Configuring OpenClaw: A Practical Guide to a Self-Hosted AI Assistant
OpenClaw is an open-source, self-hosted personal AI assistant, distributed under the MIT License, that you run on your own devices rather than through a hosted product. Its pitch is straightforward: it "answers you on the channels you already use" — WhatsApp, Telegram, Slack, Discord, Signal, iMessage, and a long list of other messaging platforms — instead of asking you to adopt a new interface for talking to an AI assistant.
OpenClaw itself doesn't include a language model. It provides the agent logic — tool use, context management, multi-step reasoning, message routing across channels — and relies on an external LLM API for the underlying intelligence. That means your choice of provider and model directly determines what the assistant is capable of, how fast it responds, and what it costs to run.
Installation
The standard path is npm:
npm install -g openclaw@latest
openclaw onboard --install-daemon
The second command installs a background service (launchd on macOS, systemd on Linux) so the assistant keeps running continuously rather than only while a terminal session is open. Runtime requirements are Node 24.15+ (recommended), Node 22.22.3+, or Node 25.9+ — check your Node version before installing if you're on an older LTS release.
The Configuration File
OpenClaw's configuration lives at:
~/.openclaw/openclaw.json
The minimal configuration is small — a single field naming the model provider and model ID:
{
agent: {
model: "<provider>/<model-id>",
},
}
OpenClaw supports connecting to many providers and models, including direct API access (OpenAI, Anthropic, Google), aggregation platforms, and local models via Ollama. The project's own guidance is to pick a current flagship model from a provider you already trust and use, rather than defaulting to whatever's cheapest — since OpenClaw supplies the agent scaffolding but not the intelligence, model choice is the single setting with the largest effect on how the assistant actually performs.
Direct Message Security: Pairing vs Open
Because OpenClaw sits on real messaging channels, it has to decide what happens when a message arrives from someone it doesn't already know. Two policies control this:
dmPolicy="pairing"— the default-safe option. An unknown sender receives a pairing code instead of a response, and the assistant does not process their message until you approve it.dmPolicy="open"— anyone can message the assistant, but this requires explicit opt-in: you must add"*"to the channel's allowlist to enable it.
Approving a pairing request is a single command:
openclaw pairing approve <channel> <code>
For a personal assistant connected to channels like WhatsApp or iMessage, leaving dmPolicy on pairing is the sensible default — open mode means anyone who finds your assistant's address can start issuing it instructions.
Sandboxing
For safety when the assistant operates in group chats or shared channels — as opposed to a private, trusted conversation — OpenClaw can run non-primary sessions inside a sandbox:
{
agents: {
defaults: {
sandbox: {
mode: "non-main",
},
},
},
}
Docker is the default sandbox backend, with SSH and OpenShell available as alternatives. The practical effect is that a session running in a group chat — where the assistant is more exposed to prompt injection from other participants, or to requests it shouldn't blindly execute — is isolated from the "main" session's filesystem and state.
Workspace
The assistant's working directory — where it reads and writes files as part of completing tasks — defaults to:
~/.openclaw/workspace
This is configurable via agents.defaults.workspace if you want the assistant operating against a different directory, such as a specific project folder rather than a general-purpose scratch space.
Putting the Pieces Together
A more complete configuration combining the settings above looks like this:
{
agent: {
model: "anthropic/claude-opus-4-8",
},
agents: {
defaults: {
workspace: "~/.openclaw/workspace",
sandbox: {
mode: "non-main",
},
},
},
dmPolicy: "pairing",
}
What to Check Before Going Further
- Model choice. Since OpenClaw supplies the harness and not the intelligence, the model you point it at should be a current, capable model from a provider you trust — not necessarily the cheapest option available.
- DM policy. Confirm
dmPolicymatches how exposed the channel actually is. A WhatsApp number given out to family is a different trust boundary than a Slack bot in a public workspace channel. - Sandbox mode. If the assistant participates in any group or shared channel,
sandbox.mode: "non-main"is worth enabling before opening it up to that channel, not after.
Conclusion
OpenClaw's configuration surface is intentionally small for a basic setup — one field gets a model running — but the settings that matter for running it safely on real messaging channels (pairing vs. open DMs, sandboxing for shared channels) are opt-in, not default-hardened. Treat those as required reading before connecting the assistant to anything beyond a private, trusted channel.



