Evidence-based analysis of provider terms and enforcement patterns.
TL;DR
| Provider | OpenClaw Status | Risk | Evidence | Deep Dive |
|---|---|---|---|---|
| Anthropic Claude | ๐ซ DISALLOWED | ๐ด HIGH | Explicit policy, technical enforcement | /verify/openclaw-anthropic-policy/ |
| Google (Consolidated) | Split status | ๐ด/๐ก | OAuth banned, API allowed | /verify/openclaw-google-policy/ |
| Google Gemini API | โ ALLOWED | ๐ข LOW | No restrictions found | โ |
| OpenAI | โ ALLOWED | ๐ข LOW | Codex CLI proves OAuth pattern | /verify/openclaw-openai-policy/ |
| Moonshot AI (Kimi) | โ ALLOWED | ๐ข LOW | Open-source, no restrictions | โ |
| AWS Bedrock | โ ALLOWED | ๐ข LOW | Enterprise-friendly terms | โ |
| Together AI | โ ALLOWED | ๐ข LOW | BYOK model, no tool restrictions | โ |
| Fireworks AI | โ ALLOWED | ๐ข LOW | BYOK model, no tool restrictions | โ |
| Self-Hosted | โ ALLOWED | ๐ข NONE | You are the provider | /tools/self-hosting/ |
| Groq | โ ALLOWED | ๐ก MEDIUM | “Orchestration” clause; stay within rate limits | /verify/openclaw-groq-policy/ |
| Azure OpenAI | โ ALLOWED | ๐ก MEDIUM | Enterprise-dependent; governance required | /verify/openclaw-azure-policy/ |
| Cerebras | โ ALLOWED | ๐ข LOW | Infrastructure provider; no restrictions | /verify/openclaw-cerebras-policy/ |
| Perplexity | โ ALLOWED | ๐ก MEDIUM | No explicit ban; competitive use caveat | /verify/openclaw-perplexity-policy/ |
| Mistral AI | โ ALLOWED | ๐ข LOW | Explicit third-party support; MCP named | /verify/openclaw-mistral-policy/ |
Methodology
This verification analyzes:
- Primary source terms โ Official ToS, acceptable use policies, legal pages
- Enforcement history โ Documented actions against users
- Product patterns โ What the provider builds reveals intent
- Community signals โ Forum reports, GitHub issues, social media
Evidence levels:
- High: Official policy documents, direct quotes, dated
- Medium: Help center guidance, standard terms analysis, product behavior
- Low: Community reports, indirect signals
Risk Spectrum
BAN RISK SPECTRUM โ OpenClaw API Usage
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ด BAN LIKELY ๐ก MEDIUM RISK ๐ข SAFE
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Anthropic Groq* Google/Kimi/Together/
(Explicit ban) (Orchestration Fireworks/OpenAI/Bedrock/
clause caveat) Self-Hosted
Google OAuth Azure OpenAI*
(OAuth blocked) (Governance required)
* Medium risk = allowed but with specific caveats to follow
Key insight: Only Anthropic and Google OAuth have explicitly banned OpenClaw-like usage with documented enforcement. All others either allow it or haven’t addressed it. See the full migration guide if you’re using a banned provider.
Provider Analysis
Anthropic: Explicitly Disallowed ๐ด
Status: ๐ซ DISALLOWED โ High Ban Risk
The Policy (Primary Source):
“Using OAuth tokens obtained through Claude Free, Pro, or Max accounts in any other product, tool, or service โ including the Agent SDK โ is not permitted and constitutes a violation of the Consumer Terms of Service.” โ Anthropic Claude Code Legal and Compliance, February 2026
Enforcement History:
| Date | Action | Evidence |
|---|---|---|
| 2026-01-09 | OAuth harness block deployed | GitHub issues, user reports |
| 2026-01 | Account bans (some reversed) | Acknowledged by Anthropic |
| 2026-02 | Official policy published | Legal page went live |
Detection Methods:
- Client fingerprinting via HTTP headers
- Pattern analysis of request volume/timing
- Binary signature detection
Evidence Level: HIGH (official policy + technical enforcement)
Deep Dive: /verify/openclaw-anthropic-policy/
Google: Split Status
Google OAuth (Antigravity): Disallowed ๐ด
Status: ๐ซ DISALLOWED โ High Ban Risk
The Policy:
“You must not abuse, harm, interfere with, or disrupt the Service. This includes, but is not limited to, using the Service in connection with products not provided by us.” โ Antigravity Additional Terms of Service, Section 6
Enforcement History:
| Date | Action | Evidence |
|---|---|---|
| 2026-02-09 | First suspensions detected | GitHub issue #14203 |
| 2026-02-20 | Mass ban wave | Google AI Developer Forum |
| 2026-02-22 | Official confirmation | Varun Mohan X post |
Scope: Only Antigravity access suspended (Gmail/Workspace unaffected per Google)
Recovery (March 2026): Recovery path confirmed for unaware first-time violators. Contact [email protected] โ 1-2 week response time reported.
Evidence Level: HIGH (official statements + mass enforcement + confirmed recoveries)
Deep Dive: /verify/openclaw-google-policy/
Google Gemini API: Allowed with Caution ๐ก
Status: โ ALLOWED โ Low-Medium Risk
Analysis:
- โ No explicit ban on third-party agent tools in API terms
- โ Google AI Studio / Vertex AI โ standard acceptable use policies
- โ ๏ธ Google’s platform control philosophy โ OAuth banned, API allowed… for now
- โ ๏ธ Monitor for policy changes โ Google has shown willingness to restrict
Evidence Level: MEDIUM (absence of prohibition, but provider pattern suggests caution)
Data Loss Risk:
- API keys are commercial contracts (more stable than consumer OAuth)
- But Google’s enforcement history shows sudden policy shifts
- Recommendation: Maintain local backups, don’t rely solely on Gemini API
OpenAI: Explicitly Allowed ๐ข
Status: โ ALLOWED โ Low Risk
The Evidence:
OpenAI’s own Codex CLI explicitly allows signing in with ChatGPT Plus/Pro subscriptions via OAuth. This reveals architectural intent: subscription credits can flow to third-party CLI tools.
Why this matters:
- Codex CLI is an official OpenAI product
- It uses the exact pattern Anthropic banned (OAuth โ CLI automation)
- No enforcement against agent tools documented
The Only Caveat:
OpenAI’s terms reserve the right to suspend for “unusual activity patterns.” However:
- No agent tool bans reported
- Codex enables automation by design
- Usage matches their product design
Evidence Level: HIGH (product behavior proves policy intent)
Deep Dive: /verify/openclaw-openai-policy/
Moonshot AI (Kimi k2.5): Allowed ๐ข
Status: โ ALLOWED โ Low Risk
Why Kimi is low-risk:
- โ Open-source weights โ Can self-host if API terms change
- โ No restrictions โ Moonshot AI promotes agentic use cases
- โ API terms standard โ No tool-specific prohibitions
Evidence Level: HIGH (open-source + explicit support for agents)
AWS Bedrock: Allowed ๐ข
Status: โ ALLOWED โ Low Risk
Analysis:
- Standard AWS acceptable use policy
- No tool-specific restrictions
- Enterprise-focused, automation expected
Evidence Level: MEDIUM (standard AWS terms + enterprise orientation)
Together AI: Allowed ๐ข
Status: โ ALLOWED โ Low Risk
Analysis:
- Inference provider for open-source models
- BYOK (bring your own key) model
- No restrictions on client tools found
Evidence Level: MEDIUM (inference provider model)
Fireworks AI: Allowed ๐ข
Status: โ ALLOWED โ Low Risk
Analysis:
- Inference provider, similar to Together
- Open-source model hosting
- No tool restrictions in terms
Evidence Level: MEDIUM (inference provider model)
Groq: Allowed with Caveats ๐ก
Status: โ ALLOWED โ Medium Risk
Analysis:
- โ No explicit ban on third-party agent tools
- โ ๏ธ “Orchestration” clause prohibits coordinating usage across multiple organizations
- โ ๏ธ High-speed inference can trigger “excessive load” concerns
- Rate limits are actively enforced
Key Policy Quote:
“orchestrating usage between multiple organizations”
Evidence Level: MEDIUM (no ban + vague clause that could catch automation)
Safe Usage:
- Use single API key per OpenClaw instance
- Stay within published rate limits
- Don’t coordinate across multiple Groq accounts
Deep Dive: /verify/openclaw-groq-policy/
Azure OpenAI: Allowed with Governance ๐ก
Status: โ ALLOWED โ Medium Risk (Governance-dependent)
Analysis:
- โ No ban on autonomous applications โ Code of Conduct explicitly mentions them
- โ ๏ธ Strict governance requirements โ Must implement “technical and operational measures”
- โ Enterprise Agreement advantage โ Contract terms govern for EA customers
- โ Limited Access service โ Most customers eligible for standard access
Key Policy Quote:
“applications that make decisions, or take actions, autonomously or with varying levels of human intervention”
Evidence Level: MEDIUM (explicit autonomous app language + strict compliance requirements)
Requirements:
- Implement access controls (Azure Key Vault for API keys)
- Enable audit logging (Azure Monitor)
- Provide human oversight for consequential decisions
- Maintain “strong technical controls”
Deep Dive: /verify/openclaw-azure-policy/
Cerebras: Allowed ๐ข
Status: โ ALLOWED โ Low Risk
Analysis:
- โ Infrastructure provider model โ No client-side restrictions
- โ No explicit ban on third-party agent tools
- โ Focus on credential security, not usage patterns
- Similar to Together AI and Fireworks AI
Evidence Level: MEDIUM (standard infrastructure terms)
Deep Dive: /verify/openclaw-cerebras-policy/
Perplexity: Allowed with Caveats ๐ก
Status: โ ALLOWED โ Low-Medium Risk
Analysis:
- โ No explicit ban on third-party agent tools
- โ ๏ธ Competitive use clause โ Don’t build search products
- โ ๏ธ “Interfering with” clause โ Respect rate limits
- Safe for coding workflows, risky for search aggregation
Evidence Level: MEDIUM (API terms + AUP compliance required)
Deep Dive: /verify/openclaw-perplexity-policy/
Mistral AI: Explicitly Supported ๐ข
Status: โ ALLOWED โ Low Risk
Analysis:
- โ Explicit third-party support โ Terms permit Third-Party Services
- โ MCP servers named โ Protocol OpenClaw uses is specifically allowed
- โ Open-source models โ Can self-host if needed
- European provider with interoperability-friendly stance
Evidence Level: HIGH (explicit permission + MCP naming)
Deep Dive: /verify/openclaw-mistral-policy/
Self-Hosted: Always Allowed ๐ข
Status: โ ALLOWED โ No Risk
The Ultimate Escape Hatch:
- Run models locally via Ollama, llama.cpp, vLLM
- No API provider = no terms to violate
- You are the provider
Trade-offs:
| Aspect | Self-Hosted | API Provider |
|---|---|---|
| Hardware cost | Upfront GPU/RAM | Pay-as-you-go |
| Capabilities | Limited to open models | Frontier models |
| Terms risk | ZERO | Varies |
| Setup complexity | Higher | Lower |
Evidence Level: N/A (no third-party terms)
Provider Philosophy Comparison
| Vendor | Philosophy | Evidence |
|---|---|---|
| Anthropic | Walled garden | Explicit ban, technical blocks, legal page |
| Platform control | OAuth blocked, API allowed, terms enforcement | |
| OpenAI | Marketplace | Codex CLI uses third-party OAuth pattern |
| Kimi | Open source | Weights available, promotes agentic use |
The Lesson: Precedent is policy. Look at what vendors do, not just what they say.
What Would Change These Ratings
To upgrade a provider (safer):
- Official statement authorizing third-party tool usage
- Published policy explicitly allowing OpenClaw-like patterns
- No enforcement actions for 12+ months
To downgrade a provider (riskier):
- Policy update restricting third-party tools
- Documented enforcement action
- Technical blocks deployed
Review cadence: Monthly during policy volatility; quarterly otherwise.
FAQ: Can I Use OpenClaw With My Provider?
Quick Answers
| Provider | Can I Use OpenClaw? | Risk Level | Action Required |
|---|---|---|---|
| OpenAI | โ YES โ Explicitly allowed | ๐ข Low | None. Rest easy. |
| Kimi (Moonshot) | โ YES โ No restrictions | ๐ข Low | None. Rest easy. |
| Mistral | โ YES โ Explicitly supported | ๐ข Low | None. Rest easy. |
| Google Gemini API | โ YES โ API keys allowed | ๐ก Low-Medium | Use API keys, NOT Antigravity OAuth |
| Anthropic | ๐ซ NO โ Explicitly banned | ๐ด High | Stop immediately. Migrate to OpenAI/Kimi. |
| Google Antigravity | ๐ซ NO โ OAuth banned | ๐ด High | Stop immediately. Switch to API keys or migrate. |
What Could I Lose If I Get Banned?
With Anthropic (Claude):
- โ All conversation history โ Gone permanently, no export during suspension
- โ Claude Memories โ Personalized context deleted
- โ Projects/Artifacts โ Any unsaved work inaccessible
- โ API access โ Keys revoked, commercial contracts voided
- โ ๏ธ Account recovery โ Possible but timeline uncertain (1-2+ weeks)
With Google (Antigravity OAuth):
- โ Antigravity IDE access โ Suspended immediately (403 ToS error)
- โ Chat history โ Inaccessible during suspension, no self-service export
- โ Gmail/Workspace โ Unaffected (Google confirms surgical targeting)
- โ ๏ธ Billing โ May continue during suspension
- โ ๏ธ Recovery path โ Exists for “unaware users” but timeline unknown
With OpenAI, Kimi, Mistral (Safe Providers):
- โ Nothing โ These providers explicitly allow or don’t restrict third-party tools
- โ No enforcement history โ Zero documented bans for agent tool usage
- โ Rest easy โ Your setup is compliant
I’m Currently Using [Provider X]. What Should I Do?
If Using OpenAI
Status: โ You’re safe. Rest easy.
Recommended actions:
- No changes required
- Keep using ChatGPT OAuth via Codex CLI or API keys
- Monitor OpenAI policy updates monthly
- Maintain backup provider (Kimi/Google) for redundancy
If Using Kimi
Status: โ You’re safe. Rest easy.
Recommended actions:
- No changes required
- Enjoy 8x cheaper pricing than Anthropic
- Consider self-hosting option (weights are open-source)
If Using Google (Gemini API Keys)
Status: โ You’re safe, but monitor policy.
Recommended actions:
- Verify you’re using API keys (from Google AI Studio), NOT Antigravity OAuth
- Maintain local backups of critical conversations
- Keep alternative provider ready (OpenAI/Kimi)
- Set up billing alerts โ charges can accumulate quickly
If Using Google (Antigravity OAuth)
Status: ๐ซ STOP IMMEDIATELY โ You’re violating ToS.
Immediate actions:
- STOP using Antigravity OAuth with OpenClaw โ Every use increases ban risk
- Export your data โ While you still have access (Settings โ Data Export)
- Switch to Gemini API keys โ Generate at Google AI Studio
- Revoke OAuth authorization โ Google Account โ Security โ Third-party apps
- Test new setup โ Verify OpenClaw works with API keys before relying on it
If Using Anthropic
Status: ๐ซ STOP IMMEDIATELY โ You’re violating ToS.
Immediate actions:
- STOP using Anthropic OAuth with OpenClaw โ Ban risk is HIGH
- Export your data NOW โ Claude.ai โ Settings โ Data Export (takes 24-48 hrs)
- Screenshot critical conversations โ No bulk export for individual chats
- Migrate to safe provider โ See migration paths below
Migration Paths (If You Need to Switch)
Recommended: OpenAI
- Why: Explicitly allows OAuth via Codex CLI, no enforcement history
- Cost: ChatGPT Plus ($20/mo) or API pay-as-you-go
- Migration time: 15 minutes
- Guide: /verify/openclaw-openai-policy/
Recommended: Kimi k2.5
- Why: 8x cheaper than Anthropic ($3 vs $25 per 1M output tokens), no restrictions
- Cost: API or free tier via OpenCode Zen
- Migration time: 10 minutes
- Guide: /tools/opencode/
Budget Option: Self-Hosted
- Why: Zero provider risk, you are the provider
- Cost: Upfront hardware cost only
- Migration time: 1-2 hours setup
- Guide: /tools/self-hosting/
How Do I Know If I’m at Risk?
You’re at HIGH risk if:
- You authenticated OpenClaw with “Sign in with Google” through Antigravity
- You authenticated OpenClaw with Claude (Free/Pro/Max) OAuth
- You see 403 errors or “Terms of Service” messages
- You received a warning email from Anthropic or Google
You’re at LOW risk if:
- You use OpenAI with ChatGPT OAuth or API keys
- You use Kimi with API keys
- You use Mistral with API keys
- You use Google Gemini API keys (NOT Antigravity)
You’re at MEDIUM risk if:
- You use Google Gemini API keys (provider has shown policy volatility)
- You use Groq (orchestration clause caveat)
- You use Azure OpenAI (governance requirements)
What’s the Safest Setup?
Maximum Safety (Zero Provider Risk):
Self-hosted models (Ollama/llama.cpp)
โโ No terms to violate
โโ No API provider to ban you
โโ Trade-off: Setup complexity, limited to open models
High Safety (Explicitly Allowed):
OpenAI (ChatGPT OAuth or API keys)
โโ Codex CLI proves third-party OAuth is intended
โโ No enforcement history
โโ Best frontier model access
High Safety (Cost-Effective):
Kimi k2.5 (API keys)
โโ Open-source weights (can self-host)
โโ 8x cheaper than Anthropic
โโ No restrictions found
Related Links
News & Context:
- /posts/openclaw-provider-policy-check-2026/ โ Breaking news, migration paths, enforcement timeline
- /posts/anthropic-claude-code-oauth-policy-feb-2026/ โ Anthropic enforcement analysis
Risk Assessment:
- /risks/google/antigravity-oauth-risk/ โ Google-specific risk
- /risks/anthropic/third-party-access/ โ Anthropic risk factors
- /risks/anthropic/account-bans/ โ Account ban patterns
Terms Verification:
- /verify/openclaw-anthropic-policy/ โ Anthropic OpenClaw policy (BANNED)
- /verify/openclaw-openai-policy/ โ OpenAI OpenClaw policy (ALLOWED)
- /verify/openclaw-groq-policy/ โ Groq OpenClaw policy (ALLOWED with caveats)
- /verify/openclaw-azure-policy/ โ Azure OpenAI policy (ALLOWED with governance)
- /verify/openclaw-cerebras-policy/ โ Cerebras OpenClaw policy (ALLOWED)
- /verify/openclaw-perplexity-policy/ โ Perplexity OpenClaw policy (ALLOWED with caveats)
- /verify/openclaw-mistral-policy/ โ Mistral AI OpenClaw policy (ALLOWED)
- /verify/openclaw-google-policy/ โ Google policy (OAuth banned, API allowed)
- /verify/claude-code-terms/ โ Anthropic terms verification
Migration & Alternatives:
- /tools/opencode/ โ Free Kimi k2.5 access
- /value/free-stack/ โ Complete free tier guide
- /tools/self-hosting/ โ Zero-provider-risk option
Sources
Primary Sources
- Anthropic Claude Code Legal and Compliance โ code.claude.com/docs/en/legal-and-compliance โ Official policy, February 2026 (Archive lookup)
- Varun Mohan (Google DeepMind) โ X post โ Enforcement confirmation, February 2026 (Archive lookup)
- Google AI Developer Forum โ Mass 403 Bans thread โ User reports, February 2026 (Archive lookup)
- OpenClaw GitHub โ Issue #14203 โ Ban wave documentation (Archive lookup)
Terms of Service
- Anthropic Consumer Terms (Archive lookup)
- Google Gemini API Terms (Archive lookup)
- OpenAI Terms of Service (Archive lookup)
- Moonshot AI Platform Terms (Archive lookup)
Last updated: 2026-02-25
Next review: 2026-03-24
Evidence level: High (primary sources + dated)
Policy pages change. Verify current terms at official sources before making architectural decisions.