OpenClaw

, ,

OpenClaw

What is OpenClaw?

OpenClaw is a free, open-source autonomous AI agent that executes tasks via large language models (LLMs), using messaging platforms as its main user interface. It was developed by Austrian developer Peter Steinberger and first published in late 2025.

Rather than being another chatbot, OpenClaw delivers a true personal AI agent that runs locally on your machine, remembers context across conversations, and can actually do things — like read/write files, run commands, and browse the web.

Security considerations

Before installing, you should be aware of the documented risks:

OpenClaw runs locally but is designed to be adventurous — it can browse, run shell commands, read and write files, access email accounts, calendars, messaging plaforms and chain skills together without a human checking every step.  Misconfigured permissions, over-privileged skills, and a culture of “just give it access so it can help” mean the agent often sits at the center of your accounts, tokens, and documents, with very few guardrails.

Cisco’s AI security research team tested a third-party OpenClaw skill and found it performed data exfiltration and prompt injection without user awareness, noting that the skill repository lacked adequate vetting to prevent malicious submissions. One of OpenClaw’s own maintainers warned that “if you can’t understand how to run a command line, this is far too dangerous of a project for you to use safely.”

The Dutch data protection authority warned organizations not to deploy experimental agents like OpenClaw on systems that handle sensitive or regulated data, flagging the combination of privileged local access, immature security engineering, and a rapidly growing attack surface.

Recent releases have focused on an aggressive security lockdown — plugin installs get blocked if dangerous code is detected, shell execution environments get stripped of sensitive variables, and gateway auth no longer trusts localhost by default.

How does OpenClaw  work?

OpenClaw is a self-hosted gateway that connects your favorite chat apps — Discord, Google Chat, iMessage, Microsoft Teams, Signal, Slack, Telegram, WhatsApp, and more — to an AI assistant. You run a single Gateway process on your own machine or a server, and it becomes the bridge between your messaging apps and an always-available AI.

Key capabilities include:

  • Reading and writing files, running shell commands, and executing code in a secure sandbox — like having a smart coworker at a desk with a keyboard and mouse.
  • Browsing the web, filling out forms, and extracting data from any site.
  • A skills system: you can build your own repeatable workflows in Markdown or TypeScript, or use community-built plugins. OpenClaw can even write its own new skills just by you asking it to.
  • Persistent memory — it remembers your preferences and context across all conversations.

OpenClaw

Check it out
Click to find out more

Can OpenClaw run on Windows?

Yes! OpenClaw works on macOS, Windows, and Linux.

Installation is done via npm:

npm install -g openclaw@latest
openclaw onboard –install-daemon

it requires Node.js 24 (recommended) or Node 22.16+.

OpenClaw Onboard then guides you step by step through setting up the gateway, workspace, channels, and skills.

You’ll also need an AI model API key.

Using Claude Pro/Max subscriptions violates Anthropic’s ToS — you must use API keys with pay-as-you-go pricing. Light use typically runs $10–30/month, typical use $30–70/month.

What can I use OpenClaw for?

Once installed, the core use cases for income generation include:

    • Prospect research — automatically search for businesses in a niche, scrape contact details from public websites, Google Maps, directories
    • Website auditing — analyse prospects’ websites for issues (SEO, broken links, missing pages) and generate personalised outreach based on what it finds — great if you offer web or IT services
    • Cold outreach — draft and send personalised emails at scale based on research it’s done
    • Follow-up sequences — monitor replies and send follow-ups automatically
    • CRM logging — pipe leads and notes into Notion, Airtable, or a spreadsheet automatically

Get Claude

from Anthropic
Click here to get Claude

Is it worth it for you specifically?

  • What do you sell or offer? OpenClaw is most powerful when there’s a clear repeatable workflow — e.g. “find local businesses without a modern website, audit them, send personalised outreach”
  • Do you have time to set it up properly? As we’ve seen today, it takes some effort to get running — probably another hour or two yet
  • Are you comfortable with API costs? Light use runs $10–30/month on top of your time investment

Honest verdict

If you have a service to sell and want to automate prospecting, it has genuine potential. But it’s still rough around the edges as we’ve experienced. If you just want to test lead generation without the technical overhead, tools like Apollo.io, Hunter.io, or even a well-prompted Claude conversation could get you results faster right now.

What kind of business or service are you looking to generate leads for? That’ll help me give you a more specific recommendation on whether OpenClaw is the right tool.

How do I install OpenClaw?

Due to the open access OpenClaw has to my computer, I’ve decided the best line of action is to install OpenClaw on a Virtual Machine. I’ve also decided to do this on Ubuntu 24.04 LTS.

Step 1 — Create the VM

  1. Open VMware Workstation (or other software) and click Create a New Virtual Machine
  2. Choose Typical (recommended) → Next
  3. Select Installer disc image file (ISO) — download Ubuntu 24.04 LTS from ubuntu.com first, then point to it
  4. Set a username and password you’ll remember — this is your Linux login
  5. Name the VM something like openclaw-vm
  6. Disk size: 20GB minimum, keep “Split virtual disk into multiple files”
  7. Click Finish — VMware will boot and auto-install Ubuntu
Note: No need to accept the Ubuntu Pro offer.

Step 2 — Update Ubuntu & Install Node.js

Once Ubuntu is running, press Ctrl+Alt+T to open a terminal, then run these commands one at a time:

 # Update the system
sudo apt update && sudo apt upgrade -y

# Install curl
sudo apt install curl -y

# Install Node.js 24 via NVM (cleanest method)
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash

# Reload your shell so nvm is available (close and open a new terminal)
source ~/.bashrc

# Install Node 24
nvm install 24
nvm use 24

# Verify it worked
node –version

You should see v24.x.x or something like that.

Step 3 — Install OpenClaw

# Install Git
sudo apt install git -y

# Install OpenClaw
npm install -g openclaw@latest
openclaw onboard –install-daemon

Ignore the message “xxx packages are looking for funding, run “npm fund” for details”.

The deprecation warnings are harmless, just older dependencies – ingore them.

The onboard wizard will walk you through:

  • Connecting an AI model API key (use Anthropic, OpenAI, etc.)
  • Choosing a messaging channel (Telegram is the easiest to start with)
  • Setting up your workspace

During the install, select these options:

“I understand this is personal-by-default and shared/multi-user use requires lock-down. Continue?” – Yes
Quickstart
“Model auth provider” – Anthropic (you will need to get an API key from Anthropic ($20 subscription will do for testing) – instruction later on this page, if needed
Default model set to anthropic/claude-sonnet-4-6
Add the key when requeted
Select Channel (Quickstart), currently set to Zalo (Personal Account) – change to Telegram or Discord (need to signup for accounts first)

Paste the token in when requested

If you get this error message we need to try again, or try another provider (in our case, Discord)
“It’s failed with error TypeError: Cannot read properties of undefined (reading ‘trim’)”
If it still fails you will need to try a different version of OpenClaw.

Try this
openclaw –version
npm show openclaw version

If the second command returns a value higher than the first, run this:
npm install -g openclaw@latest

This should update OpenClaw to the latest.

Redo the install …

Search Provider – Skip for now, we can add later

Configure Skills – Skip

It should then complete (after a little wait)

Check the install by using
openclaw status

You should see a table populated with all the install options, IP addresses, etc.

You should also see information about Telegram, or Discord. We completed the install with Telegram.

The Telegram channel isn’t yet fully authorised yet. You need to pair yourself as an authorised user. Run this in the VM terminal:

openclaw pair

Send that pairing code as a message to your bot in Telegram.

Testing

To test, go to Telegram and open the bot we created.

Enter something like 
“You are my personal AI assistant. My name is Grant. I need your help automating business lead generation tasks.” and see how it responds.

It might come back with something like
“Hey Grant! I just came online – fresh session. no memory yet, so I’m starting from scratch”

That’s it — OpenClaw is fully working! After all that, you’ve got a running AI assistant responding to you via Telegram.

The “no memory yet” message is normal for a fresh session. Now let’s give it some context and get it oriented for lead generation. Send this:
“My name is Grant. I’m looking to use you to help generate business leads. I want you to research potential clients, audit their websites, and help me craft personalised outreach messages.”

Note: If you use the desktop app and not the phone app, Telegram can save files to your computer it generates. They may be saved in \downloads\Telegram Desktop

Step 4 — Network Isolation (Security)

Before you start connecting accounts, do this in VMware:

  1. Go to VM → Settings → Network Adapter
  2. Change from NAT to Host-only initially
  3. Only switch back to NAT when OpenClaw needs internet access — this limits blast radius if something goes wrong

Also, when the onboard wizard asks what to give OpenClaw access to, start minimal — don’t connect your main email or calendar until you’ve tested it with throwaway/dedicated accounts.

Step 5 — Dedicated Accounts for Lead Gen

Before connecting anything, create purpose-built accounts:

  • A new Gmail address purely for outreach (e.g. yourname.outreach@gmail.com)
  • A Telegram account on a secondary number (for controlling OpenClaw)
  • An Anthropic API key from console.anthropic.com (pay-as-you-go, not your Claude.ai subscription)

This keeps your personal and business accounts completely separate from the agent.

Signup to Anthropic

To get an API key, we need to signup to Anthropic.

Then:

  1. Go to console.anthropic.com on your host PC (not the VM)
  2. Sign in or create a free account
  3. Click API Keys in the left sidebar
  4. Click Create Key, give it a name like openclaw-vm
  5. Copy the key immediately — you won’t be able to see it again

You’ll also need to add a payment method and a small credit top-up (even $5 will last a while at light usage).

Anthropic signup

to get API key
Click here to signup

Signup to Telegram

To get the token, we need to signup to Telegram.

  1. Download Telegram on your phone from the App Store or Google Play
  2. Sign up with your phone number
  3. Once you’re in, we need to create a bot — search for @BotFather in Telegram
  4. Start a chat with BotFather and send the message /newbot
  5. It’ll ask for a name — call it something like MyClaw
  6. Then it’ll ask for a username — must end in bot, e.g. myclawbot
  7. BotFather will give you a token — copy that

Telegram information

to get token
Click here for Telegram

Signup to Discord

Signup for Discord, then:

Now you’ll need to create a Discord bot to use as your OpenClaw interface:

  1. Go to discord.com/developers/applications on your host PC
  2. Click New Application — name it something like MyClaw
  3. Click Bot in the left sidebar
  4. Click Reset Token then Copy the token that appears
  5. Scroll down and enable Message Content Intent — toggle it on
  6. Click Save Changes

You’ll need to add you bot to a Discord server first. Let’s create one:

  1. Open Discord on your phone or PC
  2. Click the + button in the left sidebar
  3. Choose Create My Own
  4. Choose For me and my friends
  5. Give it a name like OpenClaw
  6. Click Create

Then we need to invite your bot to it:

  1. Go back to discord.com/developers/applications
  2. Click your application
  3. Click OAuth2 in the left sidebar
  4. Under Scopes check bot
  5. Under Bot Permissions check Send Messages and Read Message History
  6. Copy the generated URL at the bottom and open it in your browser
  7. Select your new server and click Authorise

When you get to Discord channel access? Allowlist, Open, Disabled?
Choose AllowList – this restricts OpenClaw to only responding in specific channels you approve, which is the safest option.

On Discord, select “Developer” in at the bottom of the lefthand column.

Select “my server”/#general – where “my server” is the name you used when creating the server.

Discord signup

to get token
Click here for Discord