Know what your AI agents cost, block what they shouldn't do.
Point your AI app at our gateway URL. We track every dollar, scan for personal data, enforce rate limits, and log every request — so you ship with confidence instead of crossing your fingers.
50+ AI providers
OpenAI, Anthropic, Google, DeepSeek & more
6-step safety check
Rate limit, cost, PII, security, model, approval
< 5ms overhead
Governance adds almost nothing
5-minute setup
One URL change, zero code changes
AI agents are powerful.Production demands guardrails.
AI agents that loop overnight with no cost cap are a real risk. Budget limits and automatic shutoffs prevent surprise bills before they happen.
Swap one environment variable and every AI call flows through the governance proxy. Cost tracking, personal data scanning, and rate limiting — instantly.
Most agent tool integrations ship without audit trails, rate limits, or replay capabilities. Production AI demands proper governance.
The AI governance market is projected at $492M by 2028, and the EU AI Act takes effect August 2026. Curate-Me wraps your AI agents in a governance layer. Every API call proxied. Every action audited. Every dollar tracked.
Three pillars. One platform.
Everything you need to run OpenClaw agents in production.
Ephemeral containers. Send tasks in plain English.
Tear-up/tear-down lifecycle, 3 tool profiles, intent router, webhook triggers, session continuity, multi-level autonomy.
- Tear-up/tear-down lifecycle
- 3 tool profiles (locked, web, full)
- Natural language intent router
- Webhook & cron triggers
- Multi-level autonomy control
- 15 seeded templates
Get running in four steps.
Swap your base URL
Point your existing OpenAI/Anthropic SDK at our gateway. Zero code changes.
OPENAI_BASE_URL=https://api.curate-me.ai/v1/openai
X-CM-API-Key: cm_sk_xxxSpin up a runner
Launch a governed OpenClaw sandbox in one API call.
runner = client.runners.create(
tool_profile="web_automation",
budget_limit=5.00
)Tell it what to do
Send tasks in plain English. Intent classified, template matched, schedule set.
"Review my open PRs every morning"
→ intent: code_review
→ schedule: 0 9 * * 1-5
→ runner: web_automationWatch from the dashboard
Costs, traces, approvals — all in one place.
Works with your stack.
Swap one base URL for the gateway. Use the Python or TypeScript SDK for runners. Bring your own LLM keys, your own infra.
View API Reference# Before (direct to OpenAI):
OPENAI_BASE_URL=https://api.openai.com/v1
# After (through Curate-Me gateway):
OPENAI_BASE_URL=https://api.curate-me.ai/v1/openai
X-CM-API-Key: cm_sk_xxx
# That's it. Zero code changes.
# Cost tracking, personal data scanning, rate limiting — all automatic.See it in action.
From runner creation to security audit — explore the platform without signing up.
Dashboard
Paused — click a screen to navigate
runner = client.gateway.runners.create( tool_profile="write_project", daily_budget=25.00, sandbox_tier="WRITE_PROJECT" ) session = client.gateway.runners.start_session( runner["runner_id"] ) # Runner is live. Sandbox isolated. Budget capped.
For OpenClaw Users
The Secure Way to Run OpenClaw
Managed hosting with built-in cost governance, security scanning, and guardrails. Deploy in 5 minutes.
Running OpenClaw Without Guardrails is Dangerous
The numbers speak for themselves. OpenClaw is powerful, but running it unmanaged is a liability.
Security Crisis
6+ CVEs disclosed in the last three weeks. 135,000+ exposed instances found across 82 countries. Docker sandbox escapes allow host-level access.
Malicious Skills
341 malicious ClawHub skills identified by security researchers. Credential theft, crypto mining, and reverse shells hidden in popular skill packages.
Cost Runaway
Users burning $3,600/mo on runaway agent loops. Expensive model defaults with no budget caps. One bad prompt can drain your API credits overnight.
No Governance
No audit trail for agent actions. No approval workflows for sensitive operations. No rate limiting out of the box. You are flying blind.
What Happens Without Governance
Real numbers from the OpenClaw ecosystem. These are the risks your team faces without a governance layer.
Average API overspend
Without budget caps, a single runaway agent loop can drain thousands in API credits overnight. Most teams discover the damage on their next invoice.
Exposed OpenClaw instances
SecurityScorecard found 135,000+ exposed OpenClaw instances across 82 countries with no authentication, exposed directly to the internet. 63% are vulnerable.
Disclosed in 3 weeks
Including one-click RCE (CVE-2026-25253, CVSS 8.8), Docker sandbox escapes, and SSRF bypasses. Self-hosted instances without auto-patching remain vulnerable.
What we provide.
Six layers of protection between your OpenClaw instance and production disasters.
Cost Guardian
Real-time spend tracking per runner, per model, per session. Daily budget limits with automatic enforcement. Emergency kill switch stops runaway agents instantly.
Security Shield
Auto-patching for known CVEs. Skill scanning before installation. Continuous posture assessment. CVE monitoring with automated alerts and fixes.
Policy Pipeline
Six-step safety pipeline: rate limiting, cost estimation, personal data scanning, security scanning, model allowlists, and human approval. Short-circuits on first denial.
Managed Hosting
Dedicated cloud infrastructure with auto-scaling and 99.9% uptime. Zero DevOps required. We handle provisioning, networking, updates, and backups so you ship product.
Multi-Channel
Unified monitoring across Telegram, WhatsApp, Slack, and Discord. One dashboard for all your agent communication channels. Alert routing and escalation.
Free Skill Scanner
Scan any ClawHub skill URL before installing. Grade A-F security reports with detailed findings. Static analysis, dependency audit, and behavior profiling.
Managed OpenClaw Hosting
Production-grade managed OpenClaw hosting
Deploy OpenClaw on dedicated cloud infrastructure with automated setup, monitoring, and scaling. No Docker configuration, no Nginx setup, no SSH maintenance. Our control plane handles the full lifecycle -- from initial deployment through rolling updates and backup rotation. Your team focuses on building agents, not managing servers.
Secure OpenClaw
Security for every OpenClaw instance
Secure OpenClaw deployments with network phase separation, sandbox isolation, and a vetted skills allowlist. Auto-patching addresses CVEs within hours of disclosure. Continuous posture assessment monitors for drift. Every agent action is logged in an audit trail for compliance and review.
OpenClaw Cost Control
Real-time cost governance for OpenClaw agents
OpenClaw cost control through per-request cost estimation, daily budget caps, and model allowlists. The gateway estimates cost before every AI call and short-circuits if it would exceed your threshold. Emergency kill switches halt all agent activity instantly. Cost data streams to real-time dashboards and persists for audit and trend analysis.
Curate-Me vs. Self-Hosted vs. Other Managed Providers
Only Curate-Me provides full governance across every dimension.
| Feature | Curate-Me | Self-Hosted | xCloud | ClawHost | Clawctl |
|---|---|---|---|---|---|
| Cost Control | |||||
| Security Scanning | |||||
| Auto-Patching | |||||
| Kill Switch | |||||
| Human Approvals | |||||
| Governance Policies | |||||
| Multi-Channel Monitoring |
Based on publicly available documentation. Updated March 2026.
Starting at $0/month
Free tier: 1,000 gateway requests/day with personal data scanning. No credit card required.
Free
1,000 gateway requests/day with personal data scanning. No credit card required.
- 1,000 gateway requests / day
- 1 runner + 1 session hour
- Personal data scanning
- Cost tracking dashboard
- Community support
Growth
For teams running OpenClaw in production with full governance.
- 500K gateway requests / month
- 5 runners + 200 session hours
- Human approval queues
- Webhooks & desktop streaming
- Time-travel debugging
- Priority support
Enterprise
Dedicated infrastructure, SLAs, and compliance for regulated industries.
- Unlimited requests & runners
- Connected machines (run on your hardware)
- SSO / SAML
- Custom governance policies
- Compliance dashboard
- Dedicated support + SLA
Check if your skills are safe
Paste a ClawHub skill URL. Get a free A-F security grade in seconds.
Free forever. No account required. Results in under 10 seconds.
Common questions about managed OpenClaw hosting
Everything you need to know about security, pricing, migration, and governance.
Self-hosting OpenClaw means you handle setup, patching, security hardening, and cost monitoring yourself. With Curate-Me managed hosting, we run your OpenClaw instance on dedicated cloud infrastructure with auto-patching for CVEs, real-time cost governance, personal data scanning, and a full ops dashboard -- all included. You get production security without the DevOps burden.
We offer a free tier with 1,000 requests per day and full governance -- no credit card required. The Starter plan is $49/month and includes 100K requests, 3 connected machines, model allowlists, and cost controls. The Growth plan is $199/month with 500K requests, 5 machines, human approval workflows, time-travel debugging, and priority support. Enterprise plans include unlimited requests, self-hosted machines, SSO/SAML, and dedicated infrastructure -- pricing is tailored to your usage. AI provider costs (OpenAI, Anthropic, etc.) are billed directly by the provider -- we never mark up API costs.
OpenClaw has had 6+ CVEs disclosed in a three-week period, including one-click RCE vulnerabilities. Our managed instances receive automatic patches within hours of disclosure. We also run continuous posture assessments, scan all ClawHub skills before installation, and enforce network phase separation so agents cannot make outbound calls during execution. Every action is logged in an immutable audit trail.
Yes. Migration takes under 30 minutes for most setups. We provide a migration CLI tool that exports your existing configuration, skills, and credentials, then imports them into a managed instance. Your agent definitions, prompt templates, and workflow configurations transfer directly. We also offer white-glove migration assistance on Growth and Enterprise plans.
Yes — connect any machine (laptop, server, cloud VM) to Curate-Me in under 2 minutes. Install our lightweight agent, register with a one-time token, and your machine appears in the dashboard with full cost tracking, policy enforcement, and observability. All communication is outbound-only — no ports to open. This is ideal for teams with data residency requirements or existing cloud contracts. Available on Growth and Enterprise plans.
Every request passing through the gateway gets a real-time cost estimate before it reaches the AI provider. You can set per-request cost limits, daily budget caps per organization, and model allowlists to prevent expensive model usage. If a budget threshold is exceeded, the request is denied automatically. An emergency kill switch can halt all agent activity instantly. Cost data feeds real-time dashboards and is persisted for audit.
The ClawHub skills registry has a serious malware problem -- 20% of skills have been flagged as malicious, including credential theft and crypto mining payloads. Curate-Me provides a vetted skills allowlist and a free skill scanner that gives every skill an A-F security grade based on static analysis, dependency audit, and behavior profiling. Only approved skills can be installed on managed instances.
Pro plans include a 99.9% uptime SLA for the managed infrastructure. Enterprise plans offer 99.95% with dedicated support engineers and priority incident response. Our infrastructure runs on dedicated cloud compute with automated health checks, auto-restart on failure, and geographic redundancy options. The governance gateway itself is stateless and horizontally scalable.
Agent execution data, audit logs, and cost records are stored in databases isolated per organization. Personal data scanning runs locally within the gateway before requests leave your network boundary -- sensitive data is never forwarded to AI providers. We do not train models on your data. Enterprise plans support data residency in EU or US regions, and self-hosted machines keep all data on your own infrastructure.
It depends on the model, but most teams spend $50-500/month on API calls. The problem is unpredictability -- a single runaway loop can cost thousands. With Curate-Me, you see exactly what each agent costs per request, per day, and per month. Set a daily budget cap and we block requests before you overspend.
About 5 minutes. You change one environment variable (your base URL) to point at our gateway instead of directly at OpenAI/Anthropic/Google. No code changes, no SDK installs, no infrastructure to manage. Your existing code works unchanged -- we just sit in between and add governance.
Yes. The gateway supports 50+ AI providers including OpenAI, Anthropic (Claude), Google (Gemini), DeepSeek, Groq, Mistral, xAI, and more. You can route different agents to different providers, set model allowlists per organization, and use model aliases to swap providers without changing agent code. The safety pipeline (rate limiting, cost tracking, personal data scanning, human approvals) applies uniformly across all providers.
Still have questions?
Reach out to our team →The only platform that combines all three.
Gateway + Runners + Observability. No other platform does it.
Feature comparison based on publicly available documentation as of March 2026. Helicone acquired by Mintlify (Mar 2026).
| Feature | Curate-Me | Clawctl | E2B | Portkey |
|---|---|---|---|---|
| Managed OpenClaw hosting | ||||
| AI governance proxy | ||||
| Cost governance (budgets) | ||||
| Personal data scanning | Enterprise | |||
| Human approval workflows | Partial | |||
| Time-travel debugging | ||||
| Sandboxed agent execution | ||||
| Multi-provider gateway | ||||
| Immutable audit trail | ||||
| EU AI Act readiness | In progress | Partial |
Security built for AI agents.
OpenClaw has 313K+ stars and 135,000+ exposed instances across 82 countries (SecurityScorecard, Jan 2026). Our three-layer defense stops every known attack vector.
Sandbox Isolation
Every agent runs in its own sandbox
Deny patterns block .env, *.pem, .git/config. Per-session byte-level write tracking with size limits. Immutable paths never writable.
Network Phases
Agents can't phone home during execution
Four access levels per phase: FULL, ALLOWLIST_ONLY, LOCAL_ONLY, NONE. Domain/port filtering on allowlist mode.
Human-in-the-Loop
High-cost or sensitive actions need human approval
Approval queues in the dashboard. Configurable thresholds per org. Auto-deny after timeout. Full audit trail.
Security Incidents We Prevent
Real OpenClaw incidents from January–February 2026 and which Curate-Me feature blocks each one.
CVE-2026-25253 — One-Click RCE
512 vulnerabilities in audit
341 malicious ClawHub skills
135,000+ exposed instances
Runaway agent purchases
API key / personal data leakage
Pricing that scales with you.
Free to start. No credit card required.
Free
Explore the gateway with your own LLM keys.
- 1,000 gateway requests / day
- 1 connected machine + 1 session hour
- Personal data scanning
- Cost tracking dashboard
- Community support
Starter
For solo devs shipping AI features.
- 100K gateway requests / month
- 1 connected machine + 50 session hours
- Model allowlists
- Cost controls & budgets
- Email support
Growth
For teams that need governance and approvals.
- 500K gateway requests / month
- 3 connected machines + 200 session hours
- HITL approvals
- Time-travel debugging
- Webhooks & integrations
- Priority support
Need custom infrastructure or compliance? Talk to us about Enterprise →
Go from prototype
to production in minutes.
Swap one base URL. Get cost controls, personal data scanning, rate limiting, and a full audit trail — without changing a single line of agent code.