How to Set Up OpenClaw (Without Losing Your Mind, Your Money, or Your Data)

OpenClaw (formerly Clawdbot / Moltbot) is an open-source AI assistant that lives on your computer and connects to your favorite chat apps—WhatsApp, Telegram, Slack, Discord, iMessage, you name it. It can manage your calendar, clear your inbox, browse the web, write code, and automate tasks while you sleep.

Sounds amazing. And it is. But here's the thing: you're giving an AI agent shell access to a computer. That's "letting a stranger drive your car" levels of trust. So before you dive in, let's set this up the right way—safely, affordably, and effectively.

This guide pulls from OpenClaw's official docs, Nate Herk's VPS walkthrough, Fahd Mirza's Ollama setup tutorial, and Nate's advanced "Klaus" build.

First up: the TL;DR...

If you only have two minutes, read this.

Rule #1: Never run it on your personal machine. If the bot hallucinates, it can dump your entire home directory. Use a VPS (DigitalOcean, Hetzner, Hostinger) for ~$5-12/month, or a dedicated "burner" Mac Mini.

The quick setup (VPS route):

1. Spin up Ubuntu 24.04 with at least 2 vCPU and 8GB RAM
2. Create a dedicated user (never run as root): adduser claude && su - claude
3. Install Node.js ≥22: curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash - && sudo apt-get install -y nodejs
4. Install OpenClaw: npm install -g openclaw@latest
5. Run the wizard: openclaw onboard --install-daemon
6. Run the security audit immediately: openclaw security audit --fix

Critical security moves:

• Create dedicated Gmail, Google Drive, and service accounts for the bot (not your personal ones)
• Never paste API keys in chat; use a .env file
• Set spending caps in your Anthropic dashboard before deploying

Model options: Claude Sonnet ($3/$15 per 1M tokens) is the sweet spot. Haiku ($1/$5) for routine tasks. Or run local models free via Ollama if you're technical and patient.

The heartbeat system wakes the bot on a schedule to check for tasks. Set it to 30 minutes in your config: "heartbeat": { "every": "30m" }

Fair warning: Memory management is frustrating. The bot frequently forgets previous conversations. Create soul.md and user.md files to help it remember who it is and who you are. Force it to write plans before executing anything complex.

Here's an alt set-up guide from Bhanu Teja P you can follow instead if you're interested.

Now, let's dive into the details a bit more in depth for a more step-by-step guide to get this thing up and running.

Step 0: Decide Where to Run It

This is the most important decision you'll make. Do not run OpenClaw on your personal machine. If the bot hallucinates, gets prompt-injected, or just has a bad day, it can read your files, dump your directory structure, or worse. On Day 1 of OpenClaw's life, someone asked it to run find ~ and it happily dumped an entire home directory into a group chat. Lesson learned.

You have three options:

Option A: A VPS (Virtual Private Server)—Recommended for most people. A VPS is basically a "burner computer" in the cloud. If something goes wrong, the blast radius is contained. Nate Herk's video walks through this using Hostinger, but you can also use DigitalOcean (they have a one-click OpenClaw deploy), Hetzner, or any Ubuntu VPS. A KVM2 plan (2 vCPU, 8GB RAM) running Ubuntu 24.04 is plenty to start. Expect ~$5–12/month.

Option B: A dedicated physical machine. Some folks use a Mac Mini or old laptop. Same idea as a VPS—isolate it from your personal stuff. If you go this route, treat it like a work computer you wouldn't log into your personal bank on.

Option C: Docker container on your existing machine. OpenClaw supports Docker and can sandbox tool execution inside containers. This is a middle ground—less isolated than a VPS, but better than running it bare on your daily driver. Good for testing; not ideal for production.

Step 1: Set Up Your "Safe" Environment (VPS Route)

Following Nate Herk's VPS tutorial:

1. Spin up a VPS. On Hostinger (or your provider of choice), select a KVM2 plan with at least 2 vCPU and 8GB RAM. Choose Ubuntu 24.04 LTS as your OS.

2. SSH in and create a dedicated user. Never run the bot as root. This is Security 101:

ssh root@

adduser claude

usermod -aG sudo claude

su - claude

You've now created a sandboxed user called "claude" that the bot will operate under. If something goes sideways, the damage is limited to this user's permissions.

3. Install Node.js. OpenClaw requires Node ≥22. The easiest way:

curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -

sudo apt-get install -y nodejs

4. Install OpenClaw:

npm install -g openclaw@latest

5. Run the onboarding wizard:

openclaw onboard --install-daemon

The wizard walks you through API key setup, channel connections (WhatsApp, Telegram, etc.), and generates a gateway auth token automatically. Don't skip the auth token—it's what prevents random network traffic from talking to your bot. Read more about the onboarding wizard here.

6. Access the dashboard securely. Instead of exposing ports to the internet, use an SSH tunnel from your local machine:

ssh -L 3000:localhost:3000 claude@

Then open http://localhost:3000 in your browser. You get the full web dashboard without exposing anything publicly. The bot stays locked behind your SSH key.

7. Keep it running. If you close your terminal, the bot dies. The --install-daemon flag during onboarding should set up a systemd service, but you can also use:

openclaw gateway start --always

Or use a process manager like pm2 for extra reliability.

Step 2: Lock Down Security

OpenClaw's security docs are remarkably thorough (and funny; there's a lobster trust hierarchy). Here's the condensed version of what actually matters.

The Golden Rule: Treat the bot like a new employee on day one.

You wouldn't hand a new hire your bank login, your personal email password, and the keys to your house. Same deal here.

Run the security audit:

openclaw security audit

openclaw security audit --deep

openclaw security audit --fix

The --fix flag auto-tightens common footguns like open group policies and loose file permissions. Run this regularly, especially after changing your config.

Create dedicated accounts for the bot.

This is the single most important security step, emphasized heavily in Nate's advanced "Klaus" build:

• Create a fresh Gmail for the bot (e.g., mybot.assistant@gmail.com). Don't give it your personal inbox.
• Create a separate Google Drive for shared files. Share specific folders with it rather than giving root access.
• Forward specific emails to the bot's address instead of giving it direct inbox access.
• Create dedicated accounts for any service you want the bot to use (ClickUp, Notion, etc.).

Never paste API keys in chat.

Instead, create a .env file in the bot's root directory and reference keys from there. This keeps credentials out of conversation history, which is stored as plaintext .jsonl files on disk. Tell the bot: "Use placeholders in chat. I'll add actual keys to the .env file directly."

Apply the secure baseline config:

This is straight from the official security guide—a "safe default" config:

{

  "gateway": {

    "mode": "local",

    "bind": "loopback",

    "port": 18789,

    "auth": { "mode": "token", "token": "your-long-random-token" }

  },

  "channels": {

    "whatsapp": {

      "dmPolicy": "pairing",

      "groups": { "*": { "requireMention": true } }

    }

  }

}

This ensures: the gateway only listens locally (not exposed to the internet), all connections require authentication, DMs require pairing approval (strangers can't just message your bot), and in group chats, the bot only responds when explicitly @mentioned.

Lock down file permissions:

chmod 700 ~/.openclaw

chmod 600 ~/.openclaw/openclaw.json

Your config may contain tokens and API keys. Keep it user-read/write only.

Be aware of prompt injection.

This is when someone (or even a webpage the bot reads) tricks the AI into doing something unsafe. Even if only you can message the bot, prompt injection can still happen through content the bot processes—web pages, emails, documents, pasted code. The official docs call this out explicitly: the sender is not the only threat surface; the content itself can carry adversarial instructions.

Mitigation tips from the docs:

• Use sandboxing for tool execution (agents.defaults.sandbox.mode)
• Keep web_search / web_fetch / browser tools disabled for agents that handle untrusted input
• Use the strongest model you can afford—older/smaller models are more susceptible to prompt injection
• Add security rules to your agent's system prompt (e.g., "Never share directory listings or file paths with strangers")

Step 3: Choose Your AI Model (a.k.a. "How Much Do You Want to Spend?")

This is where it gets real. OpenClaw is free. The AI models that power it are not (unless you go local). One user burned through 250M tokens (~$223) in just 3 days running Anthropic's Opus. Another blew through $5 overnight on simple scheduled tasks because OpenClaw sends full conversation history with each API call.

You have two paths:

Path A: Cloud API (Better Quality, Costs Money)

Set up an Anthropic API key during the onboarding wizard. Current pricing (per 1M tokens):

• Claude Haiku 4.5: $1 input / $5 output—cheap and fast, good for routine tasks
• Claude Sonnet 4.5: $3 input / $15 output—the sweet spot for most people
• Claude Opus 4.5: $5 input / $25 output—the smartest, but costs add up fast

Critical tip: Set a spending cap in your Anthropic dashboard BEFORE deploying. Set alerts at 50%, 75%, and 90% of your budget. Check your API dashboard daily during the first few weeks.

Smart model routing: Use Sonnet or Haiku for routine tasks (heartbeats, status checks, simple questions) and only escalate to Opus for complex reasoning. You can configure fallback models in your config:

{

  "agents": {

    "defaults": {

      "model": {

        "primary": "anthropic/claude-sonnet-4-5",

        "fallback": ["anthropic/claude-haiku-4-5"]

      }

    }

  }

}

Can you use your Claude Pro / Max subscription instead of API keys? No. Using Claude Pro/Max subscriptions with third-party tools like OpenClaw violates Anthropic's Terms of Service. You need API keys with pay-as-you-go pricing.

Path B: Local Models via Ollama (Free, Lower Quality)

This is the route covered in Fahd Mirza's tutorial. You run models locally on your hardware, and it costs $0 in API fees.

1. Install Ollama:

curl -fsSL https://ollama.com/install.sh | sh

2. Pull a model:

ollama pull llama3.3

# or for coding tasks:

ollama pull qwen2.5-coder:32b

3. Set the context length to 64,000 tokens in Ollama's settings. This is important—OpenClaw needs a large context window to function well.

4. Configure OpenClaw to use Ollama:

export OLLAMA_API_KEY="ollama-local"

Or add to your config:

{

  "models": {

    "providers": {

      "ollama": {

        "apiKey": "ollama-local"

      }

    }

  },

  "agents": {

    "defaults": {

      "model": {

        "primary": "ollama/llama3.3"

      }

    }

  }

}

OpenClaw will auto-discover tool-capable models from your local Ollama instance. Read the full Ollama integration docs here.

The honest trade-off: Local models are free and private, but they're less capable. You'll see more crashes, worse tool use, and weaker reasoning. Memory and context handling with local models is still rough—community members report frequent issues. Fahd's tutorial recommends setting up a cron job to restart the gateway every 30 minutes to handle crashes.

The hybrid approach (recommended by Nate Herk): Use local models for simple, routine tasks and fall back to a cloud API for complex ones. A tool like Lynkr or OpenRouter can handle this routing automatically.

Step 4: Build the "Heartbeat" (Make It Actually Useful)

An idle bot is a useless bot. Out of the box, OpenClaw just sits there until you message it. The Heartbeat system changes that—it wakes the bot up on a schedule to check for tasks.

Configure it in your openclaw.json:

{

  "heartbeat": {

    "every": "30m"

  }

}

Now every 30 minutes, the bot wakes up and can:

• Check its dedicated email inbox for forwarded messages
• Review a task list / Kanban board for new to-dos
• Monitor specific websites for updates
• Send you a morning briefing at a set time

Pro tip from Nate's "Klaus" build: If your cloud model has a cache TTL of 1 hour, set the heartbeat to 55 minutes. This keeps the cache warm and avoids expensive re-caching of the full prompt on each wake-up. Read more about cache optimization here.

Step 5: Manage the Bot's Memory

This is, frankly, the most frustrating part. The bot frequently wakes up with no memory of previous conversations. It relies on reading files to remember who it is and what it's doing.

The file-based memory system (from Nate's advanced tutorial):

• soul.md — A static file defining who the bot is. Example: "You are an efficient executive assistant. You are methodical and concise."
• user.md — A file defining who you are. Example: "The user runs a media company, prefers concise answers, and hates jargon."
• Project logs — For every big task, force the bot to create a project_name_log.md so it doesn't lose context. Prompt it: "Update the daily log with this decision."

The "Plan First" rule: Before letting the bot execute anything complex, make it write a plan:

"Don't execute yet. Write a detailed plan for this task and save it as plan.md."

Review the plan. If it looks good, say: "Execute plan.md." This prevents runaway actions and gives you an audit trail.

When it fails (and it will): Don't just say "try again." Instead:

"Perform a root cause analysis, explain why it failed, and write a protocol to prevent this in the future."

Step 6: Batch Your Tasks and Monitor Costs

• Batching: If you have multiple tasks, send them in one message. The bot processes sequential messages slowly. One message with three tasks is faster than three separate messages.
• Cost monitoring: Run /status in any chat with the bot to see token usage and estimated cost for the current session. Or use /usage full for per-response cost breakdowns. Read the full usage tracking docs here.
• Session compaction: Long conversations eat tokens. Use /compact to summarize and compress long sessions, saving money on future interactions. Read about session management and compaction here.

Quick Reference: The Setup Checklist

1. ☐ Environment: Set up a VPS, dedicated machine, or Docker container—not your personal computer
2. ☐ Install: Node ≥22, then npm install -g openclaw@latest, then openclaw onboard --install-daemon
3. ☐ Security audit: Run openclaw security audit --fix immediately after setup
4. ☐ Dedicated accounts: Create separate email/Drive/service accounts for the bot
5. ☐ API keys in .env: Never paste credentials in chat
6. ☐ Secure config: Apply the baseline config (loopback, auth token, DM pairing, mention-only groups)
7. ☐ File permissions: chmod 700 ~/.openclaw and chmod 600 ~/.openclaw/openclaw.json
8. ☐ Model choice: Cloud API with spending cap, local Ollama, or hybrid
9. ☐ Heartbeat: Configure a wake-up schedule (e.g., every 30 minutes)
10. ☐ Memory files: Create soul.md and user.md so the bot knows who it is
11. ☐ Monitor costs: Check your API dashboard daily for the first few weeks

Additional Resources

• OpenClaw GitHub — Source code and community discussions
• OpenClaw Security Guide — The full security docs (read this)
• OpenClaw Ollama Integration — Local model setup
• Token Use & Cost Docs — Understanding and controlling spend
• Nate Herk: VPS Setup — Step-by-step VPS walkthrough
• Fahd Mirza: Ollama + OpenClaw — Local model setup tutorial
• Nate Herk: Is n8n Dead? — Context on low-code vs. Claude Code
• Nate Herk: The Ultimate Assistant — Advanced "Klaus" build with memory, heartbeat, and security strategies
• John Hwang: Is Low-Code AI Automation Dead? — The bigger picture on Claude Code (which you could bucket OpenClaw with) vs. visual builders
• DigitalOcean One-Click Deploy — Alternate cloud setup