ClawFirm — AI Factory in a Box

ClawFirm

AI factory in a box. Secure by default.

Solo → SMB → Enterprise. One install. Zero trust from day one.

# Install ClawFirm
curl -fsSL https://get.clawfirm.io | sh

clawfirm init --tier solo
clawfirm up

View on GitHub Join Discord

Bitsight found 30,000+ exposed OpenClaw instances in early 2026. Microsoft, McAfee, and the Dutch DPA all published warnings. ClawFirm flips the defaults: chat-only at first run, four-tier governance ladder, sandbox-first execution, signed skills, mandatory audit trail.

Solo

Docker Compose
Laptop or single VPS
8-core, 16GB RAM min
Local Qwen model included

SMB

k3s + Coolify
1–3 node cluster
64GB RAM, 1× GPU
Headscale zero-trust mesh

Enterprise

k0s HA + Flux GitOps
Air-gap capable
RBAC + Authentik
Firecracker sandbox