Summary of "OpenClaw Full Tutorial for Beginners – How to Set Up and Use OpenClaw (ClawdBot / MoltBot)"

OpenClaw Full Tutorial — Summary

Overview

OpenClaw (formerly Claudebot / MoltBot) is a self-hosted, proactive autonomous agent runtime that connects messaging platforms (WhatsApp, Telegram, Discord, etc.) to agents which can execute real-world tasks such as calendar/email triage, running shell commands, controlling smart devices, and posting to social media.

Course goal: install and run OpenClaw, connect models, manage persistent memory, add and author skills, create multi-agent setups, and secure/sandbox agents so you can operate a persistent 24/7 AI operator while keeping data under your control.

---

Prereqs & Environment

• Primary interface: CLI (TUI is also used). Familiarity with terminal commands expected.
• Recommended knowledge: LLM basics, API usage, prompt/context engineering.
• Node.js required: version >= 22 (examples use Node 25).
• Hosting options:
  • Self-host locally (full host access) — useful for desktop/browser integrations.
  • VPS recommended for isolating host files and reducing risk.

---

Installation & Onboarding (practical steps & defaults)

• Install via npm:
  • npm install -g openclaw
• Run the onboarding wizard:
  • openclaw onboard
  • Use --install-daemon (or install-daemon flag) to install the gateway as a background service (launchd/systemd) so it auto-starts.
• Defaults:
  • Workspace path: ~/.openclaw (config and agent files live here).
  • Default gateway port: 18789.
  • Gateway bind choices: loopback (recommended for single-machine), LAN, Tailscale, auto/custom IP — changeable later via CLI.
• Model choices: Anthropic, Google, etc. Anthropic is recommended in the demo. Note: Google Flash 3 has a small free quota (20 req/day).
• Gateway token and channel pairing are handled during onboarding (CLA setup token / secret keys).

---

Core Concepts

• Gateway: long-running process that maintains platform connections and routes incoming messages to agents.
• Workspace: directory containing agent definitions, identity.md, agent.md, heartbeat.md, soul/tools scratch-pad, and user metadata. These files are editable and can be backed up to Git.
• Memory / Persistence:
  • bootstrap.md for one-time initialization.
  • Heartbeat runs periodically (default hourly) to perform recurring tasks.
• Configuration: JSON config files exist, but using CLI/TUI is safer than manual edits.

---

TUI / CLI Features

• Terminal User Interface (TUI): interactive setup and agent chat; supports many slash commands (around 46 defaults).
• Health & security commands:
  • openclaw security-audit
  • openclaw doctor (health checks/fixes)
  • openclaw status / openclaw health
• Slash commands: switch agents, run skills, inspect gateways, and more.

---

Channels & Demo Examples

• Pinchboard (example social app built with OpenClaw): demonstrates agent registration, verification via tweet, and posting (“pinch”).
• WhatsApp:
  • Enable plugin and pair: openclaw plugins enable whatsapp, then openclaw channels login to scan QR and pair account.
  • Recommended: use a dedicated phone number for the bot.
• Discord:
  • Create application, reset bot token, enable message content intent, invite bot with required scope.
  • Add guild/channel IDs to OpenClaw config so the bot can respond.
• Email:
  • Example “send email” skill written in Python using SMTP.
• Multi-channel demos showed web chat, WhatsApp, Discord, and email operating together.

---

Skills & Extensibility

• Skills:
  • Markdown-based (skill.md) with YAML front matter that instructs agents how to use tools/APIs and teach workflows.
  • Examples: Obsidian skill, Apple Notes via memo CLI, Gmail/email via Himalaya, image tools, Twitter, etc.
• Organization:
  • Per-agent skills live in the agent’s skills folder.
  • Shared skills live in openclaw/skills and are visible to all agents.
• Invocation:
  • Skills can be user-invocable (slash commands).
  • Token impact: each skill adds characters to the system prompt (roughly ~24 tokens per skill, varies).
• Clawhub:
  • Skill registry at clawhub.com.
  • Install via clawhub install <skill> (conceptually analogous to pip).
  • Treat third-party skills as untrusted — review before enabling.

---

Multi-agent Support

• Create and manage multiple agents with separate workspaces, profiles, tokens, sandboxes, and tool policies (for example: separate “work” and “personal” agents).
• CLI commands:
  • openclaw agents add <name>
  • openclaw agents list
• In the TUI, use /agents to switch active persona/session — useful to separate permissions, integrations, and behaviors between contexts.

---

Security & Sandboxing (critical)

Main risks:

• Prompt injection and arbitrary command execution — an agent with host access can run shell commands and modify files.

Best practices:

• Run on a VPS or use Docker sandboxing to isolate the host file system.
• Keep channels restricted (sender allow lists); avoid placing bots in group chats.
• Use a dedicated phone number for bot accounts.
• Scope and rotate tokens; treat third-party skills and code as untrusted.
• Run openclaw security-audit and openclaw doctor regularly.
• Prefer stronger LLMs (less susceptible to prompt manipulation).

Sandboxing modes and scope:

• Modes: none, all, sandbox (controls whether containers are used).
• Scope:
  • session — new container per session,
  • agent — one container per agent,
  • shared — all sandboxed agents share a single container.
• Tool policies:
  • Use tool.deny to block risky tools (e.g., exec, process, browser).
  • Elevated exec runs bypass the sandbox and execute on the host — dangerous and should not be enabled for untrusted senders.
• Browser control: restrict allowed domains or use sandboxed browsers.
• Demo: a Docker-based sandbox for the “work” agent (agent scope) was created and verified to be unable to access host desktop files.

---

Practical Tips & Commands Referenced

• Install globally:
  • npm install -g openclaw
• Onboard:
  • openclaw onboard (use install-daemon flag to install gateway service)
• Channels login (WhatsApp):
  • openclaw channels login
• Enable plugin:
  • openclaw plugins enable whatsapp
• Agent management:
  • openclaw agents add <name>
  • openclaw agents list
• Security / health:
  • openclaw security-audit
  • openclaw doctor
  • openclaw status
  • openclaw health
• Skills registry:
  • clawhub install <skill>
• Backup:
  • Keep workspaces backed up via Git (repo docs include instructions).
• Defaults and paths:
  • Workspace and token locations are created under ~/.openclaw (or a path chosen during onboarding).

---

Tutorial Structure (modules covered)

1. Recap of what OpenClaw is
2. Installation and onboarding
3. Workspace and memory (agent definition files)
4. Pinchboard (social agent demo)
5. Building a personal assistant with channels (WhatsApp, Discord, email)
6. Skills (writing, installing, invoking; Clawhub)
7. Multi-agent setups (separate workspaces/permissions)
8. Security (threats and mitigations)
9. Sandboxing (Docker isolation and scope options)

---

Example Demos Shown

• Onboarding and naming an agent (agent named “Nova”).
• Pinchboard: agent account creation and tweet verification.
• WhatsApp integration: QR pairing and 1:1 message exchange.
• Discord integration: bot creation, tokens, adding to server, responding to mentions, and demonstrating host file access.
• Email skill: send_email.py skill using SMTP to send an email.
• Created a sandboxed “work” agent (Docker) and verified it could not access host files.

---

Recommendations Emphasized

• Start conservative: limit channel access and tool permissions.
• Use sandboxing or run on a remote VPS to protect important files.
• Review third-party skills before enabling them.
• Use the CLI/TUI for configuration changes instead of editing JSON files directly.
• Back up agent workspaces to Git to persist configurations across devices.

---

Primary Speaker / Sources

• Instructor: Kian — presenter of the course and demos.
• Project: OpenClaw software/repository (referenced GitHub repo and GitHub Pages docs).
• Models & registries referenced: Anthropic, Google Flash, the Claude family, and the Clawhub skill registry.

End of summary.

Category

Technology

---

Share this summary

Share on X/Twitter Share on Facebook Share on LinkedIn Share on Reddit Share on WhatsApp Share on Telegram

---

Is the summary off?

If you think the summary is inaccurate, you can reprocess it with the latest model.

Reprocess summary

Video