Both let you manage AI agents remotely. Only one was built with security as a first principle.
| Feature | Amurg | OpenClaw |
|---|---|---|
| Agents supported | Any (8 built-in profiles) | Any (via skills) |
| Multi-machine | ✓ | ✓ |
| Team support | ✓ | ✗ |
| Inbound ports required | ✗ | ✓ |
| Default exposure | None — outbound only | Exposed by default |
| Permission gates | ✓ | ✗ |
| Audit log | ✓ | ✗ |
| Skill/plugin marketplace | No (by design) | Yes (800+ malicious found) |
| Self-hostable | ✓ | ✓ |
| Mobile UI | ✓ | ✓ |
| Pricing | $5/mo or free (self-host) | Free |
OpenClaw was designed for convenience — install it, and it immediately listens on a port. That simplicity comes at a cost. Security researchers have found 42,665 publicly exposed instances, many with default credentials or no authentication at all.
The skill marketplace compounds the problem. Over 800 malicious skills have been discovered, including tools that steal credentials, mine cryptocurrency, and establish reverse shells. Meta pulled OpenClaw from internal use after a security incident.
Multiple CVEs have been filed against OpenClaw's API, including remote code execution vulnerabilities that affect any instance reachable from the internet — which, given the default configuration, is most of them.
Your runtime connects out to the hub. No listening ports, nothing to scan, nothing to exploit. Works behind NAT and firewalls without configuration.
There's no skill store to poison. Agents are tools you already trust — Claude Code, Copilot, your own scripts. No third-party code runs unless you put it there.
Agents request approval before running commands or accessing files. You approve or deny from your phone. Every decision is logged.
Every message, session, login, and permission decision is recorded. Exportable logs you can review, search, and retain.
Connect your first agent in minutes. No exposed ports, no marketplace risks.
