
Editorial Note: As of January 30, 2026, Moltbot has been renamed to OpenClaw.
Recently, many individuals began acquiring Mac minis to operate Moltbot (previously Clawdbot), an open-source, self-hosted AI agent designed to function as a personal assistant. Moltbot operates in the background on a user’s own hardware, features a substantial and expanding array of integrations for chat applications, AI models, and other popular tools, and can be managed remotely. This AI can assist with finances, social media, and daily organization, all accessible through preferred messaging applications.
However, purchasing new dedicated hardware might not be desirable. An alternative exists to run Moltbot efficiently and securely online. This solution is Moltworker, a middleware Worker and adapted scripts that enable Moltbot to run on Cloudflare’s Sandbox SDK and Developer Platform APIs.
A Personal Assistant on Cloudflare: How It Works
Cloudflare Workers now offers significantly enhanced compatibility with Node.js. Previously, mocking APIs was necessary for certain packages, but these APIs are now natively supported by the Workers Runtime.
This advancement transforms how tools can be developed on Cloudflare Workers. For instance, when Playwright, a widely used framework for web testing and automation running on Browser Rendering, was first implemented, it relied on memfs. This approach was problematic due to its hacky nature and external dependency, leading to deviations from the official Playwright codebase. With improved Node.js compatibility, native node:fs usage became possible, reducing complexity and maintenance, and simplifying upgrades to the latest Playwright versions.
The range of natively supported Node.js APIs continues to expand. A comprehensive overview of this progress is detailed in the blog post “A year of improving Node.js compatibility in Cloudflare Workers.”
Progress in this area is actively measured. A recent experiment involved attempting to run the 1,000 most popular NPM packages within Cloudflare Workers, with surprisingly positive outcomes. Excluding packages that are build tools, CLI tools, or browser-only and thus not applicable, only 15 packages (1.5%) genuinely failed to operate.
A graphic illustrating Node.js API support evolution is provided below:
The results of an internal experiment on npm package support are available here for verification.
While Moltbot does not heavily depend on Workers Node.js compatibility, as much of its code runs in a container, it is important to emphasize the extensive support for packages using native APIs. This capability allows for significant application logic to run directly in Workers when developing new AI agents, bringing processing closer to the user.
Another crucial aspect is the expansion of products and APIs on the Developer Platform. This growth enables the creation and execution of diverse applications, including highly complex and demanding ones, on Cloudflare. Once deployed, applications on this platform immediately benefit from a secure and scalable global network.
These available products and services provided the necessary foundation. Key components include Sandboxes for securely running untrusted code in isolated environments, Browser Rendering for programmatic control of headless browser instances, and R2 for persistent object storage. With these building blocks, the adaptation of Moltbot could commence.
Adapting Moltbot to Run on Cloudflare
Moltbot on Workers, or Moltworker, integrates an entrypoint Worker that functions as an API router and a proxy between Cloudflare APIs and the isolated environment, with both protected by Cloudflare Access. It also offers an administration UI and connects to the Sandbox container where the standard Moltbot Gateway runtime and its integrations operate, utilizing R2 for persistent storage.
Let’s delve deeper.
AI Gateway
Cloudflare AI Gateway serves as a proxy between AI applications and various popular AI providers, offering centralized visibility and control over requests.
Recent updates include support for Bring Your Own Key (BYOK), allowing secrets to be centrally managed and used with gateway configurations, eliminating the need to pass provider secrets in plain text with every request.
For an even simpler approach, Unified Billing removes the need to manage AI provider secrets end-to-end. Users can add credits to their account and use AI Gateway with any supported provider directly, with Cloudflare handling the charges and deducting credits.
To configure Moltbot with AI Gateway, a new gateway instance is created, the Anthropic provider is enabled, and either a Claude key is added or credits are purchased for Unified Billing. The ANTHROPIC_BASE_URL environment variable is then set to the AI Gateway endpoint, requiring no code changes.
Once Moltbot uses AI Gateway, comprehensive visibility into costs, logs, and analytics becomes available, aiding in understanding how the AI agent interacts with providers.
Anthropic is just one option; Moltbot supports other AI providers, as does AI Gateway. A key benefit of AI Gateway is the ability to switch models within the gateway configuration if a superior model emerges from any provider, without needing to alter AI Agent configuration or redeploy. Additionally, model or provider fallbacks can be specified to ensure reliability and handle request failures.
Sandboxes
Anticipating the growing demand for AI agents to execute untrusted code securely in isolated environments, the Sandbox SDK was announced last year. Built upon Cloudflare Containers, this SDK offers a straightforward API for command execution, file management, background process operation, and service exposure, all from Workers applications.
Essentially, the Sandbox SDK provides developer-friendly APIs for secure code execution, abstracting the complexities of container lifecycle, networking, file systems, and process management. This allows developers to concentrate on application logic with minimal TypeScript code. An example is provided:
import { getSandbox } from '@cloudflare/sandbox';
export { Sandbox } from '@cloudflare/sandbox';
export default {
async fetch(request: Request, env: Env): Promise<Response> {
const sandbox = getSandbox(env.Sandbox, 'user-123');
// Create a project structure
await sandbox.mkdir('/workspace/project/src', { recursive: true });
// Check node version
const version = await sandbox.exec('node -v');
// Run some python code
const ctx = await sandbox.createCodeContext({ language: 'python' });
await sandbox.runCode('import math; radius = 5', { context: ctx });
const result = await sandbox.runCode('math.pi * radius ** 2', { context: ctx });
return Response.json({ version, result });
}
};
This functionality is highly suitable for Moltbot. Instead of running Docker locally on a Mac mini, Docker runs on Containers. The Sandbox SDK is used to issue commands within the isolated environment and establish two-way communication with the entrypoint Worker via callbacks.
R2 for Persistent Storage
Local computers or VPS offer persistent storage inherently. However, Containers are by nature ephemeral, meaning data generated within them is lost upon deletion. The Sandbox SDK addresses this with sandbox.mountBucket(), which automatically mounts an R2 bucket as a filesystem partition when a container starts.
With a local directory guaranteed to persist beyond the container's lifecycle, Moltbot can store session memory files, conversations, and other necessary assets.
Browser Rendering for Browser Automation
AI agents frequently navigate the often unstructured web. Moltbot employs dedicated Chromium instances for actions such as web navigation, form filling, snapshot capture, and other browser-dependent tasks. While Chromium could also run on Sandboxes, using an API offers a simpler alternative.
Cloudflare’s Browser Rendering enables programmatic control and interaction with headless browser instances operating at scale across the edge network. Support is provided for Puppeteer, Stagehand, Playwright and other popular packages, facilitating developer onboarding with minimal code changes. MCP for AI is also supported.
To integrate Browser Rendering with Moltbot, two steps are taken:
-
A thin CDP proxy (CDP is the protocol for instrumenting Chromium-based browsers) is created from the Sandbox container to the Moltbot Worker, then to Browser Rendering using Puppeteer APIs.
-
A Browser Rendering skill is injected into the runtime when the Sandbox starts.
From the Moltbot runtime's perspective, it connects to a local CDP port to perform browser tasks.
Zero Trust Access for Authentication Policies
Protecting APIs and the Admin UI from unauthorized access is crucial. Implementing authentication from scratch is complex and often unnecessary. Zero Trust Access simplifies application protection by allowing the definition of specific policies and login methods for endpoints.
Once endpoints are protected, Cloudflare manages authentication, automatically including a JWT token with every request to origin endpoints. This JWT can then be validated for enhanced security, ensuring requests originate from Access and not malicious third parties.
Similar to AI Gateway, placing APIs behind Access provides excellent observability into user activity and interactions with the Moltbot instance.
Moltworker in Action
A demonstration was conducted using a Slack instance with a Moltbot on Workers. Examples of its capabilities are provided below.
For instance, if one dislikes receiving bad news, Moltbot can be configured to filter it.
In one chat session, Moltbot was asked to find the shortest route between Cloudflare's London and Lisbon offices using Google Maps and capture a screenshot in a Slack channel. It successfully navigated Google Maps using Browser Rendering, demonstrating its ability to follow a sequence of steps. Moltbot's memory was also evident when the request was repeated.
For those craving Asian food, Moltbot can assist in finding options.
Visual preferences are also catered to.
Moltbot can also create videos, such as one browsing developer documentation. It downloads and runs ffmpeg to generate the video from captured browser frames.
Run Your Own Moltworker
The implementation has been open-sourced and is available at https://github.com/cloudflare/moltworker, allowing users to deploy and run their own Moltbot on Workers today.
The README provides guidance on the setup process. A Cloudflare account and a minimum $5 USD Workers paid plan subscription are required for Sandbox Containers. However, other products like AI Gateway are free, or offer generous free tiers for initial use and operation within reasonable limits.
Moltworker is presented as a proof of concept, not a Cloudflare product. Its purpose is to demonstrate exciting features of the Developer Platform for running AI agents and unsupervised code efficiently and securely, while providing strong observability and leveraging the global network.
Contributions or forks of the GitHub repository are welcome, with ongoing monitoring for support. There is also consideration for contributing Cloudflare skills upstream to the official project.
Conclusion
This experiment aims to illustrate Cloudflare's suitability for running AI applications and agents. Continuous efforts have focused on anticipating future needs and releasing features such as the Agents SDK for building agents in minutes, Sandboxes for running arbitrary code in isolated environments without container lifecycle complexities, and AI Search, Cloudflare’s managed vector-based search service.
Cloudflare now provides a comprehensive toolkit for AI development, encompassing inference, storage APIs, databases, durable execution for stateful workflows, and integrated AI capabilities. These components collectively enable the creation and operation of even the most demanding AI applications on its global edge network.

