OpenClaw Resources

A roundup of official materials and further reading for learning and using OpenClaw.


Official Resources

ResourceLink
Official siteopenclaw.ai
GitHub repoopenclaw/openclaw
Skill registryClawHub (search/share skills from within the agent)
Sibling projectHermes Agent tutorial (Nous Research)

OpenClaw was formerly Clawdbot / Moltbot — watch for those names when searching older materials.


Command Recap

# Install (Node 22+)
curl -fsSL https://openclaw.ai/install.sh | bash      # macOS/Linux
iwr -useb https://openclaw.ai/install.ps1 | iex       # Windows

# Initialize and run
openclaw onboard --install-daemon
openclaw gateway status
openclaw gateway --port 18789
openclaw dashboard            # http://127.0.0.1:18789/

# Help
openclaw --help

Key Files Recap

~/.openclaw/openclaw.json   # Main config (provider/tool policies/model routing/autonomy)
~/.openclaw/memory/         # Plain-text long-term memory
~/.openclaw/skills/         # Skills (SKILL.md)
<workspace>/HEARTBEAT.md     # Autonomy heartbeat checklist

Environment variables: OPENCLAW_HOME, OPENCLAW_STATE_DIR, OPENCLAW_CONFIG_PATH


Security Recap (Memorize This)

[ ] Update to 2026.1.29+ (fixes CVE-2026-25253, cross-site WS hijack/RCE)
[ ] Bind the control-plane port to 127.0.0.1, never expose publicly
[ ] Tool policies: reads allowed, write/send/delete require approval
[ ] Third-party skills are unsandboxed by default → review before installing
[ ] Keep credentials in env vars, out of Git; set spending alerts

This Tutorial


Learning Advice

  1. Get the minimal loop working first: install → configure model → Dashboard chat
  2. Add one real scenario: e.g., Telegram + a Heartbeat morning brief
  3. Gradually distill skills and memory (plain text + Git, transparent and controllable)
  4. Put security first: update, tighten the port, approval gates, review skills
  5. Follow official updates: it iterates extremely fast — watch for security advisories

This tutorial is compiled from public materials; commands and features defer to the current version of the official repo. Given high-risk capabilities like shell/browser execution, use it carefully and only after understanding the risks.