TL;DR: OpenClaw hit 346K GitHub stars in under five months. 38 million monthly visitors, 3.2 million active users, 44,000+ ClawHub skills, 500K+ running instances, and 180 startups generating $320K+/month. OpenAI acquired the project in February. NVIDIA built an enterprise stack on top of it. Nine CVEs dropped in four days. Every chart on this page is interactive. Hover for details.
This page collects every public OpenClaw metric I could verify, updated April 2026. Numbers come from GitHub, SimilarWeb, npm, TrustMRR, SecurityScorecard, NVIDIA, and industry reports. Each chart links its source.
If you're writing about OpenClaw and need a number, it's here. Cite freely: there's a citation block at the bottom.
GitHub star growth
OpenClaw went from 0 to 346K stars in under five months, passing React (10+ years to reach 250K) on March 3, 2026. Peak: 34,168 stars in 48 hours.
Website traffic
Monthly visitors hit 38M in April 2026, up from 7.25M in February. Average session: 45 minutes (nearly double ChatGPT). Desktop: 70.8%, mobile: 29.2%.
Traffic by country
China grew 1,436% month-over-month, fueled by Tencent and Baidu integrations. The USA leads in total share at 16.29%.
User segments
65% of OpenClaw users come from the enterprise sector. Finance accounts for 25% of enterprise adoption.
Ecosystem revenue
180 startups built on OpenClaw now generate $320K+/month. The top startup pulled ~$50K in a single month. Total ecosystem spend: $5M-15M/month.
Skills marketplace growth
ClawHub grew from 5,700 skills in early February to 44,000+ by April 2026. Over 65% of skills wrap MCP servers. 1,000+ community MCP servers.
Monthly hosting costs
Running OpenClaw ranges from $8/month (budget VPS + light API use) to $60/month (power setup). Most users land in the $20-32/month range.
Security incidents
135,000+ exposed instances found across 82 countries. Nine CVEs disclosed in four days (March 18-21), one scoring 9.9/10. Over 800 malicious skills flagged on ClawHub.
Deployment methods
Docker Compose dominates at 65% of all deployments. 500,000+ running instances globally. Minimum requirements: 2GB RAM, 1 CPU core, 5GB disk.
MCP ecosystem
1,000+ community MCP servers on npm and GitHub. All three major AI providers (Anthropic, OpenAI, Google) adopted MCP. Official servers exist for GitHub, Slack, Notion, Jira, Stripe, Shopify, and all major databases.
Timeline
Updated April 3, 2026.
https://openclawvps.io/blog/openclaw-statistics
The OpenAI acquisition
On February 15, 2026, Sam Altman announced that OpenAI had acquired OpenClaw. Peter Steinberger, the solo developer who built the whole thing, joined OpenAI to lead their agent efforts. Both Zuckerberg and Altman had made offers before the deal closed.
The project itself moved to an independent foundation. It stays open-source and model-agnostic, so you can still run Claude, GPT, DeepSeek, or local models through Ollama.
OpenAI sponsors the foundation but doesn't control it. That matters because OpenClaw's entire value proposition depends on not being locked to one provider.
Enterprise adoption
NVIDIA announced NemoClaw at GTC 2026 on March 16. It's an enterprise security stack that installs on top of OpenClaw in a single command, adding sandboxing, YAML-defined access policies, and a privacy router that keeps sensitive data local. Launch partners: Box, Cisco, Atlassian, Salesforce, SAP, and CrowdStrike.
In China, the adoption is even faster. Tencent launched an OpenClaw product suite on March 10. Alibaba Cloud, Moonshot, and Xiaomi have all integrated it internally.
Chinese government authorities responded by restricting OpenClaw on state-run enterprise computers, citing security risks. That restriction tells you more about adoption speed than any star count.
Gartner predicts 40% of large enterprises will deploy autonomous AI agents by end of 2026. OpenClaw is the default open-source option for most of those pilots.
Don't want to manage enterprise security yourself? OpenclawVPS handles sandboxing, updates, and infrastructure so your team can skip the DevOps overhead. Plans start at $19/month.
Security: the numbers nobody wants to talk about
Growth this fast comes with problems. SecurityScorecard's STRIKE team found 135,000+ exposed OpenClaw instances across 82 countries, with over 50,000 directly vulnerable to remote code execution.
The first big vulnerability, CVE-2026-25253, scored 8.8 out of 10 on the CVSS scale. A single click on a malicious link could hand over full control of your machine.
Then came March 18-21. Nine CVEs in four days. One scored 9.9 out of 10.
The ClawHub marketplace got hit too: security researchers flagged over 800 malicious skills, roughly 20% of the registry at the time. Some were designed to steal API keys and credentials without the user knowing.
Microsoft, Cisco, and Bitsight all published security advisories. If you're running OpenClaw on a VPS, keep it behind authentication and update regularly. The project ships patches fast (13 releases in March alone), but only if you actually apply them.
Tired of chasing CVE patches yourself? OpenclawVPS applies security updates automatically and runs every instance behind authentication by default. Plans start at $19/month.
How people deploy OpenClaw
Docker Compose dominates at 65% of all deployments. Native npm installs account for 25%, and Kubernetes makes up the remaining 10%. Minimum requirements are modest: 2GB RAM, 1 CPU core, 5GB disk space.
There are now 500,000+ running instances globally, according to VentureBeat. That number was 6,300 in the first week after launch. By the second week: 230,000.
Development velocity
The GitHub repo has 1,200+ contributors and 58,000+ forks. March 2026 alone saw 13 releases, roughly one every two days. Version 2026.4.2 dropped this week, and 88 npm packages depend on OpenClaw directly.
That release cadence means breaking changes can slip through. The v2026.3.22 update, which came after an unusually quiet nine-day gap, was one of the largest the project has ever shipped. It touched plugin infrastructure, browser tooling, security hardening, and agent runtimes in a single release.
The MCP ecosystem
MCP (Model Context Protocol) is the glue that connects OpenClaw to everything else. There are 1,000+ community-built MCP servers on npm and GitHub, covering GitHub, Notion, Slack, Linear, Jira, Stripe, Shopify, PostgreSQL, MySQL, MongoDB, and more.
All three major AI providers adopted MCP as their standard for tool integration: Anthropic, OpenAI, and Google. That's unusual. Over 65% of ClawHub skills wrap MCP servers under the hood.
Market context
The AI agent market is projected to hit $65 billion by 2028. OpenClaw's main competitor, Manus AI, got acquired by Meta for $2 billion. But the two aren't really competing. OpenClaw is open-source, self-hosted, and runs anywhere. Manus is cloud-based and managed.
OpenClaw isn't competing with Claude Code or ChatGPT either. They sit at different layers of the stack. Claude Code is a coding tool. ChatGPT is a chat interface. OpenClaw is an agent platform that can use both as backends. The closest open-source rival is Hermes Agent by Nous Research, which takes a different approach with self-improving memory and a smaller channel footprint.
Methodology and sources
Data on this page was originally collected March 24-27, 2026, and updated April 3, 2026. GitHub metrics come from the openclaw/openclaw repository and star-history.com. Website traffic figures are from SimilarWeb. Ecosystem revenue data comes from TrustMRR and was cross-referenced with industry reports. Skills marketplace counts are from ClawHub and the awesome-openclaw-skills repository.
Security data comes from SecurityScorecard STRIKE, Bitsight, ProArch, and the OpenClaw project's own CVE disclosures. Enterprise adoption data is sourced from NVIDIA's NemoClaw announcement, Gartner research, and reporting from VentureBeat, TechCrunch, and The New Stack. Deployment method breakdowns come from community surveys and Docker Hub metrics.
Hosting cost ranges are based on current pricing from major VPS providers (Hostinger, Contabo, DigitalOcean), combined with typical API usage reported by the community.
Numbers change fast. If something looks off, open an issue or reach out. I update this page as new data comes in.
Running your own OpenClaw instance on a VPS takes about five minutes. If you want DeepSeek as the backend, the DeepSeek setup guide covers both cloud API and local Ollama paths.
If you want a managed instance instead of self-hosting, OpenClaw VPS handles the infrastructure so you can focus on using OpenClaw, not maintaining it.
