Before You Start: Read This First
Don't want to deal with Clawdbot setup or the hassle of installing OpenClaw? That's fine. You won't miss out on anything life-changing. If you just want to try Clawdbot AI capabilities without the full OpenClaw local agent setup, scroll straight to the Web Alternative section at the bottom.
Feeling adventurous? Make sure you read the Security Risks section before diving in. Running it bare is asking for trouble!
Step 1: What Is OpenClaw (Clawdbot)?
Before installing Clawdbot (OpenClaw), it helps to understand what you're getting into. A little knowledge about this OpenClaw local AI agent goes a long way.
🦞 What is "Clawd"? (Culture & Lingo)
When you see people on Twitter or Reddit talking about "Clawd", Clawdbot, or the Clawdbot AI, they're not just referring to the Claude model. This is a community-coined term: Clawd = Claude Code + OpenClaw Workflow.
OpenClaw (formerly Moltbot/Clawdbot) was built by Vienna developer Peter Steinberger, and its mascot is a red lobster 🦞.
🦞 Why the Rebrand to OpenClaw?
On January 30, 2026, the project settled on OpenClaw.
- Open: Represents Open Source and Open Web.
- Claw: Retains the lobster heritage but sounds sharper and tool-like.
- Conclusion: The name changed, but the recipe didn't. It's still the same powerful local Shell assistant.
🤖 Clawdbot Is Not Just a Chatbot
Anyone who's used ChatGPT knows the drill: you ask, it responds. But OpenClaw is a "productivity beast". It's not just conversation—the OpenClaw agent has Agent (intelligent agent) core permissions that make OpenClaw unique among local AI tools:
- Clawdbot Shell Access: Can execute any terminal command on your machine.
- Browser Control: Can take over your Chrome, read logged-in sessions (like your email, bank accounts).
- File Read/Write: Can traverse your hard drive, modify code, even replicate itself.
- Multi-Channel Access: Connects to WhatsApp, Telegram, Slack, letting you remotely command your home computer from your phone.
🖥️ Why Everyone's Buying Mac Minis for Clawdbot
Mac Mini sales have spiked recently, driven by the rise of "Vibe Coding" using tools like Clawdbot. The best practice among hardcore geeks: Buy a dedicated Mac Mini as a "never-sleeping OpenClaw/Clawdbot server".
Example Scenario: Lying in bed watching Netflix, you send a Telegram message to your Mac Mini running OpenClaw (Clawdbot) at home. OpenClaw automatically pulls code, opens VS Code, runs tests, fixes bugs, and commits. Everything automated by your OpenClaw local AI agent.
Community Builders
Clawdbot Quick Start
curl -fsSL https://openclaw.app/install.sh | bashWorks on macOS, Windows & Linux. The one-liner installs Node.js and everything else for you.
Clawdbot Configuration Setup
After installing OpenClaw (Clawdbot), you'll be prompted to choose a configuration method. For first-time OpenClaw users, select Quickstart to get up and running quickly with default settings.
💡 Quickstart vs Custom
Quickstart: Uses default settings and gets you running in minutes. Perfect for testing and first-time users.
Custom: Allows you to configure API keys, models, and advanced settings manually. Choose this if you need specific configurations or are using a proxy.
Clawdbot Security Risks: Why Running Bare Is Dangerous
Clawdbot Critical Security Warning
Running unknown executable files (.exe) directly on your host machine exposes you to serious security threats including malware, viruses, and unauthorized system access. Even if the source seems trustworthy, there's always risk when executing binaries from third-party sources.
OpenClaw (Clawdbot) has Agent-level permissions, meaning this OpenClaw AIcan execute shell commands, access your browser sessions, and modify files. If your OpenClaw instance is compromised or misconfigured, it could:
- Access and steal sensitive data from your browser sessions
- Execute malicious commands on your system
- Modify or delete important files
- Install additional malware or backdoors
We STRONGLY recommend using Docker to isolateOpenClaw (Clawdbot) in a containerized environment, or deploying your OpenClaw Agent on a VPS (Virtual Private Server) separate from your main machine.
Clawdbot Installation Guide
Choose your platform and follow the instructions below to install OpenClaw (Clawdbot). We've organized OpenClaw setup guides by Mac, Windows, VPS, NAS, and GitHub/GitCodes.
macOS
The easiest way on Mac is using Homebrew to get OpenClaw running:
brew install openclaw
openclaw --tag betaWindows
For Windows, use PowerShell (recommended) or CMD to install OpenClaw:
# PowerShell
iwr https://openclaw.app/install.ps1 -UseBasicParsing | iex
openclaw --tag betaClawdbot VPS Deployment
Recommended VPSDeploying OpenClaw (Clawdbot) on a VPS is the safest option. It keeps your main machine secure while giving you 24/7 access to your OpenClaw Agent. Most VPS providers support Docker out of the box for OpenClaw.
# On your VPS (Ubuntu/Debian)
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
# Then run OpenClaw in Docker
sudo docker run -d \
--name openclaw \
-p 8080:8080 \
--restart unless-stopped \
openclaw/openclaw:latestClawdbot Docker Method (Safe)
Safety Warning
Running unknown .exe files on your host machine is risky. We
STRONGLY recommend the Docker method below to isolate potential threats.
Step 1: Install Docker
Download and install Docker Desktop from the official website for your platform.
Step 2: Pull the Docker Image
docker pull openclaw/openclaw:latestStep 3: Run the OpenClaw Container
docker run -d \
--name openclaw \
-p 8080:8080 \
--restart unless-stopped \
openclaw/openclaw:latestReplace 8080 with your preferred port if needed. Access at http://localhost:8080
Step 4: Verify OpenClaw Installation
docker ps | grep openclaw🛡️ Security Deep Dive: The Truth and Risks (Clawdbot Whitepaper)
⚠️ High-Energy Warning
OpenClaw (Clawdbot) official documentation explicitly states: "There is no 'perfectly secure' setup."
If you plan to run Clawdbot in a production environment or on a machine with sensitive data, you must read this entire section.
1. Core Definition: It's a SysAdmin, Not a ChatBot
OpenClaw (Clawdbot) was designed to "do things". In computing, "doing things" means: executing arbitrary commands. This isn't a bug—it's a feature. This also means it has extremely high privileges:
- ✅ Full shell access
- ✅ File system read/write permissions
- ✅ Cross-session persistent memory
2. Prompt Injection Attacks — The Unsolvable Problem
This is what keeps security experts up at night. Attackers can manipulate the Clawdbot AI to perform unintended actions through carefully crafted content (web pages, emails, documents).
🦞 Real Case: "The find ~ Incident"
Early in the project, a tester asked Clawdbot to run thefind ~command.Clawdbot happily complied and sent the entire home directory file structure to a public group chat.
Lesson: Even "harmless" requests can instantly leak your privacy.
3. Network Exposure Risks
By default, OpenClaw (Clawdbot) may listen on port 18789. If you misconfigure your Clawdbot (e.g., bind to 0.0.0.0) or expose it to the public internet via Tailscale Funnel:
- Token Brute Force: Attackers scan ports, brute-force tokens. Once successful, they can take over your machine.
- Unauthenticated Access: If no token is set, any local process can connect and modify configuration.
4. Browser Control Vulnerabilities
OpenClaw (Clawdbot) can control your browser sessions.
Risk Scenario: If your browser is logged into Gmail or online banking, and the Clawdbot Agentgets prompt-injected (or maliciously controlled), it can directly operate your accounts to transfer money or send phishing emails.
📊 Threat Matrix
| Threat Type | Severity | Likelihood | Impact |
|---|---|---|---|
| Prompt Injection (LM Injection) | 🔴 Critical | high | Arbitrary command execution, data leakage |
| Remote Code Execution (RCE) | 🔴 Critical | medium | Attacker gains full control of machine |
| Credential Leakage | 🟠 High | high | API keys, passwords stored in plaintext stolen |
| File System Destruction | 🟠 High | medium | Accidental deletion, malicious encryption |
📝 Clawdbot Final Recommendations
If you must use OpenClaw (Clawdbot) locally:
- Physical Isolation: Don't use your main machine! Don't use your main machine! Use a VPS or a spare Mac Mini.
- Network Isolation: Always run in a Docker container and configure a firewall.
- Sensitive Data: Never send passwords, API keys, or bank information in conversations (these are all logged).
🚀 Advanced Clawdbot Deployment
For developers and power users who want to push the limits.
🤖 Option 2: The "Clawdbot Jarvis" Method (Agentic NAS Deployment)
🔥 Deep Dive
Why manually type commands when you can let Claude Code be your DevOps engineer? This guide teaches you how to use Claude Code to automatically deploy OpenClaw (Clawdbot) to your home NAS via SSH.
Step 1: Prepare Your "Master Prompt"
Open your terminal (with Claude Code authenticated) and create a file named deployment_guide.md. Paste the following technical blueprint:
# OpenClaw (Clawdbot) NAS Deployment Technical Guide (For Claude Code)
## 1. Environment Preparation
**Goal**: Install prerequisites on a Debian-based Linux system (e.g., Ubuntu 22.04).
### Tasks:
1. Update system packages.
2. Install Node.js 22.x (using nodesource).
3. Install Git.
## 2. Installation
**Goal**: Clone the repo and run setup.
### Tasks:
1. Clone https://github.com/openclaw/openclaw
2. Run ./docker-setup.sh
3. Handle the interactive wizard (API keys/Tokens required).
## 3. Docker Compose Management
**Goal**: Manage the service via docker compose.
### Commands Reference:
- Start: docker compose up -d
- Logs: docker compose logs -f openclaw-gateway
- Stop: docker compose down
## 4. Configuration Paths
- Compose File: /path/to/openclaw/docker-compose.yml
- Config File: ~/.openclaw/openclaw.jsonHow it works: Claude Code reads this guide and automatically executes the Clawdbot deploymentsteps on your NAS via SSH. You're essentially using AI to deploy AI—letting AI be your DevOps engineer for Clawdbot.
Step 2: Execute the Agent
Copy the prompt below and paste it into Claude Code. Replace the sensitive data with your own.
/bug Reading the file "deployment_guide.md", please deploy OpenClaw (Clawdbot) to my NAS.
I authorize you to configure it fully. Here is the key data you need:
🔑 **Key Configuration Data:**
1. **API Key:** sk-ant-xxxx (Your Anthropic Key)
2. **Base URL:** https://your.proxy.site (If using a proxy)
3. **Discord Token:** xxxxx (Your Bot Token)
4. **NAS IP:** 192.168.0.xx
5. **SSH User:** your_username
6. **Sudo Password:** your_password (Required for Docker commands)
7. **SSH Port:** 22
**Execution Goal:** I want to see a running service. Handle the SSH connection and Docker setup autonomously.⚠️ Security Note
Make sure to replace all placeholder values (API keys, passwords, IPs) with your actual credentials. Never share your real credentials publicly.
Step 3: Final Configuration Injection
Once Claude reports success, open a NEW terminal window and run Claude Code again to inject your specific clawdbot.json settings:
Please find my API KEY and Base URL from previous context.
Update the `clawdbot.json` on the remote NAS with this specific structure:
{
"gateway": {
"tailscale": { "resetOnExit": false }
},
"models": {
"mode": "merge",
"providers": {
"anthropic": {
"baseUrl": "YOUR_BASE_URL",
"apiKey": "YOUR_API_KEY",
"api": "anthropic-messages",
"models": []
}
}
}
}Claude Code will automatically locate your API key and base URL from the previous conversation context and update the configuration file on your NAS.
🎉 Success!
You now have a fully isolated, dockerized OpenClaw (Clawdbot) running on your NAS, deployed entirely by AI. The service is running in a container, isolated from your main system, and accessible via SSH or your local network.
💡 The Philosophy: "Using AI to command AI to deploy AI." This is the core appeal ofClawdbot and Claude Code—letting AI act as your operations engineer. No manual command typing, no copy-pasting errors—just describe what you want, and watch it happen.
Clawdbot Troubleshooting
Container won't start
Check the container logs for errors:
Port already in use
Change the port mapping:
docker run -d --name clawdbot -p 8081:8080 clawdbot/clawdbot:latestOut of memory
Ensure Docker Desktop has enough memory allocated. Go to Docker Desktop Settings → Resources → Advanced and increase the memory limit.
Clawdbot FAQ
Clawdbot Gateway Disconnected: "unauthorized: gateway token missing"
If you see this error in the dashboard:
disconnected (1008): unauthorized: gateway token missing (open a tokenized dashboard URL or paste token in Control UI settings)This means the gateway requires authentication. You need to approve the Clawdbot device connection.
Solution:
Run these commands in your terminal:
clawdbot devices list
clawdbot devices approve <Request ID>Replace <Request ID> with the actual request ID shown in the clawdbot devices list output.
Alternative: Dashboard Settings
In the Dashboard's Gateway Access section:
- Enter your Gateway Token (found via
clawdbot doctor --generate-gateway-token) - Or use a tokenized dashboard URL:
clawdbot dashboard --no-open - Click Connect to apply changes