OpenClaw is an open-source, local-first Gateway control plane for AI agents. This page covers what it is, how to install it, how ClawHub skills work, and which security controls matter before you trust it with messages, files, and connected accounts.
The ecosystem includes ClawHub (skill registry), plugins, multi-provider model support (OpenAI, Anthropic, OpenRouter, Bedrock, Google, and more), built-in memory with SQLite vector search, and a fast-moving community. If you are comparing agent stacks, also review our AI tools directory, AI risk guide, and beginner AI guide.
Developers, tinkerers, and local-first AI users who want a practical OpenClaw overview before installing or exposing it to real accounts.
Architecture, installation flow, skills, threat model, hardening basics, and the official repos/resources worth bookmarking.
This is an independent OpenClaw guide, not the official docs, focused on setup and security tradeoffs rather than marketing copy.
Reference snapshot of the OpenClaw ecosystem and install requirements as tracked in March 2026.
OpenClaw is a high-privilege agent. If misconfigured, it can expose your files, credentials, and connected accounts.
Do not expose the Gateway port (18789) to the public internet. Use loopback or Tailscale, require auth, and lock down file permissions (~/.openclaw must be private).
Installing third-party skills/plugins is equivalent to running arbitrary code — only install what you have reviewed and trust.
Security contact: security@openclaw.ai · Trust repo: openclaw/trust · CVE-2026-25253 (CVSS 8.8): Control UI token exfiltration — patched in v2026.1.29+
How OpenClaw works under the hood.
The control plane. WebSocket + HTTP on a single port. Handles sessions, routing, integrations, cron/webhooks, and serves the Control UI. Default mode: loopback only.
Web dashboard at http://127.0.0.1:18789. Config editor (form + raw JSON), session viewer, model management. Served by the Gateway.
WhatsApp, Telegram, Slack, Discord, Signal, iMessage, Teams, Google Chat, WebChat + extensions (Matrix, Zalo, BlueBubbles, voice-call). Anti-fragile across devices.
Skills = SKILL.md + files on ClawHub. Plugins = code modules adding commands/tools + Gateway RPC. Registry: clawhub.ai
SQLite with optional sqlite-vec for vector search. Remote embeddings via OpenAI/Gemini/Voyage. Experimental QMD backend (BM25 + vectors + reranking, Markdown as source of truth).
First-class support for OpenAI, Anthropic, OpenRouter, AWS Bedrock, Vercel AI Gateway, Google variants, and multiple Chinese providers. Configurable per-channel.
Representative OpenClaw skills and install commands. Browse more at clawhub.ai.
Generate distinctive, production-grade UI with bold aesthetic choices — zero AI slop.
Craft meaningful, conventional commit messages that tell the story of your changes.
Scan codebases for OWASP vulns, secrets exposure, and dependency risks.
Design RESTful and GraphQL APIs with proper schemas, validation, and docs.
Auto-generate comprehensive test suites — unit, integration, and E2E coverage.
Configure CI/CD workflows, Docker containers, and infrastructure-as-code.
Battle-tested prompt templates for daily Claude Code workflows.
Thorough review focusing on architecture, performance bottlenecks, and security vulnerabilities.
Systematically modernize legacy codebases while preserving functionality.
Creates comprehensive docs from code — READMEs, API docs, inline comments, and ADRs.
Systematic debugging workflow tracing issues from symptoms to root cause.
Install OpenClaw and start using it quickly. Requires Node.js 22+. If you want broader context first, see our AI basics page and AI tools directory.
10 security controls every OpenClaw user should follow.
openclaw doctor routinelyOfficial resources and community links.
OpenClaw is for running a local-first AI agent gateway that can connect models, tools, and chat platforms in one place. Its main appeal is flexibility: users can mix providers, install skills, and keep more control over their environment than in a fully hosted agent product.
Only with care. It is powerful, but it is also high privilege. If you do not understand network exposure, authentication, plugin trust, and file permissions, it is easy to misconfigure. That is why the hardening checklist on this page matters more than the one-line installer.
Start with the official GitHub repo and trust repo, then compare your broader options in our AI tools directory. If you care about risk and governance, continue to our AI dangers page.