OpenClaw

Architecture

The Gateway is the always-on control plane that manages sessions, channel routing, tool dispatch, and events. It binds to ws://127.0.0.1:18789 by default and serves both a Control UI and a WebChat interface. Connected clients include the Pi agent (RPC mode), CLI, macOS companion app, and iOS/Android nodes.

How It Works

You send a message through any connected channel — WhatsApp, Telegram, Slack, or the WebChat. The Gateway routes it to the configured LLM, which generates a response and can invoke local tools (shell commands, browser actions, file operations, API calls) to complete tasks on your behalf.

• Multi-channel routing — DMs and group isolation with per-channel chunking
• Voice interfaces — wake words on macOS/iOS, continuous voice on Android
• Canvas & A2UI — agent-driven visual workspace
• Browser control — dedicated Chromium instance with snapshots and actions
• Automation — cron jobs, webhooks, Gmail Pub/Sub integration

Origin Story

Created by Austrian developer Peter Steinberger (PSPDFKit founder), OpenClaw launched in November 2025 and went viral in late January 2026. A trademark dispute with Anthropic forced two rebrands in four days. The project is fully open-source under MIT license with 50,000+ GitHub stars.

Prerequisites

• Node.js ≥ 22 — required runtime
• Package manager — npm, pnpm, or bun
• Platforms — macOS, Linux, Windows (WSL2 recommended)

Quick Install

The recommended approach uses the interactive wizard:

npm install -g openclaw@latest

openclaw onboard --install-daemon

This installs the Gateway daemon as a system service (launchd on macOS, systemd on Linux). The wizard walks you through gateway setup, workspace config, channel connections, and skill installation.

From Source (Development)

For contributors or those who want bleeding-edge:

1. git clone https://github.com/openclaw/openclaw.git
2. cd openclaw && pnpm install
3. pnpm ui:build && pnpm build
4. pnpm openclaw onboard --install-daemon
5. pnpm gateway:watch for dev loop with auto-reload

Update Channels

Switch between release tracks with openclaw update --channel stable|beta|dev. Stable gets tagged releases, beta gets prereleases, and dev tracks the head of main.

Major Channels

• WhatsApp — via Baileys (no Business API needed)
• Telegram — via grammY framework
• Slack — via Bolt SDK
• Discord — via discord.js
• Signal — via signal-cli
• iMessage — via BlueBubbles (macOS required)
• Google Chat — Workspace integration
• Microsoft Teams — Bot Framework

Additional Channels

Also supports Matrix, IRC, Feishu, LINE, Mattermost, Nextcloud Talk, Nostr, Synology Chat, Tlon, Twitch, Zalo, and the built-in WebChat UI.

Group vs DM Behavior

In groups, OpenClaw supports mention-gating (only responds when @mentioned), reply tags, and per-channel routing. DMs use pairing mode by default — unknown senders get a verification code and the bot won't process messages until approved.

Chat Commands

Available across all channels:

• /status — session info with model and token usage
• /new or /reset — reset the conversation
• /compact — summarize and compress context
• /think <level> — set reasoning depth (off/minimal/low/medium/high/xhigh)
• /verbose on|off — toggle verbose output
• /restart — restart the gateway

Skill Types

• Bundled skills — ship with OpenClaw (browser, shell, file operations)
• Managed skills — curated by the team, installed from ClawHub
• Workspace skills — custom skills scoped to your workspace

Popular Skills

• Browser control — navigate, click, fill forms, take snapshots
• Image generation — DALL-E, Gemini via nano-banana-pro or openai-image-gen
• Calendar & reminders — Apple Calendar, Google Calendar integration
• Email management — Gmail Pub/Sub, IMAP, draft and send
• Home Assistant — smart home device control
• GitHub integration — PR review, issue management, CI/CD monitoring

Auto-Discovery

When you ask OpenClaw to do something it can't do natively, it searches ClawHub for relevant skills, shows you what it found, and installs with your approval. Skills are sandboxed per-workspace with install gating.

Bind Address

OpenClaw binds to 0.0.0.0 by default, meaning it listens on every network interface. A Bitdefender audit found over 135,000 instances sitting wide open on the internet. Change the bind address to 127.0.0.1 immediately.

DM Security Policy

• Pairing mode (default) — unknown senders are blocked until you approve a verification code
• Open mode — requires explicit allowlist configuration. Only enable if you understand the risks.

Run openclaw doctor regularly to surface risky DM policies.

Hardening Checklist

1. Run as a dedicated non-root user with minimal permissions
2. Bind Gateway to 127.0.0.1 — never expose to public internet
3. Use Tailscale Serve or SSH tunnels for remote access
4. Set up command allowlists — restrict which shell commands the agent can run
5. Use read-only filesystem where possible, mount only needed directories
6. Drop Linux capabilities, run with minimal container privileges
7. Use environment variables for secrets — never paste API keys into chat
8. Review ClawHub skills before installing — stick to managed/verified
9. Use the strongest available LLM (e.g. Claude Opus) to resist prompt injection

Known Vulnerabilities

CVE-2026-25253 (CVSS 8.8) — a remote code execution flaw disclosed January 30, 2026. Censys tracked 21,000+ exposed instances within 24 hours. Patch immediately if you haven't already.

Morning Brief

Set a cron schedule (most users pick 7–8 AM) and OpenClaw queries your connected services — calendar APIs, weather APIs, RSS feeds, email inbox — synthesizes everything, and sends a formatted briefing to your preferred channel.

Email Management

One early adopter reported clearing 4,000+ unread emails by actually processing them — not just marking as read. OpenClaw can triage by urgency, draft replies, flag items needing response, and send a daily digest summary.

Task & Note Management

Manage your day across Apple Notes, Apple Reminders, Things 3, Notion, Obsidian, and Trello — all from a single conversation. Extract grocery lists from chat messages, consolidate into shared documents with category organization.

Other Productivity Uses

• Voice journal — transcribe daily voice notes into structured entries with mood, highlights, and lessons
• Meeting transcription — recordings to text with action items, assigned owners, and deadlines
• Package tracking — monitor deliveries from confirmation emails and alert on status changes
• Meal planning — recipes based on ingredients, dietary restrictions, and weekly plans with grocery lists

Server Health Monitoring

Monitor CPU, memory, and disk thresholds. When usage exceeds defined limits, OpenClaw triggers notifications to your preferred channel. No need to set up a separate alerting stack for simple checks.

CI/CD Pipeline Monitoring

Watch GitHub Actions, GitLab CI, or Jenkins. Get alerts on build failures, test errors, and deployment completions. Ask follow-up questions about logs and errors in natural language.

Shell Commands

Execute permitted terminal commands — disk usage checks, service restarts, log viewing — with allowlist restrictions and full logging. Elevated bash access is toggled per-session via /elevated on|off when enabled and allowlisted.

Pull Request Review

Summarize code changes, flag risky patterns, suggest review questions, and highlight large file modifications. Integrates with GitHub and GitLab APIs.

Dependency Scanning

Identify outdated packages, prioritize security updates, and generate step-by-step upgrade checklists with rollback plans. Useful for maintaining multiple projects.

Home Assistant Integration

Connect to Home Assistant via webhooks or the API. Control lights, plugs, thermostats, and run automations through natural language commands. "Turn off the office lights" or "set the bedroom to 68 degrees" from any messaging channel.

Device Control

• Philips Hue — lights, scenes, and schedules
• Elgato — Key Light, Stream Deck actions
• IFTTT / webhooks — trigger any connected service
• Health wearables — pull daily metrics from fitness trackers

Browser Automation

OpenClaw spins up a dedicated Chrome/Chromium instance with snapshot and action capabilities. It can log into web tools, fill forms, scrape data, and submit repetitive tasks. Best used for trusted internal dashboards.

Companion Apps

• macOS — menu bar control, voice wake, PTT overlay, SSH remote gateway
• iOS — Canvas, voice wake, talk mode, camera, screen recording, Bonjour pairing
• Android — chat, voice, Canvas, camera/screen capture, SMS, contacts, calendar, motion

Content Creation

• Brainstorming — generate blog post ideas, headlines, and outlines based on target audience and content gaps
• Draft generation — expand bullet-point outlines into full articles with tone, transitions, and word count constraints
• Image generation — create on-brand social visuals via DALL-E or Gemini skills
• Content repurposing — adapt one post into X threads, LinkedIn posts, Instagram captions, newsletters

Brand Monitoring

Search X for brand mentions, analyze sentiment, identify influential posts, and flag customer complaints requiring response. Schedule periodic checks and get alerts to your messaging channel.

Client Onboarding

Automate folder creation, send templated welcome emails, schedule kickoff calls, and add follow-up reminders. Reduces onboarding from hours to a single message.

Expense & KPI Tracking

• Expense tracking — extract vendor, date, amount, and category from receipt photos; log to spreadsheets
• KPI reporting — browser automation captures dashboard metrics, posts snapshots to Slack/Discord with summaries
• Product comparison — compile web research into structured reports comparing options with pricing and trade-offs

Private Document Assistant

Use Ollama for local LLMs to summarize, search, and extract answers from sensitive files without sending anything to external APIs. Perfect for confidential business documents.