QWE AI Academy Picture this: you message a Telegram chat called Brosef and ask it to triage your inbox, schedule a dentist appointment, and open a PR against your side project. It does, then pings you at 7 AM with a morning brief. That’s the end state of an OpenClaw assistant running on a small computer in your closet – an AI agent that lives in chat apps you already use and actually executes tasks instead of just generating text.
This guide walks backward from that result. We’ll compare the two ways most people install it, drill into the one that’s actually beginner-friendly, then look at the edge cases nobody warns you about until something breaks.
The 30-second background
OpenClaw is an open-source, self-hosted AI agent. It runs on your own device, answers you on channels you already use, and the Gateway is just the control plane – the product is the assistant. Under the hood it’s a long-running Node.js service that routes messages between a chat app and an LLM (Claude, GPT, Gemini, local models, whatever you wire up) and gives that LLM real tools: shell, browser, files, cron.
The project is free and open-source under the MIT license, first published in November 2025 by Peter Steinberger. It was then renamed twice in two months – to “Moltbot” on January 27, 2026, and three days later to “OpenClaw” – so if you find old guides referencing clawdbot or moltbot commands, that’s why. The reasons behind each name change aren’t documented in the official changelog.
Method A vs Method B: how you actually install it
Almost every tutorial online jumps straight into the manual CLI install. There’s a second path that’s faster for beginners and worth comparing honestly.
| Method A – Manual CLI | Method B – Let Claude Code do it | |
|---|---|---|
| How | npm install -g openclaw@latest then openclaw onboard |
Open Claude Desktop (Cowork mode) or Claude Code, say “install OpenClaw on this Mac” |
| Time | ~10-15 minutes if Node is already there | ~10-20 minutes, mostly hands-off |
| What you learn | Where files live, how the daemon runs | Almost nothing about internals |
| Risk | You skip a config step and silently end up insecure | You give a coding agent root-folder access to your machine |
| Best for | Anyone who’ll later debug their own setup | First-time setup on a dedicated machine you don’t mind reimaging |
Method B is real. Per the Dirk Paessler walkthrough: download Claude Desktop, open Cowork mode, tell it “Install and set up OpenClaw on this Mac,” and it handles Homebrew, Node, daemon setup, and channel wiring in one session. The catch is obvious – you’re handing a non-deterministic agent the keys to your machine to install another non-deterministic agent.
For a beginner article, Method A – the CLI install – is the better call, because the friction is the lesson. When something breaks later (and it will), you’ll know what to grep for.
The walkthrough for the CLI install
Shortest path that doesn’t skip the parts that matter. Node 24 is recommended; Node 22.16+ also works (per the npm package page).
# 1. Install
npm install -g openclaw@latest
# 2. Run the guided onboard wizard
openclaw onboard --install-daemon
# 3. After answering the wizard, sanity-check
openclaw doctorThe wizard picks up from there. You choose an LLM provider, paste a subscription OAuth token or raw API key, select which chat channels to connect, and the workspace lands at ~/.openclaw/. Gateway, channels, skills – it walks through each one. Five questions, maybe ten minutes.
Telegram is the easiest first channel: create a bot via BotFather (30 seconds), paste the token into the wizard, message your bot. Done. The same access-control model applies across all supported channels: WhatsApp, Slack, Discord, Signal, and iMessage.
Pro tip: After install, run
openclaw doctorbefore you ever message the bot from a new account. It flags risky DM policies, broken sandbox settings, and config drift. Treat it likebrew doctor: silent output means you’re fine.
What “safe defaults” actually means here
The defaults aren’t paranoid, but they’re sensible. According to the official security docs: the Gateway listens on port 18789 with bind 127.0.0.1 (loopback only), and the default DM policy is “pairing” – unknown senders receive a short code and the bot ignores their message until you approve it, codes expire after 1 hour, pending requests are capped at 3 per channel. You approve via openclaw pairing approve <channel> <code>.
The edge cases nobody mentions
This is where most tutorials wave at “watch out for security” and move on. Here are the specific traps that actually bite people.
The silent-pairing trap
You message your shiny new bot from a friend’s phone to show it off. Nothing happens. No error. No reply. You assume the install is broken.
What actually happened: the default DM policy is pairing. OpenClaw saw the new sender, generated a one-time approval code, and is sitting there waiting for you to authorize it. Until you do, the sender gets nothing – not even a “pending” notification. The pairing code is printed in the gateway logs, expires after one hour, and if you weren’t tailing logs at that exact moment, you missed it silently. Workaround: run openclaw pairing list <channel> after every test message until you’ve added trusted users to allowFrom.
The ClawHub skills lottery
Skills are how OpenClaw learns new tricks – folders with a SKILL.md file and (often) executable scripts, distributed through ClawHub. They look like browser extensions. They are not.
Publishing bar: a SKILL.md file and a GitHub account one week old. No code signing, no security review, no default sandbox. When you install a skill, it inherits the agent’s full permissions – file system, shell, credentials in scope.
The audit numbers, as of early 2026, are not encouraging. Koi Security reviewed all 2,857 skills on ClawHub and found 341 malicious entries – about 12% of the catalog – with 335 of them traced to a single coordinated campaign called “ClawHavoc” that distributed Atomic Stealer (AMOS) payloads. Snyk’s separate ToxicSkills study found that 36% of agent skills contain security flaws and confirmed 76 active malicious payloads, with 8 still listed on clawhub.ai at time of publication. Two independent research teams, similar conclusions.
Practical rule: install zero skills on day one. Add them deliberately, one at a time, and prefer ones with active maintainers and visible commit history.
The 0.0.0.0 mistake
If a tutorial tells you to change bind: "loopback" to 0.0.0.0 so you can reach the gateway from your phone – stop. Use Tailscale or an SSH tunnel instead. CrowdStrike’s research (early 2026) found over 42,000 publicly exposed OpenClaw instances. CVE-2026-25253 was a cross-site WebSocket hijacking vulnerability giving attackers full agent control – patched in version 2026.1.29, so anything older is exposed. Run npm install -g openclaw@latest regularly.
The headless Mac Mini quirk
Running OpenClaw on a Mac Mini with no monitor? Get an HDMI dummy plug – a small dongle you plug into the HDMI port that tricks macOS into thinking a display is connected. Without it, macOS behaves unexpectedly in headless mode: Screen Recording permissions can break, GUI apps won’t render correctly, and screen-capture-dependent skills fail silently. This is documented in zero official guides and ruins a lot of weekends. (Noted in the rentamac.io community setup guide, as of early 2026.)
An honest take on whether you should run it at all
Worth saying out loud: Microsoft’s security guidance recommends using OpenClaw only in isolated environments that do not have access to any non-dedicated credentials or data which must not be leaked. Translation: don’t run this on your work laptop logged into your bank.
A dedicated Mac Mini, a cheap VPS, or a fresh user account with FileVault on is the sane setup. The productivity ceiling is genuinely high – multi-channel routing, persistent memory, cron jobs. But the floor when it goes wrong is also unusually low, because the agent has shell access to whatever account it runs under. That asymmetry is worth sitting with before you onboard.
FAQ
Is OpenClaw free?
The software is MIT-licensed and free. You pay for whatever LLM you wire to it – your own Claude, OpenAI, or Gemini API key, or an existing subscription via OAuth.
Can I run it on Windows or Linux, or is Mac Mini mandatory?
Mac Mini is just the most-blogged setup because it’s quiet, low-power, and stays on. The runtime is Node.js, so it runs anywhere Node runs – including a $4/month Linux VPS. That’s actually a reasonable call for a single-user assistant: cheaper than a Mac Mini, and if something goes wrong the blast radius is contained to a throwaway server. You lose the macOS-only skills (iMessage, native screen capture, system TTS), but if you mainly care about Telegram or Slack, you won’t miss them.
How is this different from just using ChatGPT or Claude directly?
ChatGPT and Claude reply inside their own app. OpenClaw is the glue layer that lets those same models read your files, run shell commands, message you on WhatsApp at 7 AM, and react to webhooks while you sleep. It’s a runtime, not a model.
Next step: on a spare machine (or a fresh user account), run npm install -g openclaw@latest && openclaw onboard --install-daemon, connect one Telegram bot, and skip every ClawHub skill for the first week. Live with the base assistant before adding power tools.