Claw Documentation

Complete guide to OpenClaw & the Claw management platform

#Overview

Claw is a multi-tenant bot management platform that provisions and manages OpenClaw Docker containers on a remote server. It provides a web dashboard for connecting Telegram bots, spinning up isolated AI assistant instances, configuring LLM providers, managing backups, and monitoring container health.

OpenClaw is an open-source, self-hostable personal AI assistant framework. It runs as a Node.js application providing a gateway service that bridges messaging platforms (Telegram, Discord, WhatsApp, Slack, Signal) with large language models (LLMs). Each OpenClaw instance is an autonomous AI agent with its own workspace, memory, skills, and configuration.

Architecture

Claw Dashboard

Web UI for managing bots, containers, backups, and LLM configuration.

Docker Containers

Each bot gets an isolated OpenClaw container with 2GB RAM, 1 CPU core.

OpenClaw Gateway

The service inside each container bridging messaging channels with LLMs.

TLS Docker API

Secure mutual-TLS communication between Claw and the Docker host.

#Getting Started

Setting up your first AI-powered Telegram bot takes just a few minutes:

Create a Telegram Bot

Open Telegram, find @BotFather, send /newbot, and copy the bot token.

Connect to Claw

Go to Dashboard → Add Bot, paste your token. Claw verifies it with Telegram and stores it encrypted.

Configure LLM

Expand "LLM Configuration" on the bot card. Select a provider (e.g. OpenRouter), choose a model, and paste your API key.

Create Container

Click "Create Claw" to provision an OpenClaw Docker container. The system pulls the image, creates the container, injects your config, and starts the gateway.

Approve Pairing

Send a message to your bot on Telegram. It will show a pairing code. Enter the code in the "Approve Pairing" section on the bot card.

Start Chatting

Your AI assistant is now live! Send messages through Telegram and the bot will respond using the configured LLM.

#OpenClaw Installation

While Claw handles container provisioning automatically, understanding OpenClaw's standalone installation helps with debugging and manual configuration.

Requirements

Node.js 22+ (24 recommended)
512MB RAM minimum (1GB+ recommended)
~200MB disk space
macOS, Linux, or Windows (WSL2 recommended for Windows)

Install via npm

npm install -g openclaw@latest

Verify Installation

openclaw --version

Run Onboarding Wizard

openclaw onboard
# Guides you through:
# - AI model provider selection
# - API key entry
# - Messaging channel setup
# - Configuration review

Start the Gateway

openclaw up          # Start in foreground
openclaw up -d       # Start in background (daemon)
openclaw dashboard   # Open web dashboard

Docker Installation

Claw uses the official Docker image for containerized deployments:

# Pull the official image
docker pull ghcr.io/openclaw/openclaw:latest

# Or build from source
git clone https://github.com/openclaw/openclaw
cd openclaw
docker build -t openclaw:local -f Dockerfile .

Claw Auto-Provisioning

When you click “Create Claw” on the dashboard, the platform automatically pulls the image, creates the container with proper resource limits, injects your config, and starts the gateway. No manual Docker commands needed.

#Claw Platform Features

Multi-Bot Management

Connect and manage multiple Telegram bots from a single dashboard. Each bot gets its own isolated container.

Auto Container Provisioning

One-click creation of OpenClaw Docker containers with 2GB RAM, 1 CPU, 256 PID limit, and auto-restart policy.

LLM Configuration

Choose from 9+ providers (OpenRouter, NVIDIA, OpenAI, Anthropic, Google, Mistral, Groq, DeepSeek, xAI) with live hot-reload to running containers.

Backup & Restore

Auto-backups before destroy/recreate. Manual backups on demand. Auto-restore on new containers. Max 10 backups kept.

Encryption

Bot tokens encrypted with AES-256-GCM before storage. TLS mutual authentication for Docker API.

Console (TUI)

Embedded OpenClaw web console with proxy support. Full terminal-style UI for direct interaction.

Config Editor

Browse and edit OpenClaw configuration files directly from the dashboard.

Admin Panel

User management with approval workflow, admin roles, and activity monitoring.

Analytics

Track message counts, command usage, active users, and daily stats across all bots.

#Container Management

Each bot's OpenClaw instance runs in an isolated Docker container with the following resource limits:

Resource	Limit
Memory (hard)	2 GB
Memory (soft)	1 GB
CPU	1.0 core
Max PIDs	256
Node.js heap	1536 MB (--max-old-space-size)
Restart policy	unless-stopped

Container Lifecycle

Create: Pulls image → Creates container → Starts → Waits for FS → Auto-restores latest backup → Injects LLM config → Reloads secrets

Recreate: Auto-backup → Destroy old → Create new → Auto-restore → Re-inject LLM config

Destroy: Auto-backup → Stop → Force remove → Clear DB fields

Port Allocation

Each container gets two ports: a gateway port (mapped from container port 18789) and a bridge port (gateway + 1). Ports are deterministically derived from the bot ID using an MD5 hash within a configurable range (default: 19000–20000).

#Management Panel

Click the “Manage” button on any running bot card to access 8 advanced management features:

📜LogsGET /api/bots/[id]/logs?tail=N

View real-time container stdout/stderr logs. Supports 50, 100, 200, or 500 line tail. One-click refresh.

🔍DiagnosticsPOST /api/bots/[id]/diagnostics

Checks gateway health (port 18789), memory usage with progress bar (2GB limit), running processes, config file existence, disk usage, and runs `openclaw doctor`.

⬆️VersionGET/POST /api/bots/[id]/version

Compares installed version with the latest on npm registry. One-click upgrade via `npm install -g openclaw@<version>`. Browse and install specific versions.

📡ChannelsGET/PUT /api/bots/[id]/channels

Form-based editor for Telegram, Discord, Slack, WhatsApp, and Signal channel settings. Reads/writes the channels section of openclaw.json.

🔧Env VarsGET/PUT /api/bots/[id]/env

Read/write interface for the .env file inside the container. Add, edit, or remove environment variables. Gateway restarts after save.

🤖AgentsGET /api/bots/[id]/agents

Read-only viewer showing agents, their models, providers, system prompts, tools count, and skills defined in openclaw.json.

🔨Deep RepairPOST /api/bots/[id]/repair

6-step recovery: fix permissions → run doctor --fix → kill orphan processes → clear caches → restart gateway → final health check.

📦Export DataGET /api/bots/[id]/export

Downloads a .tar archive of the entire /home/node/.openclaw/ directory for local backup.

#OpenClaw Configuration

OpenClaw is configured via openclaw.json (JSON5 format) located at ~/.openclaw/openclaw.json inside the container.

Key Configuration Sections

Section	Purpose
gateway	Port, bind mode (local/lan), auth tokens, control UI, reload behavior
models	LLM providers, API keys, default model, fallbacks
agents	Agent definitions, defaults, context pruning, compaction settings
channels	Telegram, Discord, Slack, WhatsApp, Signal configuration
sandbox	Tool execution isolation: off, non-main, all
skills	Skill allowlists and configuration

Example openclaw.json

{
  "gateway": {
    "mode": "local",
    "port": 18789,
    "bind": "lan",
    "auth": { "token": "your-gateway-token" },
    "controlUi": {
      "dangerouslyDisableDeviceAuth": true
    }
  },
  "models": {
    "default": "openrouter/nvidia/llama-3.1-nemotron-70b-instruct:free"
  },
  "channels": {
    "telegram": {
      "enabled": true,
      "dmPolicy": "pairing"
    }
  }
}

CLI Config Commands

openclaw config get gateway.port
openclaw config set gateway.bind lan
openclaw config set models.default "openrouter/nvidia/llama-3.1-nemotron-70b-instruct:free"
openclaw doctor --fix          # Validate and fix config

#Workspace Files

OpenClaw agents are defined by Markdown files in the workspace directory (~/.openclaw/workspace/). These files form the agent's “brain.”

SOUL.md

Personality, values, tone, and behavioral boundaries. The agent's "character sheet" — injected first into every session.

AGENTS.md

Operating manual: procedural rules, workflow steps, session behavior, memory rules, and security boundaries.

USER.md

Static context about the human user: name, timezone, preferences, expertise level, communication style.

MEMORY.md

Persistent long-term memory. Grows as the agent operates. Stores patterns, preferences, and important facts across sessions.

IDENTITY.md

Public-facing display: agent name, emoji, role label, avatar. Used for identification and message signing.

TOOLS.md

Documents available tools, usage notes, external service configs. Does not grant/revoke permissions.

HEARTBEAT.md

Scheduled recurring tasks (like cron). Polling tasks, monitoring, reports, health checks.

BOOTSTRAP.md

First-run setup script. Guides user through initial identity creation. Run once then deleted.

memory/YYYY-MM-DD.md

Daily append-only memory logs. MEMORY.md is for long-term; daily logs for working notes.

Token Budget

Each workspace file has a 20,000 character hard cap. Total across all bootstrap files is ~150,000 characters. Keep files focused to avoid truncation.

#Skills & Tools

OpenClaw differentiates between tools (what the agent can do) and skills (how the agent combines tools for specific tasks).

Core Tools

Tool	Purpose
read / write / edit	File system access — read, create, modify files
exec	Run shell commands with configurable timeout
web_search	Keyword web search
web_fetch	Read web page content (URL to text)
browser	Chrome automation — click, type, screenshots
apply_patch	Apply diff patches to files

Skill Examples

Web Search (Brave, Tavily)

Google Workspace (gog)

Calendar (CalDAV)

Browser Automation

File Management

Cron Backup

Academic Research

Obsidian Integration

PDF Processing

Proactive Monitoring

Apple Reminders

Nextcloud

Installing Skills

# Via ClawHub CLI
clawhub install <skill-slug>
clawhub update --all

# Manual: place skill folder in
$HOME/.openclaw/skills/      # Shared across agents
<workspace>/skills/          # Per-agent (highest precedence)

#Slash Commands

Slash commands provide direct control over the agent during a conversation. Send them as standalone messages or embed some inline.

Command	Description
/status	Show current session info, model, token usage, cost metrics
/model <name>	View or switch AI model (supports aliases, numbered picker)
/model list	Show available models with interactive picker
/new [model]	Clear context, start fresh session (optionally with different model)
/reset	Clear context and start a new session
/compact [instructions]	Summarize/compress conversation context to save tokens
/help	Show available commands
/think high\|low	Control extended thinking mode
/verbose on\|off	Toggle detailed output
/fast	Switch to fastest available model

#Messaging Channels

OpenClaw supports multiple messaging platforms. Configure them in the channels section of openclaw.json or via the Channels tab in the management panel.

Telegram (Primary)

The primary channel for Claw. Token is provided via @BotFather. Key settings include:

Setting	Options
dmPolicy	pairing (default), allowlist, open, disabled
allowFrom	Array of Telegram user IDs: ["tg:123456789"]
groupPolicy	allowlist (default), open, disabled
groups.*	requireMention: true (respond only when @mentioned)
streaming	off, partial (recommended), block, progress
historyLimit	Number of past messages to retain (e.g., 50)

Other Channels

Discord

Supported

Fields: Bot Token

Slack

Supported

Fields: Bot Token, App Token

Supported

Fields: Phone Number ID, Access Token, Verify Token

Signal

Supported

Fields: Account

#Agents

OpenClaw supports multiple agents, each with its own workspace, model, and routing rules.

Agent CLI Commands

openclaw agents list              # List all agents
openclaw agents list --bindings   # Show routing rules
openclaw agents add work --workspace $HOME/.openclaw/workspace-work
openclaw agents bind --agent work --bind telegram
openclaw agents unbind --agent work --bind telegram
openclaw agents delete old-agent --force
openclaw agents set-identity --agent main --name "MyBot" --emoji "🤖"

Default Agent

Every OpenClaw instance has a main agent that cannot be deleted. Additional agents can be added for different tasks or personas, each with independent model settings and channel bindings.

#Security

Claw Platform Security

Token Encryption: Bot tokens are encrypted with AES-256-GCM using PBKDF2-derived keys before storage
TLS Docker API: Mutual TLS with CA, client cert, and client key for Docker API communication
Session Auth: NextAuth.js with JWT sessions, CSRF protection, and secure cookies
Admin Approval: New user accounts require admin approval before full access
API Key Masking: LLM API keys are masked in API responses (first 6 + last 4 chars only)

OpenClaw Security

Gateway Token: 256-bit random token for authenticating to the OpenClaw control UI
DM Policy: Use pairing or allowlist to restrict who can message the bot
Group Policy: Use requireMention: true to prevent the bot from responding to all messages
Sandbox: Tool execution can be isolated in Docker sub-containers
Security Audit: Run openclaw security audit --fix to check for vulnerabilities

Never share these

Never share your bot token, LLM API keys, or gateway tokens publicly. If compromised, revoke immediately via @BotFather (Telegram) or your LLM provider dashboard.

#Troubleshooting

Common Issues

Container stuck in "Creating" state

The Docker image may be pulling (can take several minutes on first run). Check the server logs. If stuck, click "Recreate" to start fresh.

Bot not responding on Telegram

Ensure the container is running (green status). Check if pairing was approved. Verify the LLM API key is valid. Check logs for errors.

Gateway unreachable (TUI shows error)

The gateway takes ~35 seconds to fully start. Wait and refresh. If still down, run Doctor from the management panel.

LLM responses failing

Check your API key is valid and has credits. Verify the model name is correct. Check the Env Vars tab for proper TELEGRAM_BOT_TOKEN.

Container using too much memory

Check the Diagnostics tab. Memory is limited to 2GB. If consistently near limit, consider the Deep Repair option to clear caches.

Backup/restore failed

Backup size limit is 50MB. If data dir is too large, use Export Data for a local download instead.

Diagnostic Commands

openclaw doctor                    # Quick health check
openclaw doctor --fix              # Validate schema + auto-fix
openclaw doctor --deep --yes       # Full diagnosis + fixes
openclaw status --all --deep       # Full system status
openclaw logs --follow             # Tail gateway logs
openclaw channels status --probe   # Check channel health
openclaw security audit --fix      # Security audit

#Use Cases

🤖 Personal AI Assistant

Chat with your AI on Telegram. Ask questions, get summaries, schedule reminders, and manage tasks — all from your phone.

💼 Business Automation

Automate customer support, handle FAQs, route inquiries, and process common requests through your bot.

📝 Knowledge Management

Connect to Obsidian, Nextcloud, or Google Drive. Let the AI organize notes, create summaries, and find information.

🔍 Research Agent

Use web search and browser skills for automated research. Monitor topics, compile reports, and track changes.

📊 Data Processing

Process files, analyze data, generate reports. The agent can read PDFs, CSVs, and produce formatted outputs.

🏠 Home Automation

Use heartbeat tasks to monitor systems, check disk space, verify SSL certificates, and send alerts.

👥 Multi-Agent Workflows

Run multiple agents — one for work, one for personal, one for creative tasks — each with their own personality and tools.

📅 Scheduling & Reminders

Integrate with calendars (CalDAV, Google). Set reminders, manage events, and get daily briefings.