The OpenClaw Protocol: 2026 Implementation Standard

What Is OpenClaw?

OpenClaw is an autonomous AI agent platform by Peter Steinberger, open source on GitHub. Unlike config-heavy bots, you talk to it. Natural language in, actions out. It runs on your hardware and plugs into Telegram, WhatsApp, Discord, iMessage.

Flow: you message → Gateway (24/7 process) → LLM gets full context (personality, memory, rules) → model replies or calls tools. Tools = read/write files, run commands, search the web, send messages, schedule tasks. One message can kick off a full workflow: research, draft, save, notify.

The Gateway lives on your machine (VPS or Mac Mini). Your data stays yours. No platform fee. If the project vanished, your agent keeps running.

Note: OpenClaw was formerly known as Moltbot and Clawbot. Some older docs or config paths may still reference those names.

The compounding effect is real: in week one, your agent writes decent emails. By month three, it has skills for email, content writing, SEO audits, client onboarding, and lead research, all customized to your standards through repeated feedback.

Getting Started

Prerequisites

You'll need: a Telegram account (or WhatsApp/Discord), comfort with the terminal, Node.js v22+, and an AI service. Anthropic (Claude) or OpenAI are the main options. Claude is recommended; Google has updated Antigravity/Gemini usage terms, and using them with third-party tools like OpenClaw may violate their ToS. If you have a Claude Max subscription, Claude Code can install everything on a VPS for you.

Hardware: Local vs Cloud

Local (Mac Mini, ClawBox, Pi) keeps data on your desk (no monthly fee), better for sensitive workflows, easy migration (copy markdown files). Trade-off: you manage uptime and networking. VPS (Hetzner, DigitalOcean, Linode) is always-on and remote (good when 24/7 matters or you want zero hardware). Specs: 4+ vCPU, 8GB RAM (16GB preferred), 80GB+ storage. For local models, 2TB+ storage; 1TB fills fast with 200GB+ models.

The ClawBox comes with OpenClaw pre-installed: plug in, add your API key and bot token, and you're done in under 10 minutes. Mac Mini works if you want everything local (no monthly cost), better for data sensitivity. On a Pi or low-end mini PC, stick with cloud APIs; on a Jetson or ClawBox, local models with GPU acceleration work great.

Installation

The installer auto-detects your OS and handles everything (no repo cloning or manual config at this stage). Run:

curl -fsSL https://openclaw.ai/install.sh | bash

Windows (PowerShell): iwr -useb https://openclaw.ai/install.ps1 | iex. Verify with openclaw --version.

After install, OpenClaw launches an interactive TUI (terminal UI). Choose QuickStart (spacebar + enter) for safe defaults; you can refine things later. The TUI will walk you through model selection, messaging channel setup, skills, and API keys. For skills, you can say "Skip for now" initially. For API keys, you can decline each and add them later. For VPS, the "AI Installs AI" flow uses Claude Code to SSH in and set everything up (no Linux or DevOps experience required). Takes ~15 minutes.

Alternative (Linux): On Ubuntu/Debian, prep with sudo apt update && sudo apt install -y curl git build-essential. Install Node 20+ via nvm, then clone:

git clone https://github.com/OpenClaw/openclaw.git
cd openclaw
npm install
cp .env.example .env
# Edit .env with API keys, TELEGRAM_BOT_TOKEN, TELEGRAM_ALLOWED_USERS, then: npm start

Connecting Telegram (or WhatsApp, Discord)

Telegram: Message @BotFather → run /newbot → copy the bot token → paste it when OpenClaw prompts you. Add your user ID to the allowed list (message @userinfobot to get it). Once the bot is running, open your Telegram bot and run /start; it will give you config details to copy back to OpenClaw. WhatsApp, Discord, and iMessage use a similar auth flow during the onboarding wizard.

The Enterprise-Grade 10-Link Chain

Each link answers "why do we absolutely need this?" Connect them in order and your agent goes from chatty to enterprise-ready.

Security-First: The Hardened Standard

Same stack, security lens. For regulated or high-sensitivity deployments, this is the "hardened" standard.

Telegram vs Discord: Pick Your Workspace

Both work. Telegram is best for quick, on-the-go messages: one channel, fast, minimal. Open the app, send a note, done. Discord shines when you're at your desk doing deep work: multiple channels, one per agent or workflow, pings when something lands, a visual command center. Many practitioners use both: Telegram for quick hits, Discord for orchestration.

Discord lets you run several agents in parallel: research in one channel, scripts in another, alerts in a third. One OpenClaw install can spawn multiple sessions (orchestrator + specialists) without extra hardware. Keep your Discord server private; never let untrusted users message your agent (it has system access).

First Run & Choosing Your UI

OpenClaw gives you two ways to interact with your agent:

Select "Hatch in TUI" to launch. OpenClaw will ask a few simple questions: the bot's name, what it can call you. This personality configuration shapes every response. Once done, your agent has a unique identity and is ready to receive commands through both the terminal and your connected messaging platform.

You can now chat from Telegram (or WhatsApp, Discord) 24/7 and control your system from your phone. Ask something friendly first: "Hello, are you there?" or "What's the weather in my city?"

Enabling Web Search

Out of the box, your bot can chat and use basic tools. For complex tasks involving web searches, it needs a search backend. You have two main options:

• SearXNG (self-hosted, recommended): Tell your agent: "Install SearXNG on this server using Docker and configure yourself for web search." No API costs, no rate limits.
• Brave Search API: Go to brave.com/search/api, get an API key, and send it to your bot via Telegram. The bot will guide you through setup. Simpler but has usage limits.

Once configured, your agent can research, track trends, and save findings to markdown with sources. For X/Twitter or similar APIs: use official APIs only; scrapers and OAuth workarounds risk account suspension and ToS violations.

Ask your agent "How can you search the web for me?" It will guide setup in plain language.

The Brain Files

Every OpenClaw agent is defined by a set of files. Edit them and you reshape how the agent thinks and acts.

Tools vs Skills

The distinction matters: Tools grant raw capabilities: file access, command execution, web search, messaging. Skills provide the know-how: how to combine those capabilities for real tasks. Disable a Tool and that capability vanishes. Add a Skill and OpenClaw learns a new workflow without gaining new permissions.

read and write let it access files. exec lets it run system commands. web_search and web_fetch let it search and read pages. browser lets it click buttons and fill forms. message lets it send to Telegram, Slack, Discord. Skills like gog teach it how to use Google Workspace; github how to work with repos; obsidian how to organize notes. Skills don't add permissions; Tools control what's allowed.

For a Skill to actually work, three conditions must be met: (1) Configuration: is the Tool enabled? (2) Installation: is the bridge/CLI installed? (3) Authorization: did you log in and grant access? All three are required.

Config principles

• Disable what you don't need. Extra capability widens the attack surface.
• Require approval for exec. Commands run only after you confirm (a crucial safeguard against mistakes or injection).
• Bundled Skills load automatically. Use skills.allowBundled in whitelist mode to limit which ones run.
• Keep irreversible actions in your hands. Payments, public posts, messages to others (anything you can't undo) should stay manual.

OpenClaw has ~25 Tools (file ops, exec, web, browser, memory, sessions, message, cron, gateway) and 53 official bundled Skills (notes, email, GitHub, Slack, etc.). ClawHub hosts 3,000+ third-party Skills; review each before installing. For deeper dives, see the Lab.

{
  "approvals": {
    "exec": { "enabled": true }
  }
}

Onboarding Your Agent

How well you onboard your agent shapes every future interaction. A 20–30 minute interview works best: share your context and let the agent ask follow-ups. That upfront time compounds across months of use.

I've just set up OpenClaw. I need you to get to know me deeply.
Ask me one question at a time. Cover: my role and business, what eats my time most,
the tools I use today, where I want to be in 6 months, and what I'd automate first if I could.

When we're done, update USER.md with everything you learned.
Then give me 5 concrete ways you could start helping me this week.

Skills & Feedback

Skills are a folder of tools your bot can use for specific tasks (like mailing someone on your behalf, running SEO audits, or drafting content). During onboarding, OpenClaw may ask to configure skills; you can say "Skip for now" and add them later, or choose "Yes" and use npm. Each skill lives in skills/ with a SKILL.md file. If you put every instruction into brain files, those files bloat, and every message loads ALL brain files. Skills keep specialized instructions out of the main context until the agent needs them.

Three ways to create skills: (1) From scratch: describe what you want. (2) From a completed task: "Turn what you just did into a skill." (3) Walk the agent through step by step.

Make feedback stick: "Shorter next time" fixes one output. "Shorter next time, update the skill so drafts stay under 150 words" fixes every future run. Always tie feedback to a skill update when you want it to persist.

Warning: Always vet third-party skills. Cisco found malware in 37 popular skills. Read SKILL.md yourself before installing.

How to Prompt

Most people get disappointing results because they skip straight to execution. "Build me a landing page" → generic output. The fix isn't better prompts or fancier models; it's better process.

The golden rule: Flesh out before executing. Explain your idea → let the agent ask clarifying questions → agree on the approach → then execute. If a task will take the agent more than 10 minutes, spend at least 2 minutes defining it.

Reverse prompting: Instead of always telling the agent what to do, ask it questions. "Based on what we've done together, how would you fix this?" or "What would you change here?" or "If you were upgrading, what would you add?" The agent prompts you back, often surfacing insights you wouldn't have thought to ask for.

I'm aiming to [goal]. Before we build anything, let's align.
Ask me: who this is for, what constraints matter, what good looks like.
Then sketch a plan. I'll sign off before you start.

Planning & Build Logs

Most failed projects fail because they started building too fast. Any project with more than three steps or over two hours needs a plan document first. Not a conversation: a real file the agent (and you) can reference.

Build logs: Before building anything complex, create memory/build-project-name.md. Log every step. If a session crashes mid-build, the next session reads the log and picks up exactly where it left off.

Before we build, create memory/build-[project-name].md.
Include: goal, plan link, status, and what's next.
Read it at session start. Update after each major step.
If a session crashes, the next one picks up from the log.

Proactive AI

Heartbeats are periodic check-ins (default every 30 min) where your agent wakes up, reads HEARTBEAT.md, and acts. Cron jobs are exact-time tasks (morning report at 7 AM, overnight builder at 11 PM. The combination of cron (scheduling) and message (push notifications) turns OpenClaw from a chatbot into infrastructure that works while you sleep.

Each automation needs three pieces: when it runs, what it does, and where results land.

Automation examples

Config is straightforward. The real work is choosing what to automate. Pick the task that costs you the most time each day, automate that first, then layer on more.

Create HEARTBEAT.md. Structure:
- Every 30 min: booking alerts, urgent email flags
- Daily AM: calendar brief, lead status, content reminders
- Weekly Mon: analytics, pipeline, wins/losses

Keep it short. Reference skills for heavy tasks.

Sub-Agents

One OpenClaw install can run multiple sessions (you don't need five Mac Minis for five agents. Your main agent (orchestrator) spawns specialists: Research, Content, Outreach, SEO. Each gets its own SOUL.md and AGENTS.md. Start with 2–3 that match your bottlenecks.

• Space spawns 20–30 min apart to avoid rate limits
• Sub-agents are ephemeral: no heartbeats, one task per spawn
• Main agent monitors via build logs and its own heartbeat
• One discrete feature per spawn (never "build the whole thing")

Sub-agents give you context isolation: a writer doesn't see your client data. Lean context = fewer tokens and often better output within that specialty.

Security & Safe Usage

OpenClaw is powerful because it runs on your system and can take real actions: creating files, fetching data, executing commands. That same power is a security risk if you're not careful. Security researchers found 42,000+ exposed instances; 93% had auth bypass. Cisco found malware in 37 popular skills. The risk isn't malice; it's that the agent follows instructions literally, including vague or dangerous ones.

Why running locally requires caution

When you run OpenClaw on your computer or a VPS, you're allowing a chat interface to trigger actions on that system. Be concerned if your bot: has access to sensitive directories, runs with elevated privileges, is connected to a public or shared chat, or receives poorly scoped instructions. It can unintentionally overwrite files, leak API keys, or expose data.

On a local machine: vague instructions or misconfigured permissions can overwrite important files, leak configs, or modify project directories. On a VPS: the impact can be worse: corrupting services, exposing server data, or unintended access to production resources. Think of it as a programmable assistant with real system access, not a chat widget.

Safety measures

• Run OpenClaw as a non-privileged user
• Keep its working files in a dedicated directory
• Avoid connecting it to public or shared chats initially
• Be explicit when asking it to read or write files
• Test new capabilities on a disposable system or VM

Apply the same standard you'd use for a shell script: if you wouldn't run it with those permissions, don't give them to your agent. Begin with limited scope, watch how it behaves, then broaden gradually.

Hardening checklist

Run openclaw security audit --deep. Generate a gateway auth token. Set DM pairing and group allowlists. Lock BotFather (disable group adds, enable privacy). UFW: deny incoming, allow SSH. Config files 600, state dir 700. Enable log redaction. Sandbox sub-agents (deny tools they don't need). Add Tailscale for private networking. Vet every skill before install. Use Opus-class models for untrusted input (group chats, scraped data). Snapshot your config as a baseline.

Never let the agent verify its own security. Always read SKILL.md before installing. Least privilege always.

Optional Enhancements

After your core setup is stable, these upgrades are worth adding:

Troubleshooting

Frequently Asked Questions

Quick Reference

openclaw --version
openclaw onboard --install-daemon
openclaw gateway status
openclaw config edit
openclaw dashboard
openclaw logs
openclaw security audit --deep

First week: From chatty to consultative

Each day unlocks a new layer. By day 7 you have Input → Research → Identity → Drafting → Loop running.

• Day 1: Input Install, verify gateway, first message. Connect one channel (Telegram or Discord). You can talk to it. That's the baseline.
• Day 2: Voice + Search Groq Whisper (think out loud) + SearXNG (real-time context). Dedicated Gmail for the agent. Now it hears you and can research.
• Day 3: Identity Onboarding interview. Update USER.md. Import ChatGPT history if you have it. Your agent knows who you are before it acts.
• Day 4: Drafting Google Workspace (email, calendar, Drive). Test each. It can produce deliverables, not just suggestions.
• Day 5: Skills Pick one task to automate. Turn it into a skill. Repeatable workflow, not one-off.
• Day 6: Proactive HEARTBEAT.md (5–10 items). Morning cron (e.g. 7 AM brief). It reaches out to you now.
• Day 7: Scale Security audit. Snapshot baseline. Plan first sub-agent. You're ready for the loop.