What is OpenClaw? The Complete Guide to Self-Hosted AI Agent Gateways

What is OpenClaw?

OpenClaw is an open-source AI agent gateway — a self-hosted control plane that lets you interact with AI assistants (Claude, GPT-5, Gemini, local models) through the channels you already use: WhatsApp, Telegram, Discord, Slack, Signal, iMessage, and more.

Think of it as a universal remote for AI running on your own infrastructure.

Unlike cloud-based AI assistants where conversations flow through third-party servers, OpenClaw gives you:

Full data control — Everything stays on your infrastructure
Multi-channel access — Use one AI across 20+ messaging platforms
Security by design — Sandboxing, DM pairing, and permission controls
Extensibility — Add skills (plugins) for custom workflows

Key distinction: OpenClaw is the gateway, not the AI itself. It connects your messaging channels to AI providers (Anthropic, OpenAI, Google, and many more) while giving you security controls, multi-channel routing, and workflow automation that cloud assistants don’t offer.

“The hottest project in AI right now is Clawdbot, renamed to Moltbot, renamed to OpenClaw. It’s an open source implementation of the digital personal assistant pattern, built by Peter Steinberger to integrate with the messaging system of your choice. It’s two months old, has over 114,000 stars on GitHub and is seeing incredible adoption, especially given the friction involved in setting it up.”

— Simon Willison (@simonw), simonwillison.net

The Problem OpenClaw Solves

Modern AI assistants are powerful, but they come with serious limitations:

Cloud Lock-In

ChatGPT: Web/mobile app, data on OpenAI servers
Claude: Web/mobile app, data on Anthropic servers
GitHub Copilot: IDE and CLI, code sent to GitHub

You’re locked into their interfaces, their data policies, and their pricing.

Single-Channel Limitation

Each AI lives in its own silo:

ChatGPT = web/mobile app
Claude Code = your terminal
GitHub Copilot = your IDE + CLI

What if you want the same AI assistant available in:

WhatsApp (on your phone)
Telegram (in group chats)
CLI (for automation)
Discord (for team collaboration)

That’s what OpenClaw provides.

Security & Privacy Concerns

Your conversations, files, and credentials flow to external servers
Limited audit trails
No fine-grained permission controls
Can’t restrict what the AI accesses on your behalf

OpenClaw addresses all of this:

Self-hosted gateway — AI API calls route through your server
DM pairing — Unknown senders can’t message your agent
Sandboxing — Docker-based isolation restricts what the AI can access
Audit logging — Track every interaction

How OpenClaw Works

At its core, OpenClaw is a WebSocket-based gateway that:

Receives messages from multiple channels (WhatsApp, Telegram, CLI, web, etc.)
Routes them to the appropriate AI agent (via Pi, the embedded coding agent)
Executes actions using tools (file ops, shell, browser, APIs)
Enforces security policies before anything runs

Architecture

┌─────────────────────────────────────────────────┐
│  Channels (WhatsApp, Telegram, Discord, etc.)  │
└──────────────────────┬──────────────────────────┘
                       │
                       ▼
┌──────────────────────────────────────────────────┐
│              Gateway (WS Control Plane)          │
│         ws://127.0.0.1:18789 (default)           │
│                                                  │
│  - Session routing                               │
│  - DM pairing                                    │
│  - Multi-agent coordination                      │
│  - Tool execution (with sandbox)                 │
└──────────────────────┬───────────────────────────┘
                       │
                       ▼
┌──────────────────────────────────────────────────┐
│         Pi Agent (Embedded Coding Agent)         │
│    Supports: Claude, GPT-5, Gemini, local LLMs   │
└──────────────────────┬───────────────────────────┘
                       │
        ┌──────────────┼──────────────┐
        │              │              │
        ▼              ▼              ▼
    ┌──────┐      ┌───────┐      ┌───────┐
    │Files │      │ Shell │      │Browser│
    │ Tool │      │ Tool  │      │ Tool  │
    └──────┘      └───────┘      └───────┘

Key components:

Gateway: Long-running Node.js process that owns channel connections
Pi Agent: Embedded coding agent (supports Claude, GPT-5, Gemini, local models, and more)
Sessions: Per-user, per-group, per-channel conversation contexts
Tools: File operations, shell commands, browser automation, etc.
Skills: User-installable extensions (like apps for your agent)

Key Features

1. Multi-Channel Support (20+ Platforms)

OpenClaw connects to a wide range of channels — built-in and via plugins:

Built-in channels:

WhatsApp (via Baileys)
Telegram (Bot API via grammY)
Discord (Bot API)
Slack (Bolt SDK)
Signal (via signal-cli)
iMessage (macOS, via imsg)
BlueBubbles (recommended iMessage bridge)
Google Chat
WebChat (built-in browser UI)

Plugin channels:

Mattermost (Bot API + WebSocket)
Microsoft Teams (Bot Framework)
Matrix
LINE
Nextcloud Talk
Nostr (decentralized DMs)
Tlon (Urbit-based)
Twitch (IRC)
Zalo (Bot API + personal account)

Control surfaces:

CLI (openclaw agent, openclaw message send)
Dashboard (browser Control UI)
macOS menu bar app
iOS/Android nodes (paired devices)

One agent, everywhere. Send a message on WhatsApp, continue in Telegram, automate via CLI.

2. Self-Hosted & Private

The Gateway runs on your infrastructure:

Your laptop (macOS, Linux, Windows via WSL2)
A VPS (DigitalOcean, Hetzner, Oracle, AWS, GCP)
Raspberry Pi (for lightweight deployments)

What stays local:

Session state and conversation history
Configuration (API keys, channel tokens)
Tool execution (file ops, shell commands)

What goes to AI providers:

Your prompts/queries (sent to whichever provider you configure)
AI responses

OpenClaw does not run AI models itself (unless you point it at local models via Ollama or similar). It’s a gateway to cloud AI APIs with security controls layered on top.

3. Security-First Design

Unlike most AI assistants, OpenClaw has security baked in from day one:

DM Pairing (Default)

Unknown senders get a pairing code and the bot won’t respond until you approve them:

openclaw pairing list whatsapp
openclaw pairing approve whatsapp <code>

This prevents random people (or malicious bots) from accessing your AI.

Docker-Based Sandboxing

Restrict what the AI can do by running tools inside Docker containers:

{
  agents: {
    defaults: {
      sandbox: {
        mode: "non-main",  // Sandbox group/channel sessions
        scope: "session"   // One container per session
      }
    }
  }
}

Sandbox modes:

"off" — No sandboxing (tools run on host)
"non-main" — Sandbox group/channel sessions, but your direct chats run on host
"all" — Every session runs in a Docker container

You can also control workspace access (none, ro, rw) and scope containers per-session, per-agent, or shared.

Audit Logging

Track every action the AI takes:

{
  logging: {
    level: "info",
    destination: "~/.openclaw/logs/gateway.log",
    pretty: true
  }
}

Full guide: Security

4. Skills System (Extensible)

OpenClaw’s capabilities come from skills — AgentSkills-compatible folders containing a SKILL.md that teaches the AI how to use tools.

Bundled skills:

File operations (read, write, search)
Shell commands
Browser automation (Playwright)
Web search (Brave API)
Session management (multi-agent coordination)

Community skills (via ClawdHub):

Email integrations
Calendar management
Database queries
Custom API wrappers

Install a skill:

clawdhub install summarize  # Installs to workspace/skills/
clawdhub update --all       # Keep everything current

Skills are loaded from three places (highest to lowest precedence): workspace skills/, managed ~/.openclaw/skills/, and bundled. Because they’re markdown-based instructions rather than arbitrary code, they’re inherently safer than traditional plugins.

Full guide: Skills

5. Multi-Model Support

OpenClaw works with a wide range of AI providers — built-in and via custom config:

Built-in providers (no extra config needed):

Anthropic (Claude Opus 4.5, Claude Sonnet 4.5)
OpenAI (GPT-5.2)
OpenAI Code / Codex (OAuth)
Google Gemini (API key or Vertex)
OpenRouter (access to hundreds of models)
xAI (Grok)
Groq, Cerebras, Mistral
Z.AI (GLM models)
GitHub Copilot

Local models:

Ollama (Llama 4, Qwen 3, DeepSeek-R1, etc.)
LM Studio
Any OpenAI-compatible API endpoint

Configure your model:

{
  agents: {
    defaults: {
      model: { primary: "anthropic/claude-opus-4-5" }
    }
  }
}

Switch models on the fly in any chat with /model — no restart required.

Pro tip: OpenClaw supports Anthropic Claude Pro/Max subscriptions via OAuth for long-context performance and prompt-injection resistance. Run claude setup-token to authenticate.

Full guide: Models

6. Multi-Agent Routing

Run multiple agents with different personalities, tools, or models:

Each agent gets its own workspace, auth profiles, session store, and skills — fully isolated:

{
  agents: {
    list: {
      main: { 
        workspace: "~/.openclaw/workspace",
        model: { primary: "anthropic/claude-opus-4-5" }
      },
      researcher: { 
        workspace: "~/agents/researcher",
        model: { primary: "openai/gpt-5.2" }
      },
      coder: { 
        workspace: "~/agents/coder",
        model: { primary: "anthropic/claude-sonnet-4-5" }
      }
    }
  }
}

Route messages to agents via bindings based on:

Channel (WhatsApp → main, Discord → coder)
Account (different Telegram accounts → different agents)
Group/DM (specific groups → specific agents)

Agents can coordinate via sessions_list, sessions_send, and sessions_history tools.

Full guide: Multi-agent routing

“When you see how people use Claude Code/Codex/etc it becomes clear that managing agents is really a management problem. Can you specify goals? Can you provide context? Can you divide up tasks? Can you give feedback? These are teachable skills. Also UIs need to support management.”

— Ethan Mollick (@emollick), Twitter

7. Nodes (Device Pairing)

Pair iOS, Android, and macOS devices as nodes for device-local actions:

Camera: Take photos and video clips
Screen recording: Capture screen activity
Location: Get device GPS coordinates
Notifications: Push alerts to paired devices
Canvas: Render visual UIs on device screens
Voice Wake: Hands-free voice activation (macOS, iOS, Android)

Example:

openclaw nodes camera snap --node iphone --facing front

Full guide: Nodes

Getting Started

Prerequisites

Node.js 22+ (required)
npm or pnpm
An AI provider account (Anthropic, OpenAI, Google, or a local LLM via Ollama)

Installation

Recommended: npm global install

npm install -g openclaw@latest
# or: pnpm add -g openclaw@latest

Alternative: install script

curl -fsSL https://openclaw.bot/install.sh | bash

Verify:

openclaw --version

Onboarding Wizard (Recommended)

The wizard sets up everything: auth, channels, security, daemon.

openclaw onboard --install-daemon

What it does:

Configures AI model auth (OAuth, API keys, or claude setup-token)
Sets up channels (WhatsApp, Telegram, Discord, etc.)
Configures DM pairing (security)
Installs background service (launchd on macOS, systemd on Linux)
Initializes workspace + skills

Pro tip: For Anthropic, the preferred auth method is claude setup-token — run it anywhere, paste on the gateway host.

Start the Gateway

If installed as service:

openclaw gateway status

Manual start (foreground):

openclaw gateway --port 18789 --verbose

Dashboard (browser UI):

http://127.0.0.1:18789/

Connect a Channel

openclaw channels login

Scan the QR code with WhatsApp → Settings → Linked Devices.

Create a bot via @BotFather
Add token to config:

{
  channels: {
    telegram: {
      botToken: "123456:ABCDEF..."
    }
  }
}

Restart Gateway
First DM will show a pairing code — approve it:

openclaw pairing approve telegram <code>

Full guide: Getting Started

Common Use Cases

Personal Assistant

Manage calendar, email, tasks
Answer questions from your knowledge base
Voice-activated (macOS/iOS/Android with Voice Wake)

Development Automation

Code generation and review
Shell automation
Documentation generation
Multi-repo coordination

Team Collaboration

Shared AI in Slack/Discord
Role-based access (different agents for different teams)
Broadcast groups (one message → multiple agents)

Content Creation

Blog posts, social media, documentation
Multi-language content
Research + writing pipeline (multi-agent)

Security & Compliance

Audit trails for all AI interactions
Sandboxed execution for untrusted inputs
Self-hosted for data residency (GDPR, HIPAA)

OpenClaw vs Other AI Assistants

Feature	OpenClaw	ChatGPT	Claude (Web + Code)	GitHub Copilot
Self-hosted	✅	❌	❌	❌
Data control	✅ Full	⚠️ Cloud	⚠️ Cloud	⚠️ Cloud
Multi-channel	✅ 20+ channels	❌ Web/app	❌ Web/app/CLI	⚠️ IDE + CLI
Browser automation	✅ Built-in	❌	❌	❌
Custom skills	✅ Open system	⚠️ GPTs	⚠️ MCP servers	⚠️ MCP support
Sandboxing	✅ Docker-based	❌	❌	⚠️ Cloud sandbox
Multi-model	✅ Switch providers	❌ OpenAI only	❌ Anthropic only	⚠️ Limited
Multi-agent	✅ Native routing	❌	❌	⚠️ Coding agents
Open source	✅ MIT license	❌	❌	❌
Audit logs	✅ Full	⚠️ Limited	⚠️ Limited	⚠️ Limited
Cost	API costs + hosting	$20+/mo	$20+/mo	$10+/mo

Choose OpenClaw if:

You need data privacy (compliance, sensitive data, data residency)
You want multi-channel access (WhatsApp, Telegram, CLI, etc.)
You need customization (skills, multi-agent routing, workflows)
You value open source (audit the code, no vendor lock-in)

Choose ChatGPT/Claude/Copilot if:

You want zero setup (sign up and go)
You’re comfortable with cloud-based processing
You don’t need multi-channel or custom integrations

Full comparison: OpenClaw vs Other AI Assistants

Security Considerations

⚠️ OpenClaw gives AI access to your system. Deploy responsibly.

Before Production

Enable DM pairing (default, but verify):

{
  channels: {
    whatsapp: {
      dmPolicy: "pairing",  // Require approval for unknown senders
      allowFrom: ["+1234567890"]  // Optional allowlist
    }
  }
}

Enable sandboxing for groups/channels:

{
  agents: {
    defaults: {
      sandbox: {
        mode: "non-main",  // Sandbox non-main sessions
        scope: "session",  // One container per session
        workspaceAccess: "none"  // No host filesystem access
      }
    }
  }
}

Run security audit:

openclaw security audit --deep
openclaw doctor  # Health + security checks

Review logs regularly:
```
openclaw logs --follow
```

Security checklist:

✅ DM pairing enabled
✅ Sandboxing configured (for non-main sessions)
✅ API keys in config file (not hardcoded)
✅ Audit logging enabled
✅ Unknown skills reviewed before install
✅ openclaw doctor passes

Full guide: Security

What OpenClaw Is NOT

Let’s be clear:

Not a managed service — You run it, you maintain it
Not a no-code tool — Requires comfort with Node.js, CLI, and JSON config
Not self-hosted AI models — It’s a gateway to cloud AI APIs (unless you point it at Ollama or similar)
Not officially affiliated with Anthropic/OpenAI/Google — Community-driven open-source project
Not magic — Security depends on your configuration

If you want zero-setup AI and don’t care about data privacy, ChatGPT or Claude web are simpler choices. But if you need control, privacy, and flexibility, OpenClaw is purpose-built for you.

Learn More

Essential Reading

Getting Started Guide — Install and configure in 30 minutes
Configuration Reference — All config options explained
Security Guide — Lock down your deployment

Courses

Setup & Configuration — Hands-on setup walkthrough
Security Hardening — Production deployment best practices

Community

GitHub — Source code, issues, PRs
Discord — Community chat
ClawdHub — Skills registry
DeepWiki — Searchable docs

Conclusion

OpenClaw is a powerful, flexible, and secure AI agent gateway for developers who need more than what cloud assistants offer.

Core value props:

✅ Multi-channel — One AI, 20+ messaging platforms
✅ Self-hosted — You control data, infrastructure, and policies
✅ Security — DM pairing, Docker sandboxing, audit logs
✅ Extensible — Skills system, multi-agent routing, plugin channels
✅ Multi-model — Anthropic, OpenAI, Google, local LLMs, and more
✅ Open source — MIT license, no vendor lock-in

But with great power comes responsibility:

⚠️ Deploy securely — Enable DM pairing, configure sandboxing, review skills
⚠️ Monitor logs — Track what your AI is doing
⚠️ Start small — Test in dev before production

Your AI has access to your system. Configure it wisely.