Lobstack is a managed cloud platform for deploying autonomous AI agents. Each agent runs on a dedicated virtual machine with persistent memory, 700+ integrations, and goes live in under 90 seconds with zero DevOps.

How long does it take to deploy an AI agent?

You can deploy an AI agent on Lobstack in under 90 seconds. Describe what your agent should do, pick a model, and Lobstack handles all the infrastructure — no Docker, Kubernetes, or server setup needed.

What AI models does Lobstack support?

Lobstack supports 16 AI models including Claude Opus and Sonnet from Anthropic, GPT-5 and GPT-4o from OpenAI, Gemini 2.5 Pro from Google, plus DeepSeek, Mistral, and Grok. You can hot-swap models without losing agent memory or configuration.

Is Lobstack secure for enterprise use?

Yes. Every agent runs in a gVisor-sandboxed VM with AES-256 encryption at rest, TLS 1.3 in transit, HashiCorp Vault for secrets, row-level security on all tables, and full audit logging. Lobstack is SOC 2 aligned.

Docs/OpenClaw/OpenClaw Integration

Reference

OpenClaw Integration

Lobstack runs on OpenClaw, the open-source AI agent framework with 215K+ GitHub stars. Learn how the integration works, what version we run, and how to leverage OpenClaw's ecosystem.

What is OpenClaw?#

OpenClaw is the most popular open-source AI agent framework, created by Peter Steinberger. It provides a gateway, tool execution runtime, and messaging platform integrations that power every Lobstack agent.

Lobstack wraps OpenClaw into a managed, one-click deployment platform — no terminal, Docker, or server admin required. You get all the power of OpenClaw with enterprise-grade security, monitoring, and billing.

Version 2026.2.26

Lobstack pins to the latest stable release with all critical security patches (CVE-2026-25253, CVE-2026-24763, CVE-2026-27001).

Security Hardened

Gateway bound to loopback, token auth enforced, sandbox mode enabled, file permissions locked down (chmod 600).

MCP Support

Native Model Context Protocol integration. Connect to 13,000+ MCP servers from the ecosystem.

ClawHub Access

Browse and install from 5,700+ community-built skills on ClawHub, the OpenClaw skill registry.

Architecture#

Lobstack + OpenClaw Stack

Lobstack Dashboard  ->  Lobstack API (Next.js)  ->  Cloud Provider (Hetzner/DO/Vultr)
                                                          |
                                                     Dedicated VM (Ubuntu 24.04)
                                                     |-- Agent Bridge (Python, port 80)
                                                     |   |-- REST API (/chat, /config, /skills, /diag)
                                                     |   |-- WebSocket (port 8765)
                                                     |   +-- Tool execution engine
                                                     |-- OpenClaw Gateway (port 18789)
                                                     |   |-- Model routing (Anthropic, OpenAI, Google, xAI)
                                                     |   |-- MCP server orchestration
                                                     |   +-- Skill & plugin runtime
                                                     |-- MCP Servers (filesystem, github, etc.)
                                                     +-- Agent config (/root/.openclaw/)

Version & Updates#

Lobstack pins OpenClaw to a specific version for reproducibility and security. When a new OpenClaw release is validated, we update the pinned version across all new deployments.

Property	Value
Current Version	2026.2.26 (February 26, 2026)
Minimum Safe Version	2026.1.29 (CVE-2026-25253 patch)
Node.js Requirement	>= 22
Gateway Port	18789
Install Method	npm install -g openclaw@2026.2.26
Config Location	~/.openclaw/openclaw.json
Skill Directory	~/.openclaw/skills/

💡

Auto-updates

Rebuilding your agent from the dashboard always provisions with the latest pinned OpenClaw version. No manual updates needed.

Configuration#

Lobstack generates a secure openclaw.json for each agent with hardened defaults:

~/.openclaw/openclaw.json (generated)

{
  "gateway": {
    "mode": "local",
    "bind": "loopback",
    "port": 18789,
    "auth": { "mode": "token", "token": "<auto-generated>" }
  },
  "agents": {
    "defaults": {
      "workspace": "/root/.openclaw/workspace",
      "model": "anthropic/claude-sonnet-4-5"
    }
  },
  "security": {
    "sandbox": { "mode": "skills-only", "scope": "session", "workspaceAccess": "rw" },
    "tools": {
      "allowlist": ["run_terminal_command", "read_file", "write_file",
                     "list_directory", "browse_webpage", "http_request"]
    }
  },
  "mcpServers": {
    "filesystem": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-filesystem", "/root/.openclaw/workspace"]
    }
  }
}

MCP Servers#

OpenClaw natively supports the Model Context Protocol (MCP) — an open standard for connecting AI agents to external tools and data sources. MCP servers run as child processes and communicate via JSON-RPC 2.0.

Filesystem MCP

Read, write, and search files in the agent workspace via structured MCP tools.

GitHub MCP

Manage repos, issues, and PRs via the standardized MCP GitHub server.

Web Fetch MCP

Fetch and extract content from URLs with HTML parsing support.

Memory MCP

Persistent key-value storage for cross-conversation context.

ClawHub Skills#

ClawHub is the official OpenClaw skill registry with 5,700+ community-built skills across 40 categories. Skills are Markdown files that teach your agent how to perform specific tasks.

Lobstack agents have the ClawHub CLI pre-installed, allowing skill browsing and installation directly from the agent.

⚠️

Security notice

Community skills from ClawHub are not vetted by Lobstack. We enable sandbox mode by default for ClawHub skills to limit their permissions. Always review a skill before enabling it for sensitive operations.

Security#

Lobstack applies security hardening beyond OpenClaw defaults:

Loopback binding — Gateway only listens on 127.0.0.1, never exposed to the internet
Token authentication — 256-bit random gateway token auto-generated per agent
Sandbox mode — Enabled for community skills to limit tool execution scope
File permissions — openclaw.json at chmod 600, credentials at chmod 700
Security audit — openclaw security audit runs during provisioning
Version pinning — Specific OpenClaw version deployed for reproducibility
SSRF protection — IPv6 multicast guards enabled (v2026.2.26)

Patched Vulnerabilities#

CVE	Severity	Description	Fixed In
CVE-2026-25253	Critical (8.8)	One-Click RCE via WebSocket Hijack	2026.1.29
CVE-2026-24763	High	Docker sandbox bypass	2026.2.19
CVE-2026-27001	Medium	Prompt injection via workspace paths	2026.2.19

Google Calendar MCP Servers