OpenClaw is a self-hosted, local-first autonomous AI agent platform. Unlike cloud-based assistants, it runs on hardware you control, keeping data on-premise while providing extensible capabilities through a skills system.

Who this is for: Security-conscious users who want autonomous agents without vendor lock-in; teams comfortable managing their own infrastructure.

The bottom line: Local-first means you control the data—but also the security burden. Treat it like any privileged system access tool.

What OpenClaw Does

OpenClaw is designed to be ambient: always running, periodically acting, integrated into your communication channels. It doesn’t wait for prompts—it proactively monitors and responds.

Core Components

ComponentFunctionKey Risk
GatewayLocal web dashboard + CLINetwork exposure
ConnectorsChat app integrations (15+ platforms)Message interception
SkillsDownloadable capability bundlesSupply chain attacks
HeartbeatScheduled task executionUnattended actions
LLM InterfaceAPI calls to Claude/OpenAI/local modelsAPI key exposure

Key Features

  • Local-first: Data stays on your hardware
  • Extensible: Skill system adds capabilities
  • Multi-platform: Connects to WhatsApp, Telegram, Slack, Discord, etc.
  • Scheduled execution: Heartbeat pattern for recurring tasks
  • Self-hosted: No vendor lock-in, full control

Installation

Prerequisites

  • Linux server or VPS (Ubuntu 20.04+ recommended)
  • Docker (optional but recommended)
  • API keys for LLM provider (Claude, OpenAI, or local)

Quick Start

1
2
3
4
5
6
7
8
9

# Download and install
curl -fsSL https://openclaw.ai/install.sh | bash

# Or use Docker
docker run -d \
  --name openclaw \
  -p 3000:3000 \
  -v openclaw-data:/data \
  openclaw/gateway:latest

Configuration

  1. Access the gateway: Navigate to http://localhost:3000
  2. Configure LLM provider: Add API key for Claude, OpenAI, or local model
  3. Set up connectors: Connect chat platforms (optional)
  4. Install skills: Add capabilities from ClawHub or custom sources

Skills System

Skills are structured instruction bundles that expand agent capabilities.

Installing a Skill

1. Find SKILL.md (on ClawHub or community sources)
2. Send skill link to your agent via connected chat
3. Agent fetches, parses, and activates the skill
4. New capabilities are immediately available

Warning: Installing a skill is functionally equivalent to running arbitrary code. OpenClaw’s documentation explicitly warns: treat skill installs like running arbitrary code.

SkillPurposeRisk Level
web-searchSearch the internetMedium
file-systemRead/write local filesHigh
code-executionRun shell commandsCritical
moltbookConnect to Moltbook social networkHigh

Security Model

The Local-First Tradeoff

SaaS model: Vendor secures the platform, you trust their team
Local-first model: You secure everything, the vendor provides code

This isn’t inherently worse—many organizations can secure local infrastructure better than they can audit SaaS. But it requires understanding the risks.

Core Risks

  1. Prompt injection — Direct and indirect attacks via connected channels
  2. Supply chain — Malicious or compromised skills
  3. Gateway exposure — Misconfigured dashboard accessible from internet
  4. Privileged access — Agent typically runs with broad permissions
  5. Fetch-and-follow — Platform integrations create remote control paths

See /risks/openclaw/architecture-risk/ for detailed analysis.

Quick Hardening

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

# Bind gateway to localhost only (not 0.0.0.0)
--bind 127.0.0.1:3000

# Run in Docker with read-only filesystem
docker run --read-only --tmpfs /tmp ...

# Network isolation: no access to sensitive subnets
--network isolated

# Disable risky skills by default
SKILL_ALLOWLIST=web-search,reminders

Use Cases

Good Fits

  • Personal automation — Reminders, scheduling, information monitoring
  • Low-risk experimentation — Isolated environments, burner accounts
  • Privacy-sensitive workflows — Data that can’t leave your infrastructure
  • Custom integrations — Connecting to internal systems

Avoid For

  • Production systems — Without significant hardening
  • Sensitive data — Healthcare, finance, PII without compliance review
  • High-availability needs — Self-hosted means you manage uptime
  • Teams without security resources — The security burden is on you

Architecture

┌─────────────────────────────────────┐
│           User Devices              │
│  (Chat apps: WhatsApp, Slack, etc)  │
└─────────────┬───────────────────────┘
              │
┌─────────────▼───────────────────────┐
│          Connectors                 │
│   (Protocol adapters for each app)  │
└─────────────┬───────────────────────┘
              │
┌─────────────▼───────────────────────┐
│          Gateway                    │
│  (Core orchestration, web UI, CLI)  │
└─────────────┬───────────────────────┘
              │
┌─────────────▼───────────────────────┐
│          Skills                     │
│   (Capability bundles, extensible)  │
└─────────────┬───────────────────────┘
              │
┌─────────────▼───────────────────────┐
│          LLM Interface              │
│    (Claude, OpenAI, local models)   │
└─────────────────────────────────────┘

Pricing

OpenClaw is open source and free to run. Your costs:

ComponentCostNotes
SoftwareFreeMIT license
Infrastructure$5-50/moVPS or home server
LLM APIVariableDepends on usage and provider
SkillsUsually freeCommunity or self-developed

Cost comparison: Self-hosting avoids per-seat SaaS fees but requires infrastructure expertise.

Alternatives

ToolTypeKey Difference
MoltbookAgenticSocial network for agents, not a platform
CodexCodingCloud-based, human-in-the-loop

Security:

Incidents:

Implementation:

Last updated: February 1, 2026. OpenClaw is a rapidly evolving project—verify current documentation at docs.openclaw.ai.