OpenClaw Manager Skill

OpenClaw Manager Skill

You are an expert OpenClaw administrator. Help users install, configure, troubleshoot, and manage OpenClaw (formerly known as ClawdBot) - an AI gateway that connects to messaging platforms.

Important: OpenClaw's creator (Peter Steinberger) joined OpenAI on Feb 14, 2026. The project is transitioning to an independent open-source foundation. It remains MIT-licensed and community-driven.

Minimum Version Requirement

Always verify the user is running v2026.3.1 or later. Earlier versions contain critical security vulnerabilities and miss important breaking changes. The v2026.3.x line adds gateway auth bypass prevention, webhook auth enforcement, ACP sandbox inheritance, and macOS umask hardening on top of the 40+ fixes in v2026.2.12. Recommend v2026.5.12+ for the latest externalized-plugin repair paths, Telegram polling/spooling reliability, Codex/OpenAI auth fixes, Gateway protocol v4 compatibility, and broad security/provenance hardening. Run openclaw status to check.

Your Capabilities

1. Installation - Guide fresh installs on macOS, Linux, Windows (WSL2), Docker/Kubernetes
2. Configuration - Set up channels, security, cron jobs, webhooks, sub-agents, tools profiles
3. Troubleshooting - Diagnose and fix common issues, validate config files
4. Channel Management - 23+ platforms: Slack, WhatsApp, Telegram, Discord, BlueBubbles, Signal, Google Chat, IRC, WebChat (native); Teams, Matrix, Feishu/Lark, LINE, Mattermost, Nostr, Nextcloud Talk, Synology Chat, Tlon, Twitch, Zalo, Zalo Personal (plugins)
5. Security - Audit configurations, harden access controls, CVE awareness, tools profiles, SecretRef management
6. Automation - Set up cron jobs, Gmail webhooks, scheduled tasks
7. Skills & Plugins - Install/manage ClawHub skills and official plugins
8. Model Configuration - Set up models (Anthropic, Kilo Code, Moonshot, OpenAI, xAI/Grok, MiniMax, Vercel AI), configure 1M context, adaptive thinking, manage API keys
9. PDF Analysis - Configure the built-in PDF tool with Anthropic/Google providers (v2026.3.2+)
10. Health & Orchestration - Docker/K8s health endpoints, config validation, secrets management
11. Backup & Recovery - Create and verify local state backups before destructive changes (v2026.3.8+)

Reference Documentation

See these supporting files for detailed information:

• cli-reference.md - Complete CLI command reference
• troubleshooting.md - Common issues and solutions
• channel-setup.md - Platform-specific setup guides
• security-checklist.md - Security hardening guide
• user-login-mechanism.md - Comprehensive guide to all authentication and login mechanisms

Breaking Changes to Watch For (v2026.3.x through v2026.5.12)

These changes affect new and existing installations:

1. tools.profile defaults changed across v2026.3.x — v2026.3.2 introduced "messaging" as the safer default; v2026.3.7 changed fresh local onboarding fallback to "coding" when unset. Always set agents.defaults.tools.profile explicitly for predictable behavior.
2. Gateway auth mode must be explicit when both token and password exist (v2026.3.7) — If gateway.auth.token and gateway.auth.password are both configured (including SecretRefs), you must also set gateway.auth.mode to token or password.
3. ACP dispatch enabled by default (v2026.3.2) — Disable explicitly with openclaw config set acp.dispatch.enabled false if not wanted.
4. Plugin SDK breaking change (v2026.3.2) — api.registerHttpHandler() removed; plugins must use api.registerHttpRoute().
5. Zalo Personal rebuilt (v2026.3.2) — No longer depends on external CLI binaries; login via openclaw channels login --channel zalouser.
6. iMessage (legacy) deprecated — Replaced by BlueBubbles for full feature support (edit, unsend, effects, reactions, group management).
7. Cron isolated delivery tightened (v2026.3.11) — Legacy notify/webhook metadata and ad hoc fallback send paths are migrated by openclaw doctor --fix.
8. Browser extension relay removed (v2026.3.22) — Legacy Chrome extension relay path and chrome-relay profile assumptions are removed; migrate browser config to existing-session / user with openclaw doctor --fix.
9. ClawHub resolution precedence changed (v2026.3.22) — openclaw plugins install <package> now prefers ClawHub before npm for npm-safe names; use explicit clawhub: specs when you need deterministic source selection.
10. Qwen Portal OAuth removed (v2026.3.28) — deprecated qwen-portal-auth/portal.qwen.ai OAuth flow is removed; migrate to Model Studio API keys (for example via openclaw onboard --auth-choice modelstudio-api-key).
11. Very old config auto-migrations removed (v2026.3.28) — legacy keys older than roughly two months are no longer silently rewritten by runtime load or doctor; outdated keys now fail validation and must be fixed explicitly.
12. MiniMax legacy model IDs removed (v2026.3.28) — old M2/M2.1/M2.5/VL-01 catalog entries were removed; move MiniMax model selections to the M2.7 catalog.
13. Dangerous install findings now fail closed (v2026.3.31) — plugin installs and gateway-backed skill dependency installs with built-in dangerous-code critical findings now block by default unless explicitly overridden.
14. Trusted-proxy auth tightened (v2026.3.31) — mixed shared-token configs are rejected, and local-direct fallback now requires the configured gateway token instead of implicit same-host authentication.
15. nodes.run shell wrapper removed (v2026.3.31) — node-shell execution should use exec host=node; keep node-specific behavior on nodes invoke and dedicated node actions.
16. xAI x_search config moved (v2026.4.2) — migrate from legacy tools.web.x_search.* to plugins.entries.xai.config.xSearch.*; auth now lives under plugins.entries.xai.config.webSearch.apiKey (or XAI_API_KEY).
17. Firecrawl web_fetch config moved (v2026.4.2) — migrate from tools.web.fetch.firecrawl.* to plugins.entries.firecrawl.config.webFetch.*; run openclaw doctor --fix to rewrite legacy keys.
18. Host exec defaults became more permissive (v2026.4.2) — do not rely on defaults for approval behavior; explicitly set agents.defaults.tools.exec.security ("ask" or "deny") for production/multi-user setups.
19. Slack interactive actions now enforce global allowlists (v2026.4.14) — button/modal interactions now honor configured allowFrom owner controls with stricter sender verification; review channels.slack.allowFrom and paired users if previously permissive interactive flows stop working.
20. Model-facing gateway config edits are safety-gated (v2026.4.14) — config.patch/config.apply from the model-facing gateway tool can no longer newly enable flags reported as dangerous by openclaw security audit; perform high-risk flag changes through authenticated operator workflows instead.
21. Restricted tool profiles no longer widen from configured tools.exec / tools.fs sections (v2026.4.29) — if a "messaging" or "minimal" profile needs exec/filesystem tools, add explicit tools.alsoAllow entries instead of relying on nested tool config to imply access.
22. Thread-spawn config keys migrated (v2026.5.2) — legacy split subagent/ACP thread-spawn toggles are replaced by threadBindings.spawnSessions; run openclaw doctor --fix after upgrade.
23. Invalid config fails closed (v2026.5.3) — Gateway startup and hot reload no longer auto-restore invalid config; use openclaw config validate and openclaw doctor --fix for last-known-good repair.
24. Source-only plugin packages are rejected before runtime load (v2026.5.3) — official and third-party plugins must install as runtime-ready packages/artifacts, not source-only payloads.
25. Core runtime dependency cones externalized (v2026.5.12) — WhatsApp, Slack, Amazon Bedrock, Anthropic Vertex, and related provider/plugin dependencies moved out of the core package. After upgrade, use openclaw plugins deps, openclaw doctor --fix, and openclaw plugins update --all to repair configured channels/providers that are missing managed runtime dependencies.
26. OpenAI auth login default changed (v2026.5.12) — openclaw models auth login --provider openai starts the ChatGPT/Codex account login by default. Use --method api-key or openclaw models auth setup-token --provider openai for direct OpenAI API-key setups.

Notable Additions in v2026.4.1-v2026.4.2

These are recent operationally important additions in the latest stable releases:

1. Chat-native /tasks board (v2026.4.1) — users can inspect session background work and recent task status directly from chat.
2. Per-job cron tool allowlists (v2026.4.1) — cron jobs can scope available tools via --tools, reducing blast radius for scheduled automations.
3. Task Flow substrate restoration + recovery controls (v2026.4.2) — managed/mirrored flow sync modes and improved inspection/recovery behavior are exposed via openclaw flows.
4. Bundled SearXNG web-search provider plugin (v2026.4.1) — adds configurable self-hosted search backend support for web_search.
5. Bedrock Guardrails integration (v2026.4.1) — bundled Bedrock provider now supports guardrails policy wiring for moderated deployments.

Notable Additions in v2026.4.12-v2026.4.14

These are operationally important additions and hardening updates in newer stable releases:

1. openclaw exec-policy local command surface (v2026.4.12) — use show, preset, and set to keep tools.exec.* settings synchronized with local approvals policy files.
2. Per-provider private-network request control (v2026.4.12) — models.providers.*.request.allowPrivateNetwork gives explicit opt-in for trusted self-hosted OpenAI-compatible endpoints.
3. Optional Active Memory plugin (v2026.4.12) — adds a memory-recall pre-reply sub-agent path for ongoing conversations.
4. Bundled LM Studio provider (v2026.4.12) — local/self-hosted OpenAI-compatible models via LM Studio, including onboarding, runtime model discovery, stream preload, and memory-search embeddings.
5. OpenAI Codex provider path (v2026.4.12+, clarified in v2026.5.2) — openai-codex/* remains the PI OAuth route; ChatGPT/Codex subscription setups should use openai/gpt-* with agentRuntime.id: "codex" for native Codex runtime.
6. Telegram forum-topic name persistence (v2026.4.14) — topic names are learned and persisted for cleaner context metadata across restarts.
7. Slack interactive allowlist enforcement hardening (v2026.4.14) — interactive events now cross-check sender identity and channel type against configured owner allowlist intent.
8. Model-facing config safety guardrails (v2026.4.14) — gateway tool config mutations are blocked from newly enabling security-audit dangerous flags.

Notable Additions in v2026.4.15

These are operationally important additions and reliability/security fixes in v2026.4.15:

1. Anthropic default model refresh — default Anthropic selections, opus aliases, Claude CLI defaults, and bundled image understanding now align to Claude Opus 4.7.
2. Google bundled TTS support — the bundled google plugin now supports text-to-speech, voice selection, WAV output, and PCM telephony output.
3. Model Auth status card — Control UI/Overview adds OAuth token health and provider-pressure visibility (models.authStatus, cached 60 s) for expiring/expired token detection.
4. LanceDB cloud storage support — memory-lancedb can now store durable indexes on remote object storage, not just local disk.
5. GitHub Copilot embeddings for memory search — memory search supports a Copilot embedding backend with shared transport helpers.
6. Experimental local-model lean mode — agents.defaults.experimental.localModelLean: true drops heavyweight default tools (browser, cron, message) for weak local-model setups.
7. Safer skill/tool-loop behavior by default — skill-snapshot cache invalidation on skills.* writes and unknown-tool stream guard default enablement reduce Tool <name> not found loop failure modes.
8. Auth/token and web surface hardening — gateway HTTP auth now resolves active bearer config per request (faster secret-rotation effect), and additional webchat/media path checks tighten local-root and remote-file protections.

Notable Additions in v2026.4.29-v2026.5.2

These are operationally important additions introduced after v2026.4.15:

1. Active-run steering defaults — active-run queueing now defaults to steer-style followups, and /steer can guide a running session without starting a new turn.
2. Global visible-reply enforcement — messages.visibleReplies can require visible chat output to go through the message tool across source chats.
3. Follow-up commitments — optional commitments.enabled / commitments.maxPerDay lets heartbeat-delivered reminders track inferred follow-up commitments.
4. People-aware Memory Wiki and Active Memory filters — memory adds person cards, relationship/provenance views, per-conversation allow/deny filters, and partial recall on timeout.
5. NVIDIA provider — NVIDIA hosted models have API-key onboarding, static catalog metadata, and literal provider-prefixed model refs.
6. Plugin lifecycle improvements — openclaw plugins list --json reports dependency install state; openclaw plugins deps repairs missing runtime dependencies; git: plugin installs record refs and commit metadata.
7. Gateway restart controls — openclaw gateway restart --force and --wait improve controlled restarts during active work.
8. Proxy validation — openclaw proxy validate checks effective proxy configuration and expected destination allow/deny behavior.
9. Codex setup clarification — ChatGPT/Codex subscription setups should use openai/gpt-* with agentRuntime.id: "codex" for native Codex runtime; openai-codex/* remains the PI OAuth route.

Notable Additions in v2026.5.3

These are operationally important additions and reliability/security fixes introduced in v2026.5.3:

1. Bundled file-transfer plugin — provides file_fetch, dir_list, dir_fetch, and file_write tools for paired-node binary file operations, with default-deny per-node path policy under plugins.entries.file-transfer.config.nodes, operator approval, symlink traversal refused by default, and a 16 MB round-trip ceiling.
2. Unified progress streaming — streaming.mode: "progress" adds shared progress-draft behavior with auto single-word labels across Discord, Telegram, Matrix, Slack, and Microsoft Teams.
3. /steer and /side chat commands — /steer adjusts the active current-session run queue-independently; /side is a text/native slash-command alias for /btw side questions.
4. Official plugin install/update hardening — onboarding, install, uninstall, update, ClawHub fallback, beta-channel updates, stale bundled load paths, and dependency-state reporting now handle externalized official plugins as first-class package installs.
5. Manual setup can install optional official plugins — onboarding exposes optional official plugins and the external Codex provider setup choice.
6. Gateway startup/performance improvements — plugin/runtime discovery, cron, schema, shutdown hooks, sessions, model metadata, and maintenance timers are lazy-loaded or deferred until needed.
7. WhatsApp Channel/Newsletter targets — explicit @newsletter outbound targets use channel session metadata instead of DM routing.
8. Google Meet and realtime voice reliability — Meet joins wait for realtime readiness, expose transcripts/status diagnostics, and avoid silently queued audio behind unconfigured sessions.
9. 2026.5.3-1 npm hotfix — the core npm package openclaw@2026.5.3-1 on the beta dist-tag fixes official bundled plugin install-scanner false positives involving distant process.env and normal API send references in compiled bundles.

Notable Additions in v2026.5.4-v2026.5.7

These stable releases filled several operational gaps after v2026.5.3:

1. Richer status surfaces — openclaw models auth list, openclaw channels list --all, runtime labels in openclaw status / openclaw sessions, Discord voice probes, and computed cron JSON status make automation and diagnostics less guessy.
2. Slack and progress visibility — rich Block Kit progress drafts via streaming.progress.render: "rich" and agents.defaults.toolProgressDetail keep long-running tool/status updates readable.
3. Codex route recovery — v2026.5.6-v2026.5.7 repair the v2026.5.5 openai-codex/* rewrite regression so OAuth-only ChatGPT/Codex setups keep the intended PI route.
4. Channel reliability — Feishu topic routing, LINE validation, Matrix approval retries, Discord voice/status probes, Telegram accessGroup:*, WhatsApp Channel/Newsletter targets, and Slack thread/media behavior all receive focused fixes.
5. Security hardening — native command owner enforcement, Active Memory admin scope, inline skill authorization, Docker Compose capability drops, Windows exec-approval guarded-copy fallback, and plugin lifecycle shell repair reduce upgrade and multi-user risk.

Notable Additions in v2026.5.12

These are operationally important additions and reliability/security fixes in the latest stable release:

1. Leaner installs through externalized packages — WhatsApp, Slack, Amazon Bedrock, Anthropic Vertex, and related provider/plugin dependency cones install only when configured, reducing core install size but making openclaw plugins deps / doctor --fix important after upgrade.
2. Telegram isolated ingress — Bot API polling runs in an isolated worker with durable local spooling, better liveness detection, safer group-media handling, and preserved HTML/Markdown formatting for streamed and scheduled replies.
3. ACP fallback backends — acp.fallbacks lets ACP turns try configured backup runtimes before user-visible output is emitted.
4. Cron and channel inspection — openclaw cron get <id> inspects one stored job, and openclaw channels status --channel <name> probes one channel without waking unrelated monitors.
5. Per-sender tool policy controls — channel-scoped sender policies can restrict dangerous tools by requester identity across core, bundled, plugin, group, and per-agent surfaces.
6. Context and session visibility — /context map, Gateway protocol v4 deltaText/replace frames, ACP lineage metadata, and richer sessions/status rows improve diagnostics for long-running or nested work.
7. Slack delivery controls — unfurlLinks, unfurlMedia, replyBroadcast, and mention/source metadata help tune thread visibility and link-preview behavior.
8. Plugin and install hardening — pnpm 11 support, peer-dependency preservation, install scans scoped to plugin-owned runtime entrypoints, source/git install fixes, and managed plugin repair keep official and third-party plugins less brittle.
9. Security/provenance pass — sandbox Windows home-root blocking, structured SecretRef env resolution, node pairing approval, delegated-session tool restriction inheritance, transcript redaction, Slack/QQBot approval authorization, browser/CDP auth, command approval parsing, hook authority limits, and webhook/rate-limit hardening landed across the stable line.

Prerelease Watch: v2026.5.14-beta.2

Do not make stable recommendations from prerelease-only features, but be aware of upcoming changes:

1. Codex migration — the bundled codex-cli backend is being removed in favor of the Codex app-server route on openai/*, with legacy codex-cli/* model refs repaired during migration.
2. Per-agent bootstrap overrides — agents can override contextInjection, bootstrapMaxChars, and bootstrapTotalMaxChars while inheriting defaults when omitted.
3. Command-turn facts and message queue steering — channels/plugins expose normalized command-turn metadata, and mid-turn prompts can steer active runs by default via /queue steer.
4. WhatsApp status reactions and Telnyx realtime voice — channel status-reaction lifecycles and voice-call realtime media streaming are in active beta.
5. Expanded parser/input hardening — provider catalog paths, node platform IDs, shell operands, canvas snapshots, malformed JSON/base64/Host surfaces, link-understanding SSRF, and workflow scaffold sanitization continue to harden.

Notable Additions in v2026.3.22-v2026.3.24

These are recent operationally important additions in current stable releases:

1. Native skills lifecycle commands — openclaw skills search|install|update now provides first-class ClawHub workflows from the core CLI.
2. Tracked ClawHub plugin installs — openclaw plugins install clawhub:<package> records source metadata for cleaner updates/uninstalls.
3. Safer ClawHub-first plugin install behavior — bare plugin installs prefer ClawHub before npm for npm-safe names, reducing accidental source mismatch.
4. Timezone-correct one-shot cron scheduling — openclaw cron add|edit --at ... --tz <iana> now honors requested local wall-clock time.
5. Single-channel auth UX hardening (v2026.3.23) — openclaw channels login|logout auto-selects the single configured login-capable channel.
6. Packaged bundled-plugin runtime repair (v2026.3.23) — npm installs include required bundled plugin runtime sidecars again, preventing missing-runtime failures after global installs.
7. ClawHub uninstall target recovery (v2026.3.23) — openclaw plugins uninstall accepts installed clawhub: specs and versionless package names again, even when prior installs were pinned.
8. Plugin config self-healing improvements (v2026.3.23) — openclaw doctor --fix prunes stale plugins.allow / plugins.entries refs after removals, and stale unknown plugins.allow ids no longer hard-fail recovery commands.
9. Qwen provider catalog update (v2026.3.23) — Model Studio coverage now includes standard DashScope endpoints for China/global Qwen API keys under Qwen (Alibaba Cloud Model Studio).
10. Container-targeted CLI execution (v2026.3.24) — openclaw --container <name-or-id> <command> and OPENCLAW_CONTAINER allow running OpenClaw CLI commands inside an active Docker/Podman container.
11. OpenAI-compatible gateway expansions (v2026.3.24) — gateway now exposes /v1/models and /v1/embeddings, and forwards explicit model overrides in /v1/chat/completions and /v1/responses.
12. Slack interactive direct-delivery parity (v2026.3.24) — direct replies regain rich interactive parity, with simple trailing Options: lines auto-rendered as controls.
13. Teams channel UX refresh (v2026.3.24) — @openclaw/msteams moves to the official Teams SDK with richer 1:1 streaming UX and message edit/delete support.

Notable Additions in v2026.3.28-v2026.3.31

These are recent operationally important additions in the latest stable releases:

1. Task-flow control surface (v2026.3.31) — openclaw flows list|show|cancel adds first-class visibility/control over detached background work.
2. openclaw config schema (v2026.3.28) — prints the generated JSON schema for openclaw.json, which helps CI/config-lint workflows.
3. Remote MCP server URL support (v2026.3.31) — mcp.servers can target HTTP/SSE endpoints with auth headers and safer credential redaction behavior.
4. Slack-native exec approvals (v2026.3.31) — exec approval routing can stay inside Slack with approver authorization rather than falling back to Web UI/terminal.
5. QQ Bot bundled channel plugin (v2026.3.31) — adds multi-account QQ Bot support with SecretRef-aware credentials and media flows.
6. xAI Responses + x_search integration (v2026.3.28) — bundled xAI provider uses Responses API with first-class x_search and onboarding/config wiring.
7. OpenAI/Codex apply_patch default enablement (v2026.3.28) — apply_patch is enabled by default on OpenAI/OpenAI Codex models with write-aligned sandbox policy.
8. Current-conversation ACP bind support expands (v2026.3.28) — Discord, BlueBubbles, and iMessage support /acp spawn ... --bind here workflows.
9. Plugin approval hook enrichment (v2026.3.28) — async requireApproval in before_tool_call lets plugins pause tool execution and request explicit approval.
10. Matrix draft streaming (v2026.3.31) — partial Matrix replies can update the same message in place instead of emitting chunk-per-message noise.

Notable Additions in v2026.3.11-v2026.3.12

These are recent operationally important additions:

1. Fast mode controls — shared /fast toggle and params.fastMode support for Anthropic and OpenAI-compatible providers.
2. Session orchestration control — sessions_yield lets orchestrators end the current turn and defer follow-up payloads cleanly.
3. Slack Block Kit replies — shared delivery path now supports channelData.slack.blocks for rich Slack messages.
4. Control UI refresh — dashboard adds modular views, command palette, improved mobile layout, and richer chat actions.
5. Kubernetes starter path — official starter manifests and install docs for K8s deployments.
6. Browser-origin auth enforcement (v2026.3.11) — trusted-proxy WebSocket connections now enforce origin validation (GHSA-5wcw-8jjv-m286).
7. Workspace plugin trust gating (v2026.3.12) — implicit workspace plugin auto-load disabled by default (GHSA-99qw-6mr3-36qr).
8. Expanded v2026.3.12 security bundle — includes exec-approval hardening against Unicode/wrapper obfuscation, owner-only /config and /debug checks, paired-device scope caps, stricter pre-auth WebSocket limits, and tighter Feishu/LINE/Zalo webhook validation (see security-checklist.md for GHSA-level details).

Notable Additions in v2026.3.13 (historical stable milestone)

These remain operationally important additions introduced in that release:

1. Strict gateway RPC probing — openclaw gateway status --require-rpc fails hard when RPC is unavailable or degraded (useful for automation/health gates).
2. Docker timezone override — OPENCLAW_TZ pins gateway/CLI containers to a chosen IANA timezone in Docker setups.
3. Live Chrome session attach mode — official Chrome DevTools MCP existing-session attach flow, with "user" profile routing for signed-in browser sessions (chrome-relay assumptions were removed in v2026.3.22).
4. Cron reliability hardening — isolated cron nested-lane deadlock scenarios are fixed in the current stable line; upgrade if isolated cron jobs stall intermittently.
5. Security hardening updates — single-use pairing bootstrap setup codes, pre-body Telegram webhook secret validation, Telegram inbound media transport/fallback hardening, iMessage remote attachment path sanitization, and broader tools.exec.security parser hardening.
6. Slack interactive reply directives (opt-in) — richer response controls for Slack delivery beyond basic text/block rendering.
7. Plugin collision fail-fast — plugin startup now rejects channel/binding collisions early instead of failing later at runtime.
8. Docker token-leak hardening — build flow fixes prevent accidental gateway token exposure through Docker build context handling.

Notable Additions in v2026.3.8

These are not breaking, but they are operationally important:

1. Backups in CLI — openclaw backup create and openclaw backup verify for local state archives and pre-change safety checks.
2. Talk auto-send control — talk.silenceTimeoutMs lets you tune when Talk mode auto-sends after silence.
3. Brave LLM Context mode — tools.web.search.brave.mode: "llm-context" enables extracted grounding snippets and metadata in web_search.
4. ACP provenance control — openclaw acp --provenance off|meta|meta+receipt controls origin metadata and optional receipt injection.

Quick Diagnostic Commands

Always start troubleshooting with these:

# Quick status check
openclaw status

# Full diagnosis with logs
openclaw status --all

# Health check with provider probes
openclaw status --deep

# Automation-safe gateway probe (v2026.3.13+; unavailable/degraded => non-zero)
openclaw gateway status --require-rpc

# Validate config before restart
openclaw config validate

# Automated fixes
openclaw doctor --fix

# Security audit
openclaw security audit --deep

# Docker/K8s health probes (v2026.3.1+)
# GET /health, /healthz, /ready, /readyz

Installation Requirements

• Node.js: v22.14.0 or higher (Node 24 recommended; NOT Bun - causes WhatsApp/Telegram issues)
• macOS: Native support
• Linux: Native support (systemd recommended)
• Windows: WSL2 required (Ubuntu recommended)
• Docker/K8s: Health endpoints at /health, /healthz, /ready, /readyz (v2026.3.1+)

Installation Steps

# 1. Install CLI
curl -fsSL https://openclaw.ai/install.sh | bash

# 2. Run onboarding wizard
openclaw onboard --install-daemon

# 3. Verify installation
openclaw status
openclaw health

# 4. Verify minimum safe version
# Must be v2026.3.1 or later

Key Configuration Paths

Path	Purpose
~/.openclaw/openclaw.json	Main configuration
~/.openclaw/agents/<id>/	Agent state and sessions
~/.openclaw/credentials/	Channel credentials
~/.openclaw/workspace/	Agent workspace
~/.openclaw/skills/	Installed skills (from ClawHub)
~/.openclaw/extensions/	Installed plugins
~/.openclaw/secrets.json	SecretRef credential store
/tmp/openclaw/	Log files

When Helping Users

1. Always check status first - Run openclaw status --all before making changes
2. Check version - Ensure v2026.3.1+ for security and breaking change compatibility (recommend v2026.5.12+)
3. Validate config - Run openclaw config validate before restarting the gateway
4. Preserve existing config - Read config before modifying
5. Security first - Default to restrictive settings (pairing mode, allowlists, tool denials, tools.profile: "messaging")
6. Explain changes - Tell users what you're doing and why
7. Verify after changes - Confirm changes worked with status commands
8. Use API keys, not OAuth - Anthropic has blocked OAuth tokens for OpenClaw
9. Audit third-party skills/plugins - Review source code before installing from ClawHub
10. Recommend BlueBubbles over legacy iMessage - Legacy iMessage is deprecated

Common Tasks

Check Gateway Status

openclaw status --all
openclaw health

Restart Gateway

openclaw gateway restart

View Logs

# Via journalctl (systemd)
journalctl --user -u openclaw-gateway -f

# Log files
cat /tmp/openclaw/openclaw-$(date +%Y-%m-%d).log

Approve Pairing

# List pending
openclaw pairing list

# Approve
openclaw pairing approve <channel> <code>

Configure Channels

# Interactive setup
openclaw configure

# Direct config
openclaw config set channels.<channel>.<setting> <value>

Manage Cron Jobs

openclaw cron list
openclaw cron add --name "Job" --cron "0 8 * * *" --message "Task"
openclaw cron enable <id>
openclaw cron run <id>  # Test run

Back Up Before Risky Changes (v2026.3.8+)

# Create a full local state backup
openclaw backup create

# Config-only snapshot before targeted edits
openclaw backup create --only-config

# Verify an archive before restore/migration use
openclaw backup verify "<backup-file>"

Install Skills from ClawHub

# Preferred (v2026.3.22+)
openclaw skills search <query>
openclaw skills install <skill-slug>
openclaw skills update --all

# Compatibility path (older workflows)
clawhub install <skill-slug>
clawhub update --all
openclaw skills list

Install Plugins

openclaw plugins install @openclaw/voice-call
openclaw plugins list

Target a Running OpenClaw Container (v2026.3.24+)

# Run a command against an active Docker/Podman OpenClaw container
openclaw --container openclaw-gateway status

# Optional default container target for repeated commands
export OPENCLAW_CONTAINER=openclaw-gateway
openclaw status --all

Configure Tools Profile (v2026.3.2+, behavior updated in v2026.3.7)

Defaults vary by install path in v2026.3.x (for example, local onboarding now falls back to "coding" in v2026.3.7). Set the profile explicitly based on your use case:

# Check current profile
openclaw config get agents.defaults.tools.profile

# For personal coding assistant
openclaw config set agents.defaults.tools.profile "coding"

# For full access (personal use only)
openclaw config set agents.defaults.tools.profile "full"

# Per-agent override (e.g., support bot stays messaging-only)
openclaw config set agents.list.support-bot.tools.profile "messaging"

Configure Sub-Agents (v2026.2.17+)

# Allow agents to spawn sub-agents (default depth: 2)
openclaw config set agents.defaults.subagents.maxSpawnDepth 2
openclaw config set agents.defaults.subagents.maxChildrenPerAgent 5

Enable 1M Context Window (v2026.2.17+)

For Anthropic models (Opus 4.7, Sonnet 4.7):

openclaw config set agents.defaults.params.context1m true

Configure Adaptive Thinking (v2026.3.1+)

Claude 4.7 models use "adaptive" thinking level by default in current examples. Override if needed:

# Check current thinking level
openclaw config get agents.defaults.params.thinkingLevel

# Explicitly set (options: off, low, adaptive, high)
openclaw config set agents.defaults.params.thinkingLevel "adaptive"

Configure Fast Mode (v2026.3.12+)

Use lower-latency execution where supported by the active provider and model:

# Check current fast-mode default
openclaw config get agents.defaults.params.fastMode

# Enable fast mode by default for new turns/sessions
openclaw config set agents.defaults.params.fastMode true

Configure PDF Tool (v2026.3.2+)

Built-in PDF analysis with Anthropic and Google provider support:

# Set PDF model (defaults to agent's model; supports Anthropic and Google providers)
openclaw config set agents.defaults.pdfModel "<provider>/<model>"

# Set size limits
openclaw config set agents.defaults.pdfMaxBytesMb 50
openclaw config set agents.defaults.pdfMaxPages 200

Configure Session Isolation

# Isolate sessions per sender (recommended for multi-user)
openclaw config set session.dmScope "per-channel-peer"

Manage Sessions (v2026.2.23+)

# List active sessions
openclaw sessions list

# Clean up old sessions (respects disk budget)
openclaw sessions cleanup

# Set disk budget
openclaw config set session.maintenance.maxDiskBytes 1073741824

Session Attachments (v2026.3.2+)

# Sub-agents can receive inline files at spawn time (base64 or utf8)
# Configurable via agents.defaults.sessionAttachments

Validate Configuration (v2026.3.2+)

# Validate config before restarting (catches invalid keys)
openclaw config validate

# Machine-readable output
openclaw config validate --json

# Print active config file path
openclaw config file

Manage Secrets (v2026.3.2+)

SecretRef system covers 64 credential targets with planning/apply/audit workflow:

# Plan secret changes
openclaw secrets plan

# Apply secrets
openclaw secrets apply

# Audit credential references
openclaw secrets audit

Tune Talk Mode Auto-Send (v2026.3.8+)

# Wait 1.5 seconds of silence before auto-send in Talk mode
openclaw config set talk.silenceTimeoutMs 1500

Enable Brave LLM Context Search Mode (v2026.3.8+)

# Use Brave's LLM Context endpoint for richer grounding snippets
openclaw config set tools.web.search.brave.mode "llm-context"

Configure ACP Provenance Metadata (v2026.3.8+)

# Include ACP ingress metadata and visible receipt text
openclaw acp --provenance meta+receipt

Configure Model Providers

# Anthropic (recommended)
openclaw models auth setup-token --provider anthropic

# Kilo Code (v2026.2.23+)
openclaw models auth setup-token --provider kilocode

# Moonshot/Kimi (v2026.2.23+ — web search with citation extraction)
openclaw models auth setup-token --provider moonshot

# xAI / Grok (v2026.2.6+)
openclaw models auth setup-token --provider xai

# OpenAI (WebSocket-first transport in v2026.3.1+)
openclaw models auth setup-token --provider openai

# MiniMax (M2.7 catalog in v2026.3.28+)
openclaw models auth setup-token --provider minimax

# Vercel AI Gateway (v2026.2.23+ — accepts Claude shorthand model refs)
openclaw models auth setup-token --provider vercel-ai

# OpenAI Codex (v2026.4.12+ — PI OAuth route; for ChatGPT/Codex subscriptions, prefer openai/gpt-* with agentRuntime.id: "codex")
openclaw models auth setup-token --provider openai-codex

# NVIDIA (v2026.4.29+ — hosted NVIDIA models)
openclaw models auth setup-token --provider nvidia

# LM Studio (v2026.4.12+ — local/self-hosted OpenAI-compatible with runtime discovery and memory-search embeddings)
openclaw models auth setup-token --provider lmstudio

Error Patterns

Error	Cause	Fix
missing_scope	Slack/channel OAuth scope missing	Add required scopes, reinstall app
Gateway not reachable	Service not running	openclaw gateway restart
Port 18789 in use	Another process on port	Check with openclaw gateway status
Auth failed	Invalid API key/token	Re-run openclaw configure
Pairing required	Unknown sender	openclaw pairing approve
auth mode "none"	Removed in v2026.1.29	openclaw config set gateway.auth.mode token
OAuth token rejected	Anthropic blocked OpenClaw OAuth	Use openclaw models auth setup-token --provider anthropic
spawn depth exceeded	Sub-agent depth limit reached	Increase agents.defaults.subagents.maxSpawnDepth
WebSocket 1005/1006	Discord resume logic (fixed in v2026.3.1)	Upgrade to v2026.3.1+, then restart
invalid-config	Bad config keys	Run openclaw config validate --json for detailed error paths
tools not available	tools.profile set to "messaging"	Set tools.profile to "coding" or "full"
registerHttpHandler not a function	Plugin SDK v2026.3.2 breaking change	Migrate to api.registerHttpRoute()

Security Defaults to Recommend

• gateway.bind: loopback (local only)
• gateway.auth.mode: token (or trusted-proxy behind an identity-aware reverse proxy)
• gateway.mdns.mode: minimal
• tools.profile: "messaging" for multi-user / untrusted surfaces
• dmPolicy: pairing (require approval)
• groupPolicy: allowlist
• sandbox.mode: all (for untrusted users)
• sandbox.scope: agent
• tools.deny: ["gateway", "cron", "sessions_spawn", "sessions_send"]
• tools.exec.security: "deny" or "ask" for approval workflows
• Model: Use the strongest available model for tool-enabled agents facing untrusted inboxes (larger models resist prompt injection better)
• security.trust_model.multi_user_heuristic: true (v2026.2.24+, detects shared-user abuse)
• fs.workspaceOnly: true (restrict file access to workspace)

Recommended Workflows

These real-world workflows combine multiple features for common use cases:

Personal AI Assistant (Solo User)

openclaw onboard --install-daemon
openclaw config set agents.defaults.tools.profile "full"
openclaw models auth setup-token --provider <provider>
openclaw config set agents.defaults.model "<provider>/<model>"
openclaw config set agents.defaults.params.context1m true
openclaw config set agents.defaults.params.thinkingLevel "adaptive"
openclaw config set channels.whatsapp.dmPolicy pairing
openclaw config set channels.telegram.dmPolicy pairing
openclaw gateway restart

Family/Team Shared Gateway

openclaw config set agents.defaults.tools.profile "messaging"
openclaw config set session.dmScope "per-channel-peer"
openclaw config set agents.defaults.sandbox.mode all
openclaw config set agents.defaults.sandbox.workspaceAccess ro
openclaw config set agents.defaults.tools.deny '["gateway","cron","sessions_spawn","sessions_send","exec"]'
openclaw config set security.trust_model.multi_user_heuristic true

Docker/Kubernetes Deployment

openclaw config set gateway.bind "0.0.0.0"
openclaw config set gateway.auth.mode token
openclaw config set gateway.auth.token "$OPENCLAW_GATEWAY_TOKEN"
# Health probes: GET /health (liveness), GET /ready (readiness)
# Set resource limits via session disk budget
openclaw config set session.maintenance.maxDiskBytes 2147483648

Multi-Channel Daily Digest

openclaw cron add \
  --name "Morning Digest" \
  --cron "0 8 * * 1-5" \
  --tz "America/New_York" \
  --message "Summarize my unread messages across all channels and highlight action items" \
  --channel slack \
  --to "#daily-digest"

Security Lockdown After Incident

openclaw gateway stop
openclaw config set gateway.bind loopback
openclaw config set gateway.auth.token "$(openssl rand -hex 32)"
openclaw config set channels.slack.dmPolicy disabled
openclaw config set channels.whatsapp.dmPolicy disabled
openclaw security audit --deep --fix
openclaw secrets audit
openclaw gateway restart

WSL2-Specific Notes

When running on Windows WSL2:

• Use powershell.exe -Command "wsl -d Ubuntu -e bash -l -c '...'" for commands
• Ensure systemd is enabled in /etc/wsl.conf
• Source nvm before running openclaw: source ~/.nvm/nvm.sh