Hi everyone 👋
Welcome back. We are covering MOLTWORKER Cloudflare's open-source project for deploying your own Openclaw on their edge network.
Ref: Cloudflare
This guide walks you through setup, configuration, and optional integrations to get your personal AI assistant up and running globally without managing servers.
What is MOLTWORKER?
What's Happening: MOLTWORKER is Cloudflare's open-source project that packages OpenClaw to run in serverless Cloudflare Sandbox containers.
Instead of maintaining your own server or buying dedicated hardware, you get a production-ready AI agent running on Cloudflare's global edge network with automatic scaling, persistent storage, and enterprise-grade security.
Technical Stack:
OpenClaw Agent - Personal AI assistant with chat integrations, browser automation, and extensible skills
Cloudflare Sandbox - Isolated container environment running Ubuntu 24.04 with Node.js
R2 Storage - Persistent filesystem for conversations and configuration
Browser Rendering - Headless Chrome API for web automation
AI Gateway - Request routing, caching, and analytics for AI models
Zero Trust Access - Authentication layer protecting admin interfaces
Why It Matters: This architecture eliminates infrastructure management while providing capabilities that previously required self-hosting: persistent conversations, multi-platform chat support (Telegram, Discord, Slack), browser automation, and custom skills. You get the control of self-hosting with the convenience of serverless.
Source Repository: https://github.com/cloudflare/moltworker
Prerequisites: What You'll Need
Before Starting:
Cloudflare Account - Free to create at https://dash.cloudflare.com
Workers Paid Plan - $5/month (required for Sandbox containers)
Anthropic API Key - Get from https://console.anthropic.com (or use AI Gateway Unified Billing)
Node.js & npm - For running Wrangler CLI
10-15 minutes - For initial setup
Free Tier Benefits:
R2 Storage: 10GB free
Browser Rendering: 1 million requests/month free
AI Gateway: Unlimited requests free
Zero Trust Access: Up to 50 users free
Why It Matters: The $5/month Workers plan is your only required cost. Everything else leverages generous free tiers, making this accessible for personal use while providing room to scale for teams.
Step 1: Install and Authenticate Wrangler CLI
What's Happening: Wrangler is Cloudflare's command-line tool for deploying and managing Workers. It handles authentication, secret management, and deployment orchestration.
# Install Wrangler globally
npm install -g wrangler
# Authenticate with Cloudflare (opens browser for OAuth)
wrangler login
# Verify authentication
wrangler whoamiExpected Output:
👋 You are logged in with an OAuth Token, associated with the email '[email protected]'.Enable Cloudflare Containers:
Click "Enable Containers"
Accept terms and conditions
Why It Matters: OAuth authentication keeps your credentials secure without storing API tokens locally. Enabling Containers is a one-time step required before deploying Sandbox workers.
Step 2: Clone Repository and Install Dependencies
What's Happening: The MOLTWORKER repository contains all Worker code, container configuration, and pre-built skills.
# Clone the repository
git clone https://github.com/cloudflare/moltworker.git
cd moltworker
# Install project dependencies
npm installProject Structure:
Why It Matters: Understanding the structure helps when customizing skills or debugging issues. The Dockerfile defines what software is installed in your container, while wrangler. jsonc configures how it deploys.
Step 3: Configure Required Secrets
What's Happening: MOLTWORKER requires secure configuration of API keys and authentication tokens. These are encrypted at rest and never exposed in logs.
AI Provider Setup (choose one):
# Option 1: Direct Anthropic API Access
npx wrangler secret put ANTHROPIC_API_KEY
# When prompted, paste your Anthropic API key from console.anthropic.com
# Option 2: AI Gateway (recommended for production)
# First create gateway at https://dash.cloudflare.com/?to=/:account/ai/ai-gateway
npx wrangler secret put AI_GATEWAY_API_KEY
npx wrangler secret put AI_GATEWAY_BASE_URL
# Enter: https://gateway.ai.cloudflare.com/v1/{account_id}/{gateway_id}/anthropicGenerate Gateway Token:
# This token protects your Control UI
export MOLTBOT_GATEWAY_TOKEN=$(openssl rand -base64 32 | tr -d '=+/' | head -c 32)
echo "⚠️ SAVE THIS TOKEN: $MOLTBOT_GATEWAY_TOKEN"
echo "$MOLTBOT_GATEWAY_TOKEN" | npx wrangler secret put MOLTBOT_GATEWAY_TOKENGenerate Gateway Token:
# Keep container always-on (no cold starts)
npx wrangler secret put SANDBOX_SLEEP_AFTER
# When prompted, enter: neverWhy It Matters: The gateway token serves as your master key for accessing the Control UI; treat it with the same care as a password. The AI Gateway offers better cost control and observability compared to direct API access. Setting sleep to "never" eliminates cold starts but costs slightly more.
Step 4: Deploy to Cloudflare
What's Happening: The deployment process builds your Worker, packages the Docker container, and deploys to Cloudflare's global network.
# Build and deploy
npm run deployDeployment Process:
First Request Timing:
Initial container start: 1-2 minutes (one-time cold start)
Subsequent requests: <100ms (container stays warm)
Test Your Deployment:
# Check health endpoint
curl https://moltbot-sandbox.your-subdomain.workers.dev/api/status
# Expected: {"status":"ok"}Why It Matters: The first request triggers container initialization. This is expected and only happens once if you set SANDBOX_SLEEP_AFTER=never. Wait 2 minutes before testing.
Step 5: Set Up Authentication
What's Happening: You need to enable Cloudflare Access to protect your admin interface and configure device pairing.
Enable Cloudflare Access on workers.dev:
Select your Worker (e.g.,
moltbot-sandbox)Click Settings → Domains & Routes
In the
workers.devrow, click the menu (•••) → Enable Cloudflare AccessClick Manage Cloudflare Access to configure who can access
Add your email to the allow list
Copy the Application Audience (AUD) tag
Set Access Secrets:
# Your Cloudflare Access team domain
npx wrangler secret put CF_ACCESS_TEAM_DOMAIN
# Enter: myteam.cloudflareaccess.com
# Find in: Zero Trust Dashboard > Settings > Custom Pages
# Application Audience tag from step 7
npx wrangler secret put CF_ACCESS_AUD
# Enter: (paste AUD tag)
# Redeploy
npm run deployWhy It Matters: This creates two authentication layers: Cloudflare Access protects your admin UI, while device pairing requires explicit approval for each new device/browser that connects.
Step 6: Access Control UI and Pair Your Device
What's Happening: Now you can access the Control UI and start using your AI agent, but you'll need to approve your device first
Open Control UI:
# Construct your Control UI URL
https://moltbot-sandbox.your-subdomain.workers.dev/?token=YOUR_GATEWAY_TOKEN
# Replace YOUR_GATEWAY_TOKEN with the token you generated in Step 3Device Pairing Workflow:
Open Control UI in browser
You'll see: "Waiting for device approval..."
Open admin UI:
https://moltbot-sandbox.your-subdomain.workers.dev/_admin/Log in via Cloudflare Access (email OTP or SSO)
Under "Pending Pairing Requests", click Approve next to your device
Return to Control UI connection completes automatically
Start chatting with your AI agent!
Admin UI Features:
Device Management - Approve/remove paired devices
R2 Storage Status - View last backup time, trigger manual backup
Gateway Controls - Restart gateway process without redeployment
Why It Matters: Device pairing prevents unauthorized access even if your gateway token leaks. Each browser, mobile app, or chat platform DM requires explicit approval.
Step 7: Enable Persistent Storage (Optional but Recommended)
What's Happening: By default, conversations and configuration are lost when the container restarts. R2 storage makes your data persist across sessions.
Create R2 API Token:
Click Manage R2 API Tokens → Create API Token
Permission: Object Read & Write
Bucket: moltbot-data
Copy the Access Key ID and Secret Access Key
Configure Secrets:
npx wrangler secret put R2_ACCESS_KEY_ID
# Paste Access Key ID
npx wrangler secret put R2_SECRET_ACCESS_KEY
# Paste Secret Access Key
npx wrangler secret put CF_ACCOUNT_ID
# Find in: Dashboard > Copy Account ID from account dropdown
# Redeploy
npm run deployHow It Works:
Container startup: Restores data from R2 to the container filesystem
Every 5 minutes: Automatic backup sync to R2
Manual backup: Click "Backup Now" in the admin UI at
/_admin/
What Gets Persisted:
Configuration files
Paired device registry
Conversation history
Session memory
Why It Matters: Without R2, your agent "forgets" everything when the container restarts. With R2, your conversations and settings persist indefinitely.
Step 8: Add Chat Platform Integrations (Optional)
What's Happening: Extend your agent to Telegram, Discord, or Slack for mobile-first access.
Telegram Setup:
# 1. Create bot via @BotFather on Telegram
# 2. Copy bot token
npx wrangler secret put TELEGRAM_BOT_TOKEN
# Paste token
# 3. Set DM policy
npx wrangler secret put TELEGRAM_DM_POLICY
# Enter: pairing (requires approval) or open (anyone can DM)
# 4. Redeploy
npm run deploy
# 5. Test: Search for your bot on Telegram, send "hello"
# 6. If using pairing: Approve device in /_admin/Discord Setup:
# 1. Create app at https://discord.com/developers/applications
# 2. Add Bot, enable "Message Content Intent"
# 3. Copy bot token
npx wrangler secret put DISCORD_BOT_TOKEN
npx wrangler secret put DISCORD_DM_POLICY
# Enter: pairing or open
npm run deploy
# 4. Invite bot to server via OAuth URL
# 5. Send DM to bot, approve in /_admin/Slack Setup:
# 1. Create app at https://api.slack.com/apps
# 2. Add OAuth scopes: app_mentions:read, chat:write, im:history, im:read, im:write
# 3. Enable Socket Mode, generate app-level token
npx wrangler secret put SLACK_BOT_TOKEN
# Enter: Bot User OAuth Token (xoxb-...)
npx wrangler secret put SLACK_APP_TOKEN
# Enter: App-Level Token (xapp-...)
npm run deploy
# 4. Install app to workspace
# 5. Send DM to bot, approve in /_admin/Why It Matters: Chat integrations let you access your AI agent from mobile devices without opening a browser. Perfect for on-the-go queries and automation.
Step 9: Enable Browser Automation (Optional)
What's Happening: Add headless browser capabilities for screenshots, web scraping, and automated testing.
Configure CDP (Chrome DevTools Protocol):
# Generate authentication secret
export CDP_SECRET=$(openssl rand -base64 32)
echo "$CDP_SECRET" | npx wrangler secret put CDP_SECRET
# Set your worker URL
npx wrangler secret put WORKER_URL
# Enter: https://moltbot-sandbox.your-subdomain.workers.dev
npm run deployPre-installed Browser Skills:
Screenshot Capture:
# Command in agent:
"Take a screenshot of https://news.ycombinator.com"
# Agent executes:
node /root/clawd/skills/cloudflare-browser/scripts/screenshot.js https://news.ycombinator.com output.pngVideo Recording:
# Command in agent:
"Create a video browsing through example.com, cloudflare.com, and anthropic.com"
# Agent executes:
node /root/clawd/skills/cloudflare-browser/scripts/video.js "example.com,cloudflare.com,anthropic.com" output.mp4 --scrollWhy It Matters: Browser automation enables your agent to interact with visual interfaces and extract data from websites that don't have APIs.
Troubleshooting Common Issues
Container Won't Start:
# Check all required secrets are set
wrangler secret list
# Must have: ANTHROPIC_API_KEY (or AI_GATEWAY_*) and MOLTBOT_GATEWAY_TOKEN
# View Worker logs
wrangler tail
# Restart gateway
curl -X POST https://moltbot-sandbox.your-subdomain.workers.dev/api/restartDevice Won't Pair:
# Wait 15 seconds, refresh admin UI
# Device list takes time to load due to WebSocket overhead
# Or check directly:
curl https://moltbot-sandbox.your-subdomain.workers.dev/api/devices/pendingFirst Request Timeout:
# This is normal! Container cold start takes 1-2 minutes
# Wait and retry. Subsequent requests will be fast.R2 Not Working:
# Verify all three secrets are set:
wrangler secret list
# Must have: R2_ACCESS_KEY_ID, R2_SECRET_ACCESS_KEY, CF_ACCOUNT_ID
# Check bucket exists:
wrangler r2 bucket listAdditional Resources
Official Documentation:
MOLTWORKER GitHub: https://github.com/cloudflare/moltworker
OpenClaw Docs: https://docs.openclaw.ai
Cloudflare Sandbox: https://developers.cloudflare.com/sandbox/
Cloudflare Workers: https://developers.cloudflare.com/workers/
Blog Posts:
Official Launch: https://blog.cloudflare.com/moltworker-self-hosted-ai-agent/
OpenClaw Announcement: https://openclaw.ai/blog/introducing-openclaw
Community:
GitHub Issues: https://github.com/cloudflare/moltworker/issues
Cloudflare Discord: https://discord.gg/cloudflaredev
Community Forum: https://community.cloudflare.com
You now have a production-ready AI agent running on Cloudflare's edge for just $5/month. Start experimenting with custom skills and integrations. Your personal AI assistant is live
Thanks for reading. — Rakesh’s Newsletter
