment tools (including Clawdy) for centralized logging and monitoring.
SecurityScorecard
What it is: External risk assessment platform. Their STRIKE team has been tracking OpenClaw exposure across the internet, identifying vulnerable instances and tracking exploitation patterns.
Penligent
What it is: Security research firm that has published the most detailed analyses of OpenClaw exposure, including the 220,000+ exposed instances report and red-teaming guides.
Community
- r/LocalLLaMA — Discussions about running OpenClaw with local models
- r/AI_Agents — General AI agent community with frequent OpenClaw content
- r/vibecoding — Enthusiast community
- r/ClaudeCode — Overlapping community with OpenClaw users
YouTube
Major OpenClaw creators include Matthew Berman (21 use cases video, 340K views), David Ondrej (OpenClaw 2.0 coverage), and numerous tutorial creators driving adoption through Hostinger and Lightsail tutorials.
Newsletters
- Refactoring (Luca Rossi) — Published a widely-read OpenClaw experience report
- Creator Economy (Nat Eliason) — Documented his $14K/week OpenClaw business
- Corp Waters (Mikhail Shcheglov) — Published "The Ultimate Guide to OpenClaw"
- Investing in AI — Tracking the "Rise of the Claws" ecosystem
How the Pieces Fit Together
The full enterprise stack, from bottom to top:
┌─────────────────────────────────┐
│ Your workflows & skills │ ← What the agent does
├─────────────────────────────────┤
│ DefenseClaw (Governance) │ ← Policy and compliance
├─────────────────────────────────┤
│ NemoClaw (Runtime Security) │ ← Guardrails and sandboxing
├─────────────────────────────────┤
│ OpenShell (Secure Runtime) │ ← Process isolation
├─────────────────────────────────┤
│ OpenClaw 2.0 (Agent) │ ← The agent itself
├─────────────────────────────────┤
│ Deployment Infrastructure │ ← Server, network, auth, SSL
│ (Clawdy / Lightsail / DIY) │
└─────────────────────────────────┘
Most individuals and small teams don't need the full stack. The minimum viable secure deployment is the bottom two layers: a properly configured server (infrastructure) running a current version of OpenClaw (agent). Everything above that adds security and governance for more complex or regulated use cases.
What's Coming
The ecosystem is moving fast. Based on RSAC announcements, vendor roadmaps, and community activity, expect:
- More "Claw" products. The naming convention has caught on. Every security vendor wants a Claw product.
- Enterprise adoption frameworks. Compliance-ready deployment guides from major consulting firms.
- Standardized agent governance. Industry working groups are forming around AI agent security standards.
- More deployment options. Other cloud providers will follow AWS's Lightsail lead.
- Foundation governance. The OpenClaw Foundation will formalize, with implications for project direction and contributor access.
The ecosystem that was just an agent and a GitHub repo three months ago now includes runtime security, governance frameworks, enterprise hardware integration, and a growing security industry. It's moving faster than anyone predicted.
Ready to deploy into the ecosystem? Clawdy handles the infrastructure layer — isolated instances, auth proxy, SSL, managed updates — so you can focus on what the agent does, not where it runs. Get started at clawdy.app.