How to Set Up OpenClaw Safely

Set up OpenClaw on your own machine and connect it to a model, workspace, and channel.

This guide is for developers who want an open-source AI assistant that can run tools, manage memory, and automate tasks on hardware they control. By the end, you will have OpenClaw installed, connected to a model provider, pointed at a safe workspace, and ready to process messages from a chat channel.

OpenClaw is a self-hosted agent runtime, not a chatbot. It routes requests through a local Gateway service, executes approved actions on your machine, and stores sensitive keys away from connected apps. That makes it powerful, but it also means setup and safety checks matter from the first run.

Before you start

• Node.js 24, or Node.js 22.19
• Git 2.40+
• An API key for Anthropic, OpenAI, Google, or AWS Bedrock, or a local model server such as Ollama or LM Studio
• For local models: 64,000-token context window minimum
• macOS 13+, Ubuntu 22.04+, or Windows 11 with WSL2 and Ubuntu
• A dedicated workspace folder that does not contain personal files
• Optional: a chat account for WhatsApp, Telegram, Discord, Slack, Google Chat, Signal, iMessage, Matrix, or Microsoft Teams

Step 1: Clone the OpenClaw repository

Goal: download the OpenClaw codebase so you can install and run the Gateway locally. The project is open source and documented in its GitHub repository, so start by pulling the official source before you configure anything else. See the docs at docs.openclaw.ai and the code at github.com/openclaw/openclaw.

git clone https://github.com/openclaw/openclaw.git
cd openclaw

Verification: you should see the repository files, including the Gateway app and workspace-related folders, in your terminal.

Step 2: Install Node dependencies

Goal: prepare the local runtime that powers OpenClaw’s Gateway service. OpenClaw depends on Node.js, so install packages before you try to start the agent or load any model settings.

npm install

Verification: you should see a completed install with no missing-package errors, and a populated node_modules directory.

Step 3: Configure model access and secrets

Goal: connect OpenClaw to a reasoning model and keep keys inside the Gateway instead of exposing them to connected apps. This is the most important setup step because OpenClaw is the orchestration layer, not the model itself.

cp .env.example .env
# edit .env and add your provider key
# example values may include OPENAI_API_KEY, ANTHROPIC_API_KEY, or OLLAMA_BASE_URL

Verification: you should be able to open the config file and confirm that your provider key and model settings are present, while chat clients still have no direct access to them.

Step 4: Start the Gateway service

Goal: launch the background service that routes messages, runs tools, and manages memory. The Gateway listens on port 18789, so once it starts, OpenClaw can coordinate terminal commands, browser actions, and file operations through one control point.

npm run gateway

Verification: you should see a startup message indicating the Gateway is running, and a local listener on port 18789.

Step 5: Create a safe workspace and memory files

Goal: give OpenClaw a dedicated place to store durable memory and task state without exposing your home directory. OpenClaw uses Markdown files such as MEMORY.md, SOUL.md, and AGENTS.md in its workspace, so keep that workspace isolated from sensitive data.

mkdir -p ~/.openclaw/workspace
printf "workspace ready\n" > ~/.openclaw/workspace/MEMORY.md

Verification: you should see the workspace folder and the MEMORY.md file, and the agent should load that location on the next session start.

Step 6: Connect one channel and run a test task

Goal: prove that OpenClaw can receive a message, route it through the Gateway, and return a tool-assisted response. Start with one channel, such as Slack or Telegram, before you add more integrations or third-party skills.

# example only: wire your chosen channel in the OpenClaw config
# then send a test prompt like:
# "List the files in my workspace and summarize them."

Verification: you should see the assistant respond in the same channel, and the Gateway logs should show a routed request plus a successful tool call or file read.

Common mistakes

• Using the wrong Node version: upgrade to Node 24, or Node 22.19 if your environment is pinned.
• Pointing OpenClaw at your home directory: create a dedicated workspace folder and keep secrets out of it.
• Installing random skills from ClawHub: inspect the SKILL.md file first, and skip anything that tells you to paste shell commands or run unfamiliar binaries.

What's next

Once OpenClaw is running, the next step is to add guardrails: limit tool permissions, set token caps for scheduled jobs, and test one narrow automation before you expand to browser control, repository workflows, or recurring briefings.