What are the critical security prerequisites before installing OpenClaw?

Set API spending limits in Anthropic console, ensure version is 2026.1.29 or later, bind the Gateway to 127.0.0.1, and configure dmPolicy to 'pairing' or 'allowlist'.

Where is the OpenClaw configuration stored?

Configuration is stored at ~/.openclaw/openclaw.json in JSON5 format.

What deployment targets can OpenClaw be installed on?

OpenClaw can be installed on macOS/Linux locally or deployed to a Hostinger VPS using Docker.

openclaw-setup

Flagged

{"isSafe":false,"isSuspicious":true,"riskLevel":"high","findings":[{"category":"shell_command","severity":"high","description":"Install method uses curl -fsSL https://openclaw.ai/install.sh | bash, piping a remote script directly to the shell. This pattern is insecure and can lead to remote code execution if the installer or script is compromised.","evidence":"Install method: `curl -fsSL https://openclaw.ai/install.sh | bash`"},{"category":"system_harm","severity":"high","description":"Mention of a high-severity vulnerability CVE-2026-25253 that enables remote code execution in older versions; users are urged to upgrade to 2026.1.29+ before installation. This highlights a serious security risk if not updated.","evidence":"CVE-2026-25253 (CVSS 8.8) enables 1-click remote code execution through the Control UI. Version must be 2026.1.29 or later."}],"summary":"The skill content is largely a setup guide but contains a dangerous installer pattern (curl ... | bash) and references a high-severity CVE affecting older versions. Treat the installer method as unsafe and require secure, verifiable installation methods (prefer authenticated package sources, checksums, or package managers) and ensure version updates to mitigate the CVE."}

npx machina-cli add skill Aznatkoiny/zAI-Skills/openclaw-setup --openclaw

Files (1)

SKILL.md

10.1 KB

OpenClaw Setup Skill

Deploy and configure OpenClaw — the open-source personal AI assistant (145k+ GitHub stars) — safely and correctly. This skill handles the full lifecycle: installation, Anthropic model auth, channel wiring (Telegram + iMessage), security hardening, cost control, and deployment to either a local Mac mini or a Hostinger VPS.

Source: https://github.com/openclaw/openclaw
Docs: https://docs.openclaw.ai
Created by: Peter Steinberger (founder of PSPDFKit)

What is OpenClaw?

OpenClaw is a self-hosted, conversation-first AI assistant built on LLMs. Originally launched as "Clawdbot" (November 2025), renamed to "Moltbot" (January 27, 2026) after Anthropic trademark concerns, then became "OpenClaw" (January 30, 2026). It runs a local Gateway (WebSocket control plane) on your machine or server and connects to messaging channels you already use — Telegram, iMessage, WhatsApp, Discord, Slack, and 50+ others. The assistant responds through those channels using models from Anthropic, OpenAI, or other providers.

Key facts:

Runtime: Node.js ≥22.12.0, TypeScript, pnpm monorepo
Architecture: Gateway (control plane) → Pi agent (RPC) → LLM provider
Recommended model: Anthropic Claude Opus 4.5 via OAuth (Pro/Max subscription) for best prompt-injection resistance and long-context strength
Install method: curl -fsSL https://openclaw.ai/install.sh | bash then openclaw onboard --install-daemon
Config location: ~/.openclaw/openclaw.json (JSON5 format)
Default port: 18789 (WebSocket + HTTP multiplexed)
Minimum context window: 64K tokens
License: MIT

⚠️ CRITICAL SECURITY PREREQUISITES

Before ANY installation, these four steps are non-negotiable:

Set API spending limits FIRST — Go to console.anthropic.com → Settings → Limits → set a monthly cap ($30-50/month is achievable with smart routing). A misconfigured cron job or heartbeat can cost $750+/month. Do this BEFORE pasting any API key anywhere.
Version must be 2026.1.29 or later — CVE-2026-25253 (CVSS 8.8) affects all earlier versions. It enabled 1-click remote code execution through the Control UI. After installation, verify with openclaw --version.
Gateway must bind to 127.0.0.1, NEVER 0.0.0.0 — Security researcher Maor Dayan found 42,665 publicly exposed OpenClaw instances via Shodan. 93.4% had critical auth bypasses. The root cause: Docker's default port publishing binds to 0.0.0.0 on VPS instances.
DM policy must be "pairing" or "allowlist" — Never use dmPolicy: "open" unless you fully understand the risk.

See references/security-defaults.md for the complete security guide.

When to Use This Skill

Use this skill when the user wants to:

Install OpenClaw from scratch on macOS or Linux
Deploy OpenClaw to a Hostinger VPS using Docker
Configure Anthropic as the model provider
Connect Telegram or iMessage as a messaging channel
Apply safe security defaults to a new or existing OpenClaw installation
Run post-setup health checks (openclaw doctor, openclaw security audit)
Troubleshoot common OpenClaw setup issues
Understand OpenClaw costs and optimize spending

When NOT to Use This Skill

Do not use this skill for:

WhatsApp, Slack, Discord, Signal, or other channel setup (not covered here)
Advanced multi-agent routing or Canvas/A2UI configuration
iOS/Android node pairing or voice wake setup
OpenClaw skills/plugins development
Browser control configuration
Ollama/local model setup

Setup Workflow

Follow this order. Each step links to its reference file.

Step 0: Set API Spending Limits

Before touching anything else, go to your LLM provider's console and set a monthly spending cap. See references/anthropic-auth.md for details.

Step 1: Choose a Deployment Path

Path	Best For	Reference
Mac mini (local)	Personal use, always-on home server, iMessage support, safest for non-technical users	`references/mac-local-setup.md`
Hostinger VPS	24/7 cloud availability, Telegram-focused, Docker isolation, requires active hardening	`references/hostinger-vps-setup.md`

If the user wants iMessage, they must use the Mac path (iMessage requires macOS with Messages signed in).

Step 2: Set Up Anthropic Auth

Configure Anthropic as the primary model provider during or after onboarding.

→ Read references/anthropic-auth.md

Step 3: Connect Channels

Channel	Platform Requirement	Reference
Telegram	Any (Mac or VPS)	`references/telegram-channel.md`
iMessage	macOS only	`references/imessage-channel.md`

Step 4: Apply Security Defaults

Harden the installation with safe defaults before going live.

→ Read references/security-defaults.md

Step 5: Verify

openclaw --version              # Must be 2026.1.29+
openclaw doctor
openclaw security audit --deep
openclaw gateway status
openclaw channels status --probe
openclaw status --all

On VPS, verify the gateway is NOT bound to 0.0.0.0:

ss -tlnp | grep 18789
# Must show 127.0.0.1:18789, NOT 0.0.0.0:18789

Interactive Setup Mode

When running commands for the user, Claude Code should:

Set spending limits first — Walk the user through setting API caps at console.anthropic.com
Check prerequisites — Verify Node.js ≥22.12.0, Xcode CLI tools (macOS), and gather credentials
Run the install script — Execute the curl installer or npm global install
Verify version — Confirm openclaw --version shows 2026.1.29+
Launch the onboarding wizard — Run openclaw onboard --install-daemon and guide the user through each interactive prompt
Generate secure config — Produce a ~/.openclaw/openclaw.json with safe defaults
Warn about skills — During the wizard's skills step, advise installing only bundled skills. ClawHub community skills should be treated with extreme caution (Cisco found 26% contain vulnerabilities; 341 malicious skills found including macOS malware installers)
Warn about heartbeat costs — If heartbeat is enabled, recommend switching it to Haiku model or disabling it. Default Opus heartbeat costs ~$54/month.
Configure channels — Set up Telegram bot token and/or iMessage
Run health checks — Execute openclaw doctor and openclaw security audit --deep
Verify binding — On VPS, run ss -tlnp | grep 18789 to confirm loopback binding
Test connectivity — Send a test message or open the dashboard

For each interactive prompt in the wizard, explain what the option means and recommend the safe choice. Non-technical users need plain-language explanations; developers can get the concise version.

Non-Interactive Setup (for scripting)

openclaw onboard --non-interactive \
  --mode local --auth-choice apiKey \
  --anthropic-api-key "$ANTHROPIC_API_KEY" \
  --gateway-port 18789 --gateway-bind loopback \
  --install-daemon --daemon-runtime node --skip-skills

Key Config Structure

Minimal safe config (Anthropic + Telegram + secure defaults):

{
  agent: {
    model: "anthropic/claude-opus-4-5"
  },
  gateway: {
    bind: "loopback",
    port: 18789,
    auth: { mode: "token", token: "<auto-generated>" }
  },
  channels: {
    telegram: {
      enabled: true,
      botToken: "<from-botfather>",
      dmPolicy: "pairing",
      groups: { "*": { requireMention: true } }
    }
  },
  discovery: {
    mdns: { mode: "minimal" }
  }
}

Troubleshooting Quick Reference

Issue	Fix
`openclaw --version` < 2026.1.29	Update immediately: `openclaw update --channel stable` — critical RCE vulnerability
`node --version` < 22	Install Node 22+ via nvm, Homebrew, or system package manager
Gateway won't start	Check port 18789 not in use; run `openclaw doctor --fix`
Gateway bound to 0.0.0.0	Fix Docker port binding to `"127.0.0.1:18789:18789"` and restart
Telegram 401 Unauthorized	Regenerate bot token in BotFather; update config and restart
"plugin not found: telegram"	Telegram is a CHANNEL, not a plugin — config goes under `channels.telegram`
Pairing code not working	`openclaw pairing approve telegram <code>` — codes expire after 1 hour
iMessage not connecting	Verify Messages signed in; consider BlueBubbles for better reliability
High API costs ($100+/mo)	Set spending limits; switch heartbeat to Haiku; use tiered model routing
Heartbeat costing $54+/month	Switch heartbeat model to Haiku with 1-hour intervals (~$0.30/month)
Security audit warnings	`openclaw security audit --fix` to auto-apply safe defaults
WhatsApp status=515 error	Click Update in Control UI or restart gateway
ClawHub skill suspicious	Do NOT install. 26% contain vulnerabilities per Cisco research

Reference Files

File	Content
`references/mac-local-setup.md`	Complete Mac mini local deployment walkthrough
`references/hostinger-vps-setup.md`	Hostinger VPS Docker deployment guide
`references/anthropic-auth.md`	Anthropic auth, cost control, and smart model routing
`references/telegram-channel.md`	Telegram bot creation and channel configuration
`references/imessage-channel.md`	iMessage channel setup — BlueBubbles (recommended) + legacy
`references/security-defaults.md`	CVE-2026-25253, safe defaults, hardening, incident response

Source

git clone https://github.com/Aznatkoiny/zAI-Skills/blob/master/AI-Toolkit/skills/openclaw-setup/SKILL.mdView on GitHub

Overview

OpenClaw is a self-hosted, conversation-first AI assistant. This skill covers installation, Anthropic model auth, channel wiring, security hardening, and deployment to a local Mac mini or a Hostinger VPS.

How This Skill Works

OpenClaw runs a Gateway (control plane) on your machine or server, communicates with a Pi agent (RPC), and uses LLM providers like Anthropic or OpenAI. The setup uses a curl-install script, then onboarding to install the daemon, with configuration stored in ~/.openclaw/openclaw.json and a default WebSocket/HTTP port 18789.

When to Use It

Install OpenClaw from scratch on macOS or Linux
Deploy OpenClaw to a Hostinger VPS using Docker
Configure Anthropic as the model provider and auth flow
Connect Telegram or iMessage as messaging channels
Run post-setup health checks and security audits (doctor, security audit)

Quick Start

Step 1: Install OpenClaw — curl -fsSL https://openclaw.ai/install.sh | bash
Step 2: Run onboarding to install the daemon — openclaw onboard --install-daemon
Step 3: Verify config and run health checks — ensure ~/.openclaw/openclaw.json and run 'openclaw doctor' / 'openclaw security audit'

Best Practices

Set API spending limits in Anthropic console before pasting any API keys
Upgrade to version 2026.1.29 or later to mitigate CVE-2026-25253
Bind the Gateway to 127.0.0.1 and avoid exposing 0.0.0.0 publicly
Enforce DM policy as pairing or allowlist to reduce risk
Follow the security defaults references and perform regular health checks

Example Use Cases

Install OpenClaw on a macOS device and connect Telegram for chat access
Deploy OpenClaw to a Hostinger VPS using Docker and configure an internal gateway
Configure Anthropic Claude Opus 4.5 via OAuth for strong prompt-injection resistance
Wiring iMessage and Telegram channels for cross-platform communication
Run openclaw doctor and openclaw security audit after deployment

Frequently Asked Questions

Add this skill to your agents