Who this guide is for
You want a personal, always-on AI assistant live this week, without writing your own Node deploy scripts or babysitting a VPS. The fastest path in 2026 is one of three managed wrappers around the same upstream project (openclaw/openclaw): an AWS Lightsail blueprint, a Hostinger one-click app, or a Cloudflare Workers proof-of-concept. Hermes Agent from Nous Research is the strong alternative if a self-improving learning loop matters more than channel breadth.
Meet the products
OpenClaw is a personal AI assistant you run on your own devices. The GitHub repo (openclaw/openclaw) carries over 379,000 stars and lists OpenAI, GitHub, NVIDIA, Vercel, Blacksmith, and Convex as sponsors. The actual install on a developer machine is one command: npm install -g openclaw@latest && openclaw onboard. The Gateway is the control plane; the assistant is the product. OpenClaw runs on macOS, Linux, Windows, iOS, and Android with a live Canvas you can speak and listen on. The Cloudflare integration was originally introduced as MoltWorker; it has since consolidated under the OpenClaw name (with the older Moltbot and Clawdbot as historical names).
OpenClaw supports 22 messaging channels: WhatsApp, Telegram, Slack, Discord, Google Chat, Signal, iMessage, IRC, Microsoft Teams, Matrix, Feishu, LINE, Mattermost, Nextcloud Talk, Nostr, Synology Chat, Tlon, Twitch, Zalo, WeChat, QQ, WebChat. There is an active skill marketplace (VoltAgent/awesome-openclaw-skills catalogues 5,400+ skills, with broader compatibility through the open agentskills.io standard).
Hermes Agent is the alternative: a self-improving assistant from Nous Research with around 199,000 GitHub stars. It runs on Telegram, Discord, Slack, WhatsApp, Signal, and the CLI, with voice memo transcription and cross-platform continuity. The differentiator is the learning loop: skills self-improve during use, Honcho dialectic user modelling builds a persistent picture of who you are, and FTS5 session search plus LLM summarisation make past conversations recallable. It plugs into 200+ models (Nous Portal, OpenRouter, NovitaAI, NVIDIA NIM/Nemotron, Xiaomi MiMo, z.ai/GLM, Kimi/Moonshot, MiniMax, Hugging Face, OpenAI) switchable with hermes model. Six terminal backends (local, Docker, SSH, Singularity, Modal, Daytona); Modal and Daytona offer serverless hibernation so the agent costs near-zero when idle.
The shortest possible install path
If you have a laptop and a terminal, this is the fastest start:
# OpenClaw (Node 24 recommended, 22.19+ works)
npm install -g openclaw@latest
openclaw onboard --install-daemon
# Hermes Agent (Linux, macOS, WSL2, Termux)
curl -fsSL https://hermes-agent.nousresearch.com/install.sh | bash
The three managed paths below exist for when you want the assistant always-on without your laptop being on, and you would rather not run the daemon yourself.
Side by side
Pick by trade-off, not by trend.
| Dimension | OpenClaw on AWS Lightsail | OpenClaw or Hermes on Hostinger | OpenClaw on Cloudflare |
|---|---|---|---|
| Runtime shape | Linux VPS + blueprint | Linux VPS + one-click app | Workers + Sandbox Containers (no VPS) |
| One-click install | Lightsail console blueprint | hPanel marketplace | Wrangler deploy from the OpenClaw repo |
| Default LLM wiring | Amazon Bedrock, Claude Sonnet 4.6 | Bundled credits + 200+ models (Hermes) | AI Gateway with your provider key |
| Recommended plan | 4 GB Lightsail instance | Managed (₹549/mo) or KVM 2 VPS (₹799/mo) | Workers Paid plan (required) |
| TLS / DNS | Lightsail-managed Let's Encrypt | Hostinger-managed + free domain | Cloudflare edge (built in) |
| Messaging channels | Telegram, WhatsApp | Telegram, Discord, Slack, WhatsApp, Signal, email | Browser, plus channels OpenClaw adds |
| Best for | Teams already in AWS who want Bedrock | Cheapest start, includes a managed option | Teams already on the Cloudflare developer platform |
Path 1: OpenClaw on AWS Lightsail
Best fit if you live in the AWS ecosystem already. Lightsail's OpenClaw blueprint comes pre-configured with Amazon Bedrock as the default model provider, so the assistant works the moment IAM permissions are set up.
- Create the instance. Lightsail console → Create instance → Linux/Unix → Blueprint: OpenClaw. The 4 GB plan is the recommended starting size.
- Wait for Running. The instance comes up in a couple of minutes. Lightsail issues a Let's Encrypt cert for the public IP automatically (no manual TLS setup).
- Pair your browser. Open the instance, hit the Getting started tab, click Connect using SSH. The MOTD prints a Dashboard URL and an Access Token. Open the URL in a new tab, paste the token, click Connect, approve the CLI and the device pairing.
- Enable Bedrock. Back on the Getting started tab, click Copy the script under "Enable Amazon Bedrock as your model provider", then Launch CloudShell. Paste, hit Enter. The script creates
LightsailRoleFor-<instance-id>with Bedrock + Marketplace permissions. Wait for "Done". - First-time Anthropic access. Default model is Claude Sonnet 4.6. If this is your first Anthropic use in your AWS account, complete the FTU form in the Bedrock console (Model catalog → pick Anthropic). One-time per account.
- Optional: attach a static IP. Networking tab → create + attach. Lightsail re-issues the Let's Encrypt cert against the new IP automatically. You will need to re-pair browsers after this.
- Optional: connect a channel. SSH back in, run
openclaw channels add, pick Telegram or WhatsApp, follow the bot-token or QR flow.
What costs you actually pay
Lightsail per-hour up to the monthly cap (4 GB plan), Bedrock token costs per message (model-dependent), Marketplace fees for third-party models like Anthropic, data transfer overages, and snapshot storage. The instance itself is the smallest of these for any real workload.
Path 2: OpenClaw or Hermes Agent on Hostinger
Cheapest start, both products are first-class one-click installs in the Hostinger marketplace. Pick OpenClaw if you want the simpler chat-gateway shape, or Hermes Agent if you want the 200+ LLM range and the multi-channel breadth.
- Pick the plan. Managed OpenClaw is the simplest (currently ₹549/mo intro, ₹999/mo renew). For root access pick the OpenClaw VPS plan (KVM 2 territory, ~₹799/mo intro, ₹1,199/mo renew) or the Hermes Agent VPS tier that matches your workload (KVM 1 to KVM 8).
- Click Install. hPanel handles the OS, Docker, firewall, TLS, and a free first-year domain. Hostinger advertises a 60-second time-to-first-message, which is roughly the truth on a quiet day.
- Open the admin UI. Hostinger emails a URL and credentials. OpenClaw and Hermes Agent both ship browser-based control panels.
- Add messaging channels. Both products do this from the admin UI: Telegram + WhatsApp for OpenClaw; Telegram, Discord, Slack, WhatsApp, Signal, and email for Hermes Agent. Bot tokens or QR pairing depending on the channel.
- Wire your LLM. Bundled credits cover the first few interactions; for production traffic plug in your own OpenAI, Anthropic, Google, or open-model provider key (Hermes supports 200+ models).
- Verify backups. Weekly automatic backups are on by default. Trigger a test restore before you trust them.
Path 3: OpenClaw on Cloudflare (formerly MoltWorker)
This is the odd one out: there is no VPS. The agent runs in Cloudflare Workers and Sandbox Containers at the edge, with R2 for files, AI Gateway for model providers, and Cloudflare Access as the auth layer. The project was originally introduced as MoltWorker; it has since consolidated under the OpenClaw name. If you already use the Cloudflare developer platform, this is the cleanest fit.
- Get a Workers Paid plan. Sandbox Containers require it. ($5/mo as of this writing.)
- Clone the OpenClaw repo. The Cloudflare project initially shipped as
cloudflare/moltworker; check the current OpenClaw docs for the canonical repo, since Cloudflare may have renamed or re-homed it. A safe starting point:# original moltworker repo (still installable): git clone https://github.com/cloudflare/moltworker openclaw cd openclaw - Configure AI Gateway. Cloudflare dashboard → AI → AI Gateway → create gateway. Either point it at your own provider key, or enable Unified Billing so all model usage shows up on the Cloudflare invoice.
- Set Wrangler vars. Wrangler is the Cloudflare CLI. Fill in the variables the README lists (gateway URL, R2 bucket name, provider key reference, Access policy).
- Deploy.
npm install npx wrangler deploy - Front with Access. Add a Zero Trust Access policy (email OTP, Google, GitHub, SSO) so only your authenticated users can reach the Worker. The agent never sits on the public internet without auth.
- Watch logs and costs. Workers Logs and the AI Gateway analytics dashboard show every request, every model call, and every dollar. This is the unsung win of the Cloudflare path.
When OpenClaw on Cloudflare wins: teams already on Cloudflare for DNS, CDN, or Pages. The "no VPS" property means no patching, no SSH, no security group audits. The trade-off is unfamiliar ergonomics if your team has not worked with Workers before.
Common gotchas across all three
- Token rotation surprises pairings. OpenClaw rotates gateway tokens daily by default (MOTD 2.0.0). Every paired browser and channel must re-pair after a rotation. Disable rotation only after you understand the security cost.
- Static IP changes break TLS without managed certs. Lightsail handles this via its certificate daemon. On Hostinger and self-managed setups you have to remember to re-issue.
- Bundled credits run out. Hostinger's "AI included" is a starter credit, not unlimited. Wire your own model provider key before the first real customer demo.
- Sandbox restrictions surprise plugin authors. OpenClaw isolates tool execution in Docker by default. Some plugins need looser permissions; loosen knowingly with
openclaw config set tools.exec.security .... - OpenClaw on Cloudflare requires the Workers Paid plan. Sandbox Containers do not run on the free Workers plan. Check this before deciding the budget.
- No backup plan. Lightsail automatic snapshots, Hostinger weekly backups, Cloudflare R2 versioning. Pick the one for your platform, then trigger a test restore. Untested backups are not backups.
Which one should you actually pick?
- Already in AWS? OpenClaw on Lightsail. Bedrock comes wired, IAM is one CloudShell script, TLS is automatic.
- Cheapest start, want a managed option? OpenClaw managed on Hostinger.
- Need 200+ LLMs and multi-channel breadth (Discord, Slack, Signal)? Hermes Agent on Hostinger.
- Already on the Cloudflare developer platform? OpenClaw on Workers (the project formerly known as MoltWorker). No VPS to patch, Access for auth, AI Gateway for cost visibility.
When to outgrow these
Stay on a one-click install until you hit one of these:
- You need more than one instance for availability or load.
- You need a managed database with point-in-time recovery.
- You need to spread across regions for latency or residency.
- SOC 2 or HIPAA scope arrives.
- You need to plug a custom model, custom planner, or non-trivial tool catalogue into the agent.
At that point migrate to ECS / EKS on AWS, a dedicated Kubernetes cluster on any provider, or a managed agent runtime your engineering team controls end to end. Until then, a one-click install is the right answer.
Want help with the next step?
Kiebot ships agents into production for clients every week. If you want a pair of hands on the architecture, the deploy, or the eval harness, see our Add AI to your product solution. For the production-readiness story, see Designing AI Applications That Survive Production.



