Problem: You Want AI That Actually Does Things
You have an Anthropic API key and want Claude to manage your emails, schedule tasks, and browse the web—but you're stuck typing in a chat interface instead of having a 24/7 assistant.
You'll learn:
- How to install and configure OpenClaw with Claude Opus 4.5
- Connect it to WhatsApp, Telegram, or Discord for mobile access
- Set up production-grade security and cost controls
- Deploy on a server for always-on operation
Time: 15 min | Level: Intermediate
Why This Matters
OpenClaw transforms Claude from a chatbot into an autonomous agent with persistent memory, file access, and the ability to run commands on your behalf. Unlike hosted solutions, it runs on your hardware with your API keys—you control the data, the costs, and the capabilities.
What makes OpenClaw different:
- Persistent memory across conversations (remembers context for weeks)
- Real system access to read/write files and execute shell commands
- Multi-platform messaging through channels you already use
- Self-improving via skills it can write for itself
Common use cases:
- Developers running coding agents while sleeping
- Managing calendars and emails from WhatsApp
- Automating DevOps workflows with cron jobs
- Building meal plans in Notion with weather integration
Prerequisites
Before starting, ensure you have:
# Check Node version (need 22+)
node --version
# Should show v22.x.x or higher
Required:
- Node.js 22 or newer
- Anthropic API key from console.anthropic.com
- macOS, Linux, or Windows with WSL2
Optional:
- Dedicated phone number for WhatsApp integration
- Server or VPS for 24/7 operation (DigitalOcean, Fly.io)
Solution
Step 1: Install OpenClaw
macOS/Linux:
curl -fsSL https://openclaw.ai/install.sh | bash
Windows (PowerShell):
iwr -useb https://openclaw.ai/install.ps1 | iex
Verify installation:
openclaw --version
# Should show: openclaw/2026.2.2 or newer
Expected: Installation completes in 30-60 seconds with no errors.
If it fails:
- "command not found": Add
~/.openclaw/binto your PATH - "Node version too old": Install Node 22+ via nvm
Step 2: Run the Onboarding Wizard
openclaw onboard --install-daemon
What this does: Interactive setup that configures your gateway, AI model, and first messaging channel.
Key prompts and recommended answers:
- Select AI provider: Choose
Anthropic - Authentication method: Select
API Key(paste your key from console.anthropic.com) - Primary model: Enter
anthropic/claude-opus-4-5 - Workspace location: Accept default (
~/.openclaw/workspace) - Install as service: Choose
Yes(keeps it running after reboot)
// Your config will be saved to ~/.openclaw/openclaw.json
{
"agents": {
"defaults": {
"model": {
"primary": "anthropic/claude-opus-4-5"
}
}
},
"env": {
"ANTHROPIC_API_KEY": "sk-ant-api03-..."
}
}
Why Opus over Sonnet:
- Opus excels at complex reasoning and agentic workflows
- Better prompt injection resistance (critical for autonomous agents)
- Superior long-context handling (100K+ token conversations)
Cost consideration: Start with Opus for setup. Switch to Sonnet for routine tasks later via /model sonnet in chat.
Step 3: Connect a Messaging Channel
Option A: Telegram (Easiest)
- Create a bot via BotFather:
Open Telegram → Search @BotFather
/newbot
Name: MyClawBot
Username: myclaw_bot
- Copy the token:
Token: 7123456789:AAHdqTcvCH1vGWJxfSeofSAs0K5PALDsaw
- Add to OpenClaw:
openclaw channels add telegram
# Paste token when prompted
Test: Send /start to your bot in Telegram. You should receive a pairing code.
Option B: WhatsApp (Most Popular)
openclaw channels add whatsapp
What happens:
- QR code appears in Terminal
- Open WhatsApp → Settings → Linked Devices → Link a Device
- Scan the QR code
Important: Use a dedicated phone number, not your personal one. VoIP numbers (like Twilio) may be blocked by WhatsApp.
Credentials stored in: ~/.openclaw/credentials/whatsapp/
Option C: Discord
Create Discord bot:
- Go to discord.com/developers/applications
- New Application → Bot → Copy Token
- OAuth2 → URL Generator → bot + Send Messages
Add to OpenClaw:
openclaw channels add discord
# Paste token and invite URL when prompted
Step 4: Start the Gateway
If installed as service (recommended):
openclaw gateway status
# Should show: running
Manual start (for debugging):
openclaw gateway --port 18789 --verbose
Access the Control UI:
openclaw dashboard
# Opens http://127.0.0.1:18789/
You should see: Web interface with chat, config, and active sessions.
Step 5: Configure Security and Cost Controls
Set up pairing protection (DM safety):
# Edit config
openclaw config set channels.telegram.dm.policy pairing
What this does: Unknown contacts receive a pairing code. Approve with:
openclaw pairing approve telegram 4820
Add daily token limits (prevent billing surprises):
// Edit ~/.openclaw/openclaw.json
{
"agents": {
"defaults": {
"model": {
"primary": "anthropic/claude-opus-4-5",
"maxTokensPerDay": 500000 // ~$15/day at Opus pricing
}
}
}
}
Enable prompt defense:
{
"security": {
"promptDefense": true,
"egressControl": {
"enabled": true,
"allowedDomains": [
"api.anthropic.com",
"api.github.com"
]
}
}
}
Why this matters: OpenClaw processes untrusted input from messaging apps. Prompt injection attacks could expose your data or run malicious commands.
Restart gateway:
openclaw gateway restart
Step 6: First Conversation
Send to your bot (Telegram/WhatsApp/Discord):
Hello! Summarize the last 3 files I modified.
Expected response (after ~10 seconds):
I found 3 recently modified files:
1. config.json (2 hours ago) - Gateway configuration
2. test.py (yesterday) - Python test script
3. README.md (3 days ago) - Project documentation
Would you like details on any of these?
What just happened:
- Message sent via Telegram/WhatsApp/Discord
- OpenClaw routed it to Claude Opus 4.5 via Anthropic API
- Claude used
readtool to scan your workspace - Response delivered back to your messaging app
Advanced Configuration
Multi-Model Routing (Reduce Costs)
Problem: Running Opus for everything costs $30/million tokens. Heartbeats and simple queries don't need this power.
Solution: Use cheap models for background tasks, Opus for complex work.
// ~/.openclaw/openclaw.json
{
"agents": {
"defaults": {
"model": {
"primary": "anthropic/claude-opus-4-5",
"fallbacks": [
"openai/gpt-5.2", // Different provider if Anthropic rate-limited
"anthropic/claude-sonnet-4-5"
]
},
"heartbeat": {
"model": "google/gemini-2-5-flash-lite" // 50¢/million vs $30
},
"subAgent": {
"model": "deepseek/deepseek-v3-2" // 53¢/million for parallel tasks
}
},
"models": {
"anthropic/claude-opus-4-5": { "alias": "opus" },
"anthropic/claude-sonnet-4-5": { "alias": "sonnet" },
"google/gemini-2-5-flash-lite": { "alias": "flash" }
}
}
}
Switch models on-the-fly:
/model sonnet
What's on my calendar today?
/model opus
Refactor this codebase to use dependency injection.
Cost savings: 60x cheaper for heartbeats, 2x cheaper for routine tasks.
Enable Sandbox Mode (For Groups/Channels)
Problem: Giving full system access to group chats is dangerous.
Solution: Run non-main sessions in Docker containers.
{
"agents": {
"defaults": {
"sandbox": {
"mode": "non-main", // Only main session has full access
"allowlist": [
"bash", "read", "write", "process"
],
"denylist": [
"browser", "cron", "gateway"
]
}
}
}
}
What this does:
- 1:1 DMs run with full access
- Group/channel messages run in isolated Docker containers
- Limits blast radius if prompt injection succeeds
Requires: Docker installed (docker --version)
Deploy to Production Server
For 24/7 operation, deploy to a VPS:
DigitalOcean (recommended):
# On your server
curl -fsSL https://openclaw.ai/install.sh | bash
openclaw onboard --install-daemon
# Configure firewall
ufw allow 18789/tcp # Only if exposing Control UI
Fly.io:
fly apps create my-openclaw
fly secrets set ANTHROPIC_API_KEY=sk-ant-...
fly deploy
Resource requirements:
- Minimum: 1 vCPU, 1GB RAM, 500MB disk
- Recommended: 2 vCPU, 2GB RAM (handles browser tools)
Monitor costs:
# Check Anthropic dashboard for token usage
# Set up alerts at console.anthropic.com
Verification
Test Core Functionality
1. File operations:
Create a file called test.txt with "Hello OpenClaw"
Expected: Confirmation + file appears in workspace.
2. Web browsing:
Visit github.com/openclaw/openclaw and tell me the star count
Expected: Response with current GitHub stars (145K+).
3. Scheduled tasks:
Remind me to check emails every day at 9am
Expected: Cron job created, visible via:
openclaw cron list
4. Persistent memory:
My favorite programming language is Rust.
Wait 5 minutes, then:
What's my favorite programming language?
Expected: Remembers "Rust" (stored in session history).
Health Check Commands
# Verify gateway is running
openclaw gateway status
# Check configured models
openclaw models list
# View active sessions
openclaw sessions list
# Check for security issues
openclaw doctor
If openclaw doctor shows warnings: Follow remediation steps in output.
What You Learned
Key takeaways:
- OpenClaw bridges Claude with messaging apps for mobile access
- Opus 4.5 provides best agentic capabilities vs Sonnet's speed
- Multi-model routing cuts costs by 60x for routine tasks
- Sandbox mode isolates risky operations
- Production deployment requires firewall + token limits
Limitations to know:
- Requires Node 22+ (no older versions supported)
- WhatsApp QR pairing expires if server restarts frequently
- Prompt injection is still a risk—never expose to untrusted users
- Free tier LLMs have aggressive rate limits (unreliable)
When NOT to use this:
- You need a hosted solution (try Claude.ai with API instead)
- Legal/compliance requires zero data processing on your hardware
- Team size >10 (consider enterprise agent platforms)
Next Steps
Expand capabilities:
- Add Gmail integration for email management
- Set up GitHub webhook for PR summaries
- Install community skills from registry
Security hardening:
Cost optimization:
- Enable prompt caching (extended cache TTL)
- Use OpenRouter auto-routing
- Monitor usage dashboard
Community:
- OpenClaw GitHub (145K+ stars)
- Discord server for troubleshooting
- Showcase examples from real users
Troubleshooting
Common Issues
"Cannot find module" errors:
# Reinstall dependencies
cd ~/.openclaw
npm install
WhatsApp QR won't scan:
- Use dedicated number, not personal
- Disable VPN/proxy during pairing
- Try from phone's native camera app first
Gateway won't start:
# Check for port conflicts
lsof -i :18789
# Kill existing process
killall node
openclaw gateway restart
High API costs:
# Check which model is actually running
openclaw models status
# Verify heartbeat uses cheap model
grep heartbeat ~/.openclaw/openclaw.json
Messages not delivering:
# Check channel status
openclaw channels status
# Re-authenticate
openclaw channels login whatsapp
Security Considerations
Critical warnings:
- Never commit API keys to git - use environment variables
- Don't expose Control UI publicly - firewall port 18789
- Review skills before installing - arbitrary code execution risk
- Use sandbox mode for groups - full access only for trusted 1:1 DMs
- Rotate credentials regularly - especially for production deployments
Production checklist:
- Prompt defense enabled
- Egress control configured
- DM pairing required
- Token limits set
- Audit logging active
- Firewall rules configured
- Secrets in environment variables
- Regular updates scheduled
Tested on OpenClaw 2026.2.2, Claude Opus 4.5, Node.js 22.x, macOS Sequoia & Ubuntu 24.04
Model note: While Sonnet 4.5 is faster and cheaper ($3/million tokens vs $30), Opus 4.5 is strongly recommended for OpenClaw due to superior long-context handling and prompt injection resistance. See Anthropic's model comparison for details.