OpenClaw (formerly Clawdbot): Your 24/7 Personal AI Assistant
OpenClaw has been making waves among developers lately. It crossed 100,000 GitHub stars in just a few weeks. I looked into what all the hype is about.
What is OpenClaw
In short, it's "Claude with hands." Unlike ChatGPT-style chatbots that only talk, OpenClaw actually executes tasks.
Ask "What's on my calendar tomorrow?" via WhatsApp or Telegram, and it calls the Google Calendar API to tell you. Say "Alert me if Tesla drops 5%," and it sets up the condition and actually sends you a notification when triggered. Email summaries, reminders, even terminal commands—it can do all of that.
It was originally called Clawdbot, but Anthropic sent a trademark request because the name sounded too similar to "Claude." It was then renamed to Moltbot, and finally settled on OpenClaw.
Installation is Simple
You need Node.js 22 or higher. Windows users must use WSL2.
npm install -g openclaw@latest
openclaw onboard --install-daemon
Running openclaw onboard launches a setup wizard. Enter your Anthropic API key, select channels to connect (WhatsApp, Telegram, Discord, etc.), and you're done. Docker installation is also available.
If you have a Claude Pro or Max subscription, you can generate a token with claude setup-token and use it without paying for API calls.
It Reaches Out Proactively
Normal chatbots only respond when you message them. OpenClaw can reach out first.
There are three mechanisms. First is Cron for scheduled tasks like "Summarize my emails every morning at 8am." Second is Heartbeat, which wakes up every 30 minutes to check conditions and alerts you when thresholds are met. Third is Webhook for external event triggers like notifications when a GitHub PR gets merged.
You don't need to write complex config files. Just say "Send me a summary of important emails every morning at 8am" in chat, and it sets everything up automatically.
Email and Calendar via API
Services like Gmail, Google Calendar, GitHub, and Slack connect through their respective APIs. The Skills system is modular, so you only add what you need.
For services without APIs, browser automation handles the job. Flight check-ins or scraping data from specific websites fall into this category.
The Gateway Connects Everything
The core of OpenClaw is the Gateway. It maintains all messaging channel connections, receives messages, passes them to the AI, and sends responses back. It's the central hub.
The Gateway runs as a WebSocket daemon at ws://127.0.0.1:18789. It runs 24/7 in the background, maintaining simultaneous connections to WhatsApp, Telegram, Slack, Discord, iMessage, and more. Session management, scheduling (Cron, Heartbeat), and security authentication are all handled by the Gateway.
Check status with openclaw gateway status and restart with openclaw gateway restart.
How Does It Receive Messages
Each platform uses a different method.
WhatsApp uses the Baileys library, which reverse-engineered the WhatsApp Web protocol rather than the official API. After linking a session via QR code, the Gateway maintains a WebSocket connection to receive messages in real-time. Your phone must stay connected to the internet, and you might not be able to use WhatsApp Web in the browser simultaneously.
Telegram uses Bot API long polling. Create a bot with @BotFather and get a token, then the Gateway periodically fetches new messages.
Slack uses WebSocket via the Bolt library, Discord uses Gateway WebSocket via discord.js, and iMessage is macOS-only, accessing the local Messages app through the imsg CLI.
Slack Integration
To use OpenClaw with Slack, you need to create a Slack App.
1. Create Slack App
Go to Slack API and select Create New App → From scratch. Specify the app name and workspace.
2. Enable Socket Mode
In the Socket Mode menu, toggle it on. Socket Mode lets you receive events via WebSocket without setting up a separate server.
3. Generate App-Level Token
Go to Basic Information → App-Level Tokens → Generate Token and Scopes. Enter a token name and add the connections:write scope. Copy the generated App Token (xapp-...).
4. Configure Bot Token
In OAuth & Permissions, add the following Bot Token Scopes:
chat:write- Send messageschannels:history- Read channel messagesgroups:history- Read private channel messagesim:history- Read DM messagesmpim:history- Read group DM messages
Click Install to Workspace to install the app, then copy the Bot User OAuth Token (xoxb-...).
5. Set Up Event Subscriptions
In Event Subscriptions, toggle it on and add message.im (DM messages) under Subscribe to bot events. To receive channel messages, add message.channels, message.groups, etc.
6. Configure App Home
In App Home, enable the Messages Tab. This allows users to DM the bot.
7. Configure OpenClaw
Add the tokens to your config file (~/.openclaw/config.json):
{
"channels": {
"slack": {
"enabled": true,
"appToken": "xapp-1-...",
"botToken": "xoxb-..."
}
}
}
You can also set them via environment variables:
export SLACK_APP_TOKEN=xapp-1-...
export SLACK_BOT_TOKEN=xoxb-...
Restart the Gateway to complete Slack integration:
openclaw gateway restart
User Token (Optional)
Adding a User Token (xoxp-...) lets you read more information like channel history, pins, and reactions. Add User Token Scopes under OAuth & Permissions and reinstall the app.
{
"channels": {
"slack": {
"enabled": true,
"appToken": "xapp-1-...",
"botToken": "xoxb-...",
"userToken": "xoxp-..."
}
}
}
By default, User Token is used for read operations only.
Who Sends the Messages
This also varies by platform.
WhatsApp has two options. Register a dedicated number for OpenClaw and messages go from that number. Connect your own number and messages appear as if you sent them. The dedicated number approach is recommended for cleaner routing.
Telegram messages come from the bot name you created with @BotFather. If you named it "MyAssistantBot," that's how it appears.
Slack uses your Slack App name, and iMessage uses your own account.
Note that the default policy is pairing—unknown senders only receive a pairing code, and an admin must approve before their messages are processed. OpenClaw won't randomly message your contacts.
iMessage Supports SMS Too
For iMessage, the --service auto option sends via iMessage to iPhone users and SMS to others. However, sending SMS requires enabling "Text Message Forwarding" on your iPhone to link it with your Mac. Mac alone can only do iMessage.
Conversation Memory is File-Based
OpenClaw remembering conversations isn't magic. It just saves to markdown files.
Long-term memory goes in ~/openclaw/MEMORY.md, with daily logs in files like ~/openclaw/memory/2026-01-28.md. Say "Remember this," and it writes to file, referencing it in future related conversations. It also builds a vector index for semantic search.
Start a conversation on WhatsApp, continue it later on Telegram—context is maintained because both reference the same files.
Terminal Permission Model
When OpenClaw executes terminal commands, it runs with the same permissions as the OS user running the Gateway. Run Gateway as root, and commands run as root. Run as a regular user, commands run as that user.
By default, sandboxing is off, so commands execute without approval. Convenient but risky.
Permission settings have three dimensions: host sets execution location (sandbox, gateway, node), security sets the security mode (deny, allowlist, full), and ask controls approval prompts (off, on-miss, always).
Requiring Approval Before Command Execution
The ask option lets you configure OpenClaw to request user approval before executing commands.
| Value | Behavior |
|---|---|
off | Execute immediately without approval (default) |
on-miss | Request approval only for commands not in allowlist |
always | Request approval before every command |
For example, if you want safe commands like git, npm, and curl to run immediately while requiring approval for everything else:
{
"agents": {
"defaults": {
"security": "allowlist",
"ask": "on-miss"
}
},
"allowedCommands": ["git", "npm", "curl"]
}
If you want approval for every command, set ask: "always". Approval requests are sent through connected messaging channels (WhatsApp, Telegram, etc.).
The practical approach is command whitelisting—explicitly allow specific commands and block everything else.
{
"allowedCommands": ["git", "npm", "curl"],
"blockedCommands": ["rm -rf", "sudo", "chmod"]
}
In security: "allowlist" mode, chaining (;, &&, ||) and redirections are also blocked. This prevents prompt injection attacks from chaining malicious commands.
For elevated permissions like sudo, use /elevated on per session. It's off by default.
Security Requires Attention
By default, OpenClaw has full host access. Terminal commands, file read/write—all possible. This is both the core feature and the risk.
There's a real prompt injection case. Someone sent an email with hidden instructions to an account OpenClaw had access to. OpenClaw followed those instructions and deleted all emails. Including the trash. This wasn't theoretical—it actually happened.
Security researchers reported finding over 1,600 exposed OpenClaw gateways on the internet. Credentials are stored in plaintext files, so configuration is essential.
First, don't run as root. Create a dedicated user.
adduser openclaw
usermod -aG sudo openclaw
su - openclaw
Second, set file permissions.
chmod 700 ~/.openclaw
chmod 600 ~/.openclaw/config.json
openclaw security audit --fix
Third, sandbox group/channel sessions. Solo use is fine, but groups where others can send messages should run inside Docker sandboxes.
{
"agents": {
"defaults": {
"sandbox": {
"mode": "non-main"
}
}
}
}
Git Permission Isolation with GitHub Apps
If you want OpenClaw to handle Git tasks but prevent direct pushes to main branch, creating a GitHub App is the best approach.
You don't need to create a separate GitHub account—you get a dedicated bot identity. Go to GitHub Settings → Developer settings → GitHub Apps → New GitHub App.
Set permissions to Contents (Read and write), Pull requests (Read and write), and Metadata (Read-only). Create the app, install it on your repo, generate an Installation token, and configure it in OpenClaw.
This way, commits appear under names like openclaw-app[bot], clearly separated from your personal account. Token expiration and renewal management is also more systematic.
Additionally, enable "Require a pull request before merging" in your repo's Branch Protection Rules for the main branch. This prevents anyone—including OpenClaw—from pushing directly to main. The safe workflow is letting OpenClaw create branches and PRs, then reviewing and merging manually.
Multi-Agent Setup
Sometimes you want separate agents for different purposes—personal vs work, or different configurations per project.
Define multiple agents in ~/.openclaw/openclaw.json:
{
"agents": {
"list": [
{
"id": "home",
"workspace": "~/.openclaw/workspace-home"
},
{
"id": "work",
"workspace": "~/.openclaw/workspace-work"
}
]
},
"bindings": [
{ "agentId": "home", "match": { "channel": "whatsapp", "accountId": "personal" } },
{ "agentId": "work", "match": { "channel": "slack" } }
]
}
The bindings determine which agent handles messages from which channel/account. WhatsApp personal account goes to the home agent, Slack goes to the work agent.
Add and manage agents via CLI:
openclaw agents add work
openclaw agents list --bindings
Chatting with a Specific Agent
From CLI, use the --agent flag to target a specific agent:
openclaw agent --agent work --message "What's on my schedule today?"
In the dashboard, the "Agents" menu appears after setting up multi-agent configuration. If you only have one agent, the menu won't show—you need at least two agents configured.
Pricing
OpenClaw itself is free, open-source under MIT license. Costs come from LLM API usage.
Light usage runs $10-30/month, heavy usage $70-150/month. With a Claude Max subscription ($100/month), you can use setup-token to avoid API costs, which may be more economical for heavy users.
Running 24/7 requires a server—keep your PC on, use a VPS like DigitalOcean ($6-12/month), or even run it on a Raspberry Pi.
Using with Claude Subscription
If you have a Claude Pro or Max subscription, you can generate a token with claude setup-token and use it with OpenClaw. This eliminates separate API costs.
A common concern is "Will generating a token log me out of Claude Code on my main computer?" The answer is no, both work simultaneously. setup-token creates a separate long-lived token without invalidating your existing Claude Code session.
However, there's a caveat. OAuth refresh tokens are single-use, so token refresh conflicts can occur. When Claude Code refreshes its tokens, the old refresh token that OpenClaw holds becomes invalidated. If this happens, run claude setup-token again to generate a new token, or restart the OpenClaw gateway.
This doesn't happen frequently, but if OpenClaw authentication suddenly fails, this is worth checking.
Is It Worth Trying
Honestly, setup and maintenance take some effort. Token refresh issues pop up occasionally, and security configuration is manual.
Still, if you need automation like "Send email summaries to WhatsApp every morning" or "Alert me immediately if the server goes down," it's worth trying. If you want an AI that actually works on your system rather than living in a browser tab like ChatGPT, this is currently the most polished open-source option available.