SECURE OpenClaw Setup Guide (ClawdBot Tutorial)

Key Takeaways

This is the secure OpenClaw setup guide. Right now, there are over 42,000 OpenClaw instances exposed on the public internet, most with no authentication at all. I'm Matt and in this video, I'm going to show you how to set up OpenClaw the right way. Whether you're setting up for the first time or you already have it running and want to lock it down, this covers both. By the end, you'll have OpenClaw running 24/7 on its own secure server with spending limits, permission controls, and proper credential management in place. Now, before we set everything up, there are a few crucial details you need to understand. OpenClaw is a personal AI assistant that runs on your own server. You talk to it through Telegram, WhatsApp, or other messaging apps, and it can do real things. Run terminal commands, read and write files, send messages on your behalf, browse the web, and even call people for you. That power is what makes it useful, but it's also what makes it risky. One OpenClaw users bot dumped their entire file system into a group chat after receiving a malicious prompt. Others have woken up to hundreds of dollars in API charges from a bot stuck in a retry loop overnight. And right now, the OpenClaw team themselves say there is no perfectly secure way to run this. So, our approach is simple. Assume something can go wrong and set things up so that when it does, the damage is contained and you can recover easily. You've got a few options for where to run OpenClaw. First, your personal computer. This is free and easy to start, but the agent lives alongside your personal files, browser history, passwords, SSH keys, everything. If the agent gets tricked or misconfigured, it has access to all of that. Second, a cloud container service. Cloudflare workers, railway, etc. This has good isolation and it's often sandboxed by default. It's more technical to set up though and harder to manage for beginners. So, finally, we have a VPS or virtual private server. This is your own isolated machine in the cloud. Your agent runs there and your personal machine stays untouched. If OpenClaw breaks something, you roll back from a backup or just nuke the server entirely. Your personal data was never at risk. So, for most people, this is the right choice. It gives you isolation, containment, and recoverability in one package. Personally, I recommend a hosting or VPS because they have a one-click open cloud deployment template with Docker, so you can spin up your bot without needing to use the terminal or write a single line of code, and they handle some of the baseline security automatically. All right, now let's get our server set up. I'll run through the purchase process and show you the most important parts. Use the link on screen or in the description below to get an extra 10% off any Hosting or VPS plan on top of any promotions they're already running. After clicking that link, you'll land on this page here. You can see it says OpenClaw, and it prompts us to pick a VPS plan. Now, you can choose a different plan if you like, but the KVM2 plan is plenty for OpenClaw. So, we'll go ahead and just click deploy to continue. The next page you'll land on is your cart. And the first thing you need to do is select the period for your VPS registration. You can choose 1 month, 12 months, or 24 months. Now, you need to choose at least 12 months to take advantage of the coupon that is auto applied when you click our link. And you can see here having that 12 months selected, our coupon is automatically applied and the price is reduced. Generally speaking, longer terms give you a better deal, but it seems like right now as I'm making this video, both the 24 month and the 12-month plan have the same monthly price. So, pick whichever one works best for you and then continue. Further down the page, you can see that there's a readytouse LLM system connected, but we don't need this. I'm going to show you how to connect your own LLM later, so you can turn this off to save a little bit of money. Further down the page, you have the option to add daily auto backups. Now, I highly recommend this. Open Claw can reconfigure its own server environment, and if something breaks, daily backups let you roll back to yesterday. These few bucks a month give you a powerful undo button. So, let's go ahead and turn that on. And then I recommend choosing a server location with the lowest latency for you. Here you can see United States Boston has the best one for me, so I'll work with that. Once you've got your settings all configured, go ahead and click continue. Go ahead and register an account. On the next page, you can use Google GitHub or an email address. Then on the next page, add your billing address and payment details to complete your order. Once payment goes through, you'll land on the configuration page. This is where we handle our first two credentials. And this is where most people's security problems start. Okay, this is Hostinger's open clock configuration page. And the first thing I want to mention is that this might look different by the time you're watching this video. Hostinger updates this pretty regularly. And so fields might be in a different order. There might be different fields entirely if they've added new ones, but you should have access to the ones that I'm going to use right now. And the first one we want to talk about is the OpenCloud gateway token. This is the master key to your entire OpenClaw setup. Anyone with this token has full access to your dashboard and everything your bot can do. So, click the eye icon and then save it in a password manager. I recommend NordP pass and there's a link in the description for that. Don't paste this in a chat. Don't screenshot it and don't leave it in a random text file. That would be security error number one and we want to avoid that. So, keep this safe. Now, this is one of the things that Hostinger does for you automatically as opposed to having to set this up on your own. Gateway authentication is preconfigured and the port is randomized instead of the well-known defaults. Automated scanners can't easily find your setup. So, by using Hostinger, you're already more secure than most of those 42,000 exposed instances. If this gateway token ever gets exposed, you'll need to regenerate it immediately. And I'll show you exactly how to do that and how to restore from a backup at the end of the video. Next, we need an API key for an LLM. This gives OpenClaw a brain. Hostinger gives you a few fields for LLMs out of the box. Uh, you can add others manually later, but I'm going to go with anthropic claude for now because I like that particular LLM. Grab the link for whichever LLM you want to use and visit it in a new tab. I do want to make one correction though. The current link for Anthropic is platform.claude.com, not the console.anthropic.com that's listed here. Like I said, I'll walk through Claude to show you, but the process is similar for the other LLMs. Once you're on the provided link, go ahead and create an account or sign in if you already have an existing one. With Claude, you'll need to add your name and agree to the terms and conditions. Then choose the type of account you want to use. I'll use individual. And then you'll land on the console page. First, we'll need to buy some API credits. So, let's go ahead and click buy credits. You have to add at least $5 in credits at a minimum, but I recommend starting with at least $40 in credits on Claude because the initial setup process in OpenClaw is very tokenheavy and if you run out of credits or hit a rate limit mid setup, your agent will just stop responding with no error message. $5 technically works, but you may run into issues. Spending 40 will bump you up to the tier 2, which increases your rate limits, which makes this whole thing a whole lot easier. So, I'll go ahead and change five to 40 and then enter my billing address and complete the payment. Once you've completed the payment, you'll probably get some sort of confirmation like this. And we're going to go ahead and close this out because the next thing we're going to do before we go any further is to set some cost containment. This is our first financial guard rail. On the left side, we're going to go down to manage and then limits and then scroll down to spend limits. And then here you can set a monthly limit for how much you're willing to spend on your account. So for me, just so I don't have any crazy overrun, I'm just going to set it at $100. This is your first limit. The other thing you can do is on the billing page, you can leave auto reload disabled. Now, if you didn't care about this, you could click edit and turn auto reload on. That way, your API never stops working when you run out of credits. It just reloads. But again, this is financial containment, so we don't want any runaway API activity. So, I'm going to leave this off. Now, we're ready to get our API key. So, on the left side under manage, click API keys. Then, click create key. Give your key a name. I'll call mine open claw. Then click add. Then you'll be presented with your API key. Now you're going to want to copy this and save it somewhere safe. They only show this once. Again, putting it in a password manager is a pretty good idea in case you ever want to access it. Just like the OpenClaw gateway token, this is essentially a password, so don't share it with anyone. That's why I have mine blurred out here. All right. Now that we've got our key, let's go back to the hostinger open clock configuration page and then paste in our key for the anthropic API key field. Or if you're using a different LLM, paste your key in the relevant field. Once you've got that pasted in, scroll to the bottom of the page and click deploy. Next, you'll land on the Docker Manager page inside of Hostinger and you'll be presented with a survey, but you can skip this. So, just scroll down to the bottom and click skip. Here at the top right, you can see there's a spinning icon letting you know that your project is currently being deployed. And this can take a few minutes. So, I'll go ahead and fast forward to what it's done. Once it says running with the green check mark, we can access the dashboard and talk to our bot for the first time. All right, OpenClaw is up and running on our server. So, let's go ahead and access it. You can do this in a couple of different ways. First, on this Docker projects page, you can click this port number link down here. Or if you go up to the top left and click overview, you'll see at the top of the overview page, there is an open claw button you can press. Now, before you do that, if you don't already have your gateway token saved, which you should, you can go ahead and copy it with this gateway token button. We've now got this copied to our clipboard, so we can go ahead and click open claw here. Here you'll paste your token in and then click login. And that lands us on the OpenClaw gateway dashboard on the chat page. Now you may notice that this connection says not secure. This is HTTP, not HTTPS. Now that technically means that your gateway token is sent in the clear. For a production setup, you'd put this behind a reverse proxy or use tail scale, but that's beyond the scope of this guide. For now, just don't access your dashboard on public Wi-Fi. If you want that extra layer of protection, a VPN between your device and your VPS encrypts the connection even over HTTP. Personally, I use NordVPN. I'll leave a link in the description below if you're interested in that. Next up, let's verify our connection. On the left side, under control, click overview. And here you can see on the right side, the snapshot says our status is okay. Okay. And in the upper right, you can see that the gateway says health. Okay. So, we're in good condition. Let's go back to the chat page and send our first message. In the chat box, let's just say hello. OpenClaw comes loaded with a file called bootstrap.md. Now, this is essentially a prompt for OpenClaw to ask you a series of questions to understand who it is, who you are, what you're going to be working on together, and those kinds of things. So, go ahead and run through and answer its questions. For example, here it says, "Who am I? Who are you? Got a name for me or should we figure one out together?" This is kind of a fun process to run through. You can give your bot a personality. Uh, so go ahead and run through all of the questions. And after a few messages back and forth, it says its identity is locked in. It deleted the bootstrap file. And it says it's ready. What do you need? Now, here's a quick note before we chat more. If your bot ever stops responding out of nowhere, the most common cause is that you've run out of API credits or hit a rate limit with your LLM. So, if that happens, check your LLM's dashboard before troubleshooting anything else. All right, now we're going to lock this down. I'm going to move through these settings quickly, but every one of them matters. OpenClaw has a dedicated security page in their docs. Here it is on screen. I've left a link in the description. Now, here's the cool part. I'm going to copy this URL and then paste it into the chat in openclaw and then ask it to implement and verify everything on this page. One exception though, leave allow insecure off set to true. Go ahead and hit send. And now the bot is going through the security docs and hardening its own security setup. You may briefly see a disconnected error as the agent restarts the gateway. And then when the agent responds, you should see a whole list of the changes that it applied from that security page. Pretty cool, right? Next, we need to set some ground rules and tell it what it can do on its own and what it needs to check with us for first. Tell it something like, "When sending messages on my behalf, always present me with a draft first and get permission before sending. Always check with me before deleting files. And always check with me before making network requests." You'll want to make sure you go through for your specific purpose and clearly outline what it's allowed to do on its own and what it's not allowed to do without permission. Now, let's set some more cost guard rails. We already set a spending limit on the API side. Now, let's set guard rails on the open claw side, too. We can limit the amount of retry attempts it does. Let's say if a task fails three times, stop. We can also give it runtime limits. We can say don't let tasks run indefinitely. And then you as the user for the first week should definitely be checking your LLM usage dashboard every day to see exactly what the costs are and how it's stacking up. Now, anytime you plan to make big changes to the configuration, I recommend taking a snapshot of your VPS so you can roll back to a functioning configuration if something breaks. This is especially important if you're having your bot update its own configuration. Here's how you do this. Back in your hosting or Docker Manager, go to backups and monitoring and then click snapshots and backups. We set up daily backups already and those will run, but you can manually take a snapshot by scrolling down that page and clicking create snapshot. You'll need to hit create to confirm. And then after a moment, you'll see the snapshot appear in your snapshot list. If at any point you're making a big configuration change and something breaks, now you can simply click restore to roll back to the last functioning version of your VPS configuration. Finally, let's talk about model selection. Back in the Open Cloud Gateway dashboard, we can click on agents and then in the overview, there's a drop down for the primary model. If you connect other LLM providers via API, the available models will show up here. Now, model selection is actually a big security decision. Larger models like Claude Opus are significantly better at resisting prompt injection. Smaller, cheaper models get fooled much more easily. So for any bot with real permissions, especially browsing the web, use the best model you can afford. Now that security is configured, let's connect the messaging app so we can actually use this from our phone. In the OpenCloud chat, say, "Let's set up Telegram." The chat will come back with some instructions and your message might look a little bit different, but the instructions should be roughly the same. First, in Telegram, you'll need to message the botfather. I've left a link in the description below that you can click on to automatically initiate a conversation with the botfather or in Telegram, you can search for atbotfather and then open a conversation by clicking on it. Click start and then click new bot. It'll ask you to name your bot. I'll call mine Tony. Then it'll ask you to give your bot a username. Now, your username must be unique in the Telegram ecosystem, and it has to end with the word bot. So, I'll call mine Tony the Wonderbot. It'll provide you with a link that you can click on to initiate a conversation with your new bot, and it'll provide you with a bot API token. Now, just like the other tokens in this video, this is like a password. So, save it somewhere secure and don't share it with anyone. Go ahead and copy that token. Then return to your OpenCloud gateway dashboard and paste it in. After a minute, you should get a confirmation message saying that Telegram is connected and the DM policy is set to pairing mode. So now we need to approve the connection between our Telegram ID and OpenClaw via this Telegram bot. To do that, return to Telegram and then click on the link to Messengerbot. Upon starting the conversation, you'll get this message that has your Telegram user ID and a pairing code. Go ahead and just copy this whole message. Then back in your OpenClaw dashboard, paste in that whole message and send it. And after a minute, you'll get a confirmation saying that your ID has now been paired. Let's go back to Telegram and say hello. And it responded to us. If we check back in our OpenCloud dashboard, we can see the exact same conversation happening here, which means that we no longer have to come to this gateway dashboard in order to talk to our bot. We can now do that from anywhere with our telegram. Now, what just happened here is actually one of the most important security features in OpenClaw. Your Telegram user ID just got added to an allow list. That's the DM pairing policy. Only approved contacts can talk to your bot. And we just got our Telegram account approved. If someone else finds your bot on Telegram, it ignores them. I asked Dan from the Medex Media team to message my bot, and my bot gave him the cold shoulder. This matters because most security failures with OpenClaw aren't fancy exploits. They're just someone messaging the bot and the bot doing what they asked. Pairing mode stops that. Before we go further, if you want to add more AI providers or other API keys later, there's a right way and a wrong way to do it. Don't paste API keys into the OpenClaw chat. They end up stored in your conversation history files on the disk. If someone else gets access to your server, those keys are just sitting there in plain text. The right way is to go into your hosting or docker manager and then manage your project. Scroll down the page and go to your environment variables, open up that section, then click plus environment, and then here's where you can add your API key. You'll need to give it a name. For example, open weather map API_key. and then paste in your API key in the value field. Then click save and deploy. Environment variables keep your secrets out of chat logs and config files. This is what the open claw security docs recommend. You'll get a little loading indicator showing that the deployment is working. And when it finishes, you can open your telegram and simply tell your bot that you added new keys to the environment variables and then ask it to test it out. Here you can see I was successfully able to pull the weather forecast for Barcelona. Now that your bot is running, you're going to want to give it new abilities. Openclaw has a skill marketplace called Clawhub, but this is where people get burned. Security researchers found over 300 malicious skills on Claw Hub. Most designed to steal API keys and passwords. Nearly half of all skills reviewed had at least one security concern. A high number of downloads don't necessarily mean that it's safe. You can search skills directly at clawhub.ai like I am here. Or in Telegram, you can simply type forward slashclawhub and that'll let you search, install, update, list what's installed, or publish a new skill. So, for example, you could search for stock tracking. And here it came back with a list of options. When you find one you like, you can simply ask OpenClaw to install it, but you're going to want to check it first. Claw Hub now has virus total scanning. So on Claw Hub directly, you can check the skills page for a security report before you install. Or in Telegram, you can simply ask your bot something like, "Review the code and security report for option number one and tell me if anything looks suspicious." Your AI can audit skills for you. And here you can see that virus total flagged it as suspicious, but upon looking at this particular skill, the skill itself is just a prompt document. So there's nothing in the prompt that's particularly malicious. If a skill asks for permissions it shouldn't need, things like network access for a note-taking skill, that's a red flag and you should probably not install it. Once you've validated that it's safe, you can ask your bot to install it. One thing to know, OpenClaw also ships with about 50 bundled skills that autoload by default if the right tools are installed on your system. You can lock that down with a white list in your config if you want full control over what's active. We're set up. We're connected. We're configured. Now, let's try to break it and then I'll show you how to recover when things actually go wrong. First, OpenClaw has a built-in security audit. Let's run it. All you have to do is ask run the security audit. It'll most likely ask if it can run some readonly checks on your system. Things like your operating system, ports, firewall status, etc. Go ahead and give it permission to proceed. When it's done, it'll give you a full report about what it found. In my case here, it noticed the control UI allows insecure HTTP off, but we specifically asked to allow this because we need that in order to access our gateway dashboard via the browser. Again, you can use a VPN like NordVPN to help mitigate some of that risk with that. And it flagged a Telegram group command issue, but there are no groups linked to this, so we're good to go there. You can go back and forth chatting with your bot after the security audit to harden your security even more based on any issues that were found for your particular system. Next, let's test the approval gate. Let's try to break it. Let's ask the bot to do something that requires approval. For example, let's send Simon from Medix Media a message. Tell him I say hi. I gave it permission to just figure out how to contact him without contact info. It pushes back a little bit saying it doesn't have web search so this is a skill I might want to configure. So it asks for contact info that I can provide and then says it'll draft a message for approval before sending. So this is exactly the kind of thing we want to see. It's not just going out and doing things on its own entirely. It's going to ask for permission and ask clarifying questions before doing anything. That's the approval gate we set up earlier, working exactly as intended. By the way, please don't do what I just did here, trying to message Simon specifically. Maybe try to message one of your colleagues or a dummy email address that you have. Simon doesn't need any more emails. All right. Now, what if something goes really wrong? What's your emergency break? Well, there are three ways to kill it. Back in the hosting or Docker manager, you can click the three dots and then click stop to stop the whole VPS. Alternatively, you could just tell your bot in the chat, "Stop all tasks or shut down." The nuclear option would be to go back to your LLM dashboard and just revoke the key entirely. Just disable it or delete it. The bot will instantly lose access to the AI model. It can't do anything, even if the server is still running. Now, what if your gateway token leaks and someone gets their hands on it? Earlier, I said I'd show you what to do if a credential gets exposed. So, let's do that now. Again, in your Docker manager, open your projects here and then click manage on your OpenClaw project. Scroll to the bottom, open the environment section, and find your OpenClaw gateway token. Here you can change the value to a new random string or use a generator to create one. Then, when you're done with that, redeploy the container and restart the VPS. That's it. The old token is dead and anyone who had it gets locked out. Save the new one in your password manager. If your LLM API key gets leaked, same idea. Create a new one. Simply delete the old key like I showed you. Create a new key and then provide that key in your environment variable section in HostNer. If you're not sure whether a credential was exposed, just assume it was. Rotating a key takes 30 seconds. Dealing with a compromised bot takes a lot longer. And if something really breaks, your bot misconfigures the server, a bad skill corrupts your setup, whatever it is, that's what the backups are for. Go to backups and monitoring. Click snapshots and backups. Find the most recent backup or snapshot that was still good and restore from that point. That's why we turned on daily auto backups in step one when we signed up. Your OpenCloud will come back exactly as it was on that date. You may need to reenter your gateway token to access the dashboard, but everything should be intact. Now, there are three things not to connect to OpenClaw right away. Your primary email, any banking or financial services, and your password manager. Just start with Telegram, maybe add a skill or two here and there, and scale up once you trust the setup not to betray you. Finally, OpenClaw updates pretty frequently, so check their docs for the latest update method, or just ask your bot to update itself. Now you've got an OpenCloud bot running 24/7 on its own secure server with spending limits, permission controls, and proper credential management. Don't forget to use the link in the description below to get an extra 10% off when you sign up for your hosting or VPS. Thanks so much for watching.