AI Hub Icon
AIBit Discover Open Source Projects
Home / Tutorial Articles

Run OpenClaw AI Assistant on Cloudflare Workers: A Step‑by‑Step Tutorial

January 31, 2026
Category: Tutorial Articles
Tags:
Anthropic Cloudflare Workers OpenSource AI Cloudflare Access R2 Storage

Deploy OpenClaw (formerly Moltbot) on Cloudflare Workers

OpenClaw is a lightweight, extensible personal AI assistant that can power chat channels such as Telegram, Discord, Slack, and web‑based UIs. Running it in a Cloudflare Sandbox container gives you a cheap, always‑on, globally‑distributed deployment without the need to manage a VM or Kubernetes cluster.

Prerequisites * A Cloudflare Workers “Paid” account (the Sandbox feature is only available on the Workers Paid plan). * An API key for a supported LLM provider – we recommend Anthropic’s Claude or Cloudflare’s AI Gateway. * Optional: Cloudflare Access credentials for admin UI protection and an R2 bucket for persistence.

TL;DR – Run npm install, set secrets, deploy (npm run deploy), then open https://your‑worker.workers.dev/?token=YOUR_TOKEN.

1. Clone the Repository

git clone https://github.com/cloudflare/moltworker
cd moltworker

The repo ships with a Dockerfile, wrangler.js, and a bundled Vite build for the control‑plane UI.

2. Install Dependencies

npm install

3. Set LLM Secrets

Direct Anthropic Access

npx wrangler secret put ANTHROPIC_API_KEY

npx wrangler secret put AI_GATEWAY_API_KEY
npx wrangler secret put AI_GATEWAY_BASE_URL

If you supply both gateway and direct Anthropic secrets, the gateway takes precedence.

4. Generate a Gateway Token

The Control UI is protected by a custom token, separate from Cloudflare Access. Generate a 32‑byte hex string and set it as a secret:

export MOLTBOT_GATEWAY_TOKEN=$(openssl rand -hex 32)
echo "$MOLTBOT_GATEWAY_TOKEN" | npx wrangler secret put MOLTBOT_GATEWAY_TOKEN

Keep this token safe – you’ll use it in the URL to access the UI.

5. Optional: Configure Cloudflare Access

The admin UI (/_admin/) and WebSocket handshake can be protected with Cloudflare Access for an extra layer of security.

  1. In the Workers dashboard, click your worker > Settings > Domains & Routes > workers.dev > Enable Cloudflare Access.
  2. In the Access settings, add your email as an allow‑list or configure an OAuth provider.
  3. Copy the Application Audience (AUD) tag from the Access app and set it as a secret: 
    npx wrangler secret put CF_ACCESS_AUD
  4. Set your team domain (myteam.cloudflareaccess.com): 
    npx wrangler secret put CF_ACCESS_TEAM_DOMAIN

After setting these secrets, redeploy (npm run deploy).

6. Optional: Persistent Storage with R2

Without R2, all device pairings and chat history disappear when the sandbox restarts. To persist data:

  1. Create an R2 bucket named moltbot-data.
  2. Generate an API token with Object Read & Write permissions.
  3. Set the secrets: 
    npx wrangler secret put R2_ACCESS_KEY_ID
npx wrangler secret put R2_SECRET_ACCESS_KEY
npx wrangler secret put CF_ACCOUNT_ID

The worker will automatically sync configuration to R2 every 5 minutes.

7. Deploy the Worker

npm run deploy

During deployment, Wrangler uploads the Vite bundle, sets environment variables in Cloudflare, and starts the sandbox. The first request may take 1‑2 minutes because the container boots.

8. Access the Control UI

Open your browser and go to:

https://your‑worker.workers.dev/?token=YOUR_GATEWAY_TOKEN

Replace your‑worker with the route returned after deployment and YOUR_GATEWAY_TOKEN with the token you stored in step 4.

Device Pairing

When a new client (browser or chat platform) connects, it will wait for approval. Use the admin UI at /_admin/ (protected by Cloudflare Access) to approve devices.

9. Optional Chat Channels

You can enable Telegram, Discord, or Slack bots by adding the relevant tokens:

# Telegram
npx wrangler secret put TELEGRAM_BOT_TOKEN

# Discord
npx wrangler secret put DISCORD_BOT_TOKEN

# Slack
npx wrangler secret put SLACK_BOT_TOKEN
npx wrangler secret put SLACK_APP_TOKEN

Then redeploy.

10. Optional Browser Automation (CDP)

OpenClaw can control a headless Chrome instance through the Chrome DevTools Protocol (CDP shim). Configure it as follows:

npx wrangler secret put CDP_SECRET
npx wrangler secret put WORKER_URL   # e.g., https://your‑worker.workers.dev

The CDP endpoints (/cdp/json/...) will require the CDP_SECRET header.

11. Debugging and Logs

When DEBUG_ROUTES=true is set in .dev.vars, routes like /debug/processes and /debug/logs become available. They are useful during local development or for real‑time monitoring.

12. Advanced Configuration

  • Container Sleep – Reduce costs by setting SANDBOX_SLEEP_AFTER to a duration (e.g., 10m).
  • Backup – You can trigger an on‑demand R2 backup via /admin/ if a bucket is configured.
  • Custom AI Providers – The worker accepts direct OPENAI_API_KEY or any key supported by the SDK.

13. Conclusion

Running OpenClaw on Cloudflare Workers gives you:

  • Zero‑ops – Cloudflare handles scaling, networking, and security.
  • Global Low‑Latency – The worker runs in Cloudflare’s global edge.
  • Extensibility – Add skills, new chat platforms, or browser automation with minimal friction.

The source is open‑source and continuously evolving. Check the GitHub issues and pull requests for the latest updates. Happy hacking!

Next Steps

  • Explore the built‑in cloudflare-browser skill for automated web scraping.
  • Build your own skill by adding a new folder under skills/ and wiring it into moltbot.json.
  • Integrate with Cloudflare AI Gateway for usage analytics and cost control.

Feel free to fork the project, modify, and share your own OpenClaw implementations. Good luck!

Original Article: View Original

Share this article