Give Feedback

OpenClaw

Generated on 23 Feb 2026 from the OpenClaw catalog page

Deploy your own personal AI assistant with OpenClaw on a DigitalOcean Droplet® server, a powerful open-source platform that runs entirely on your infrastructure. OpenClaw connects to the messaging platforms you already use - WhatsApp, Telegram, Slack, Discord, Signal, and more - giving you AI assistance wherever you communicate.

What is OpenClaw?

OpenClaw is an open-source framework for running autonomous, agentic AI systems that interact with APIs, tools, and messaging platforms in real time. With DigitalOcean’s hardened 1-Click deployment, developers can run OpenClaw with secure defaults in their Droplet as an always-on AI assistant with strong security controls, usage-based inference, and predictable operations.

The Droplet 1-Click installation provisions OpenClaw as a self-hosted, local-first AI assistant that runs entirely on the developer’s own infrastructure. The deployed OpenClaw acts as a gateway control plane for managing sessions, channels, tools, and events, and integrates with the messaging platforms developers already use—including WhatsApp, Telegram, Slack, Discord, Signal, and more.

Why OpenClaw on DigitalOcean?

DigitalOcean complements OpenClaw’s open-source capabilities with Droplet’s security features including:

Authenticated gateway tokens
Firewall-level rate limiting
Non-root execution
Container sandboxing
Private DM pairing

These protections limit blast radius, prevent unauthorized access, and ensure agents can run continuously and safely in production-like environments.

Predictable inference for agent workloads

DigitalOcean’s Inference Cloud is built for continuous, always-on inference—not just bursty API calls—making it ideal for long-running agents that rely on low-latency model responses and stable economics.
Full control and privacy

Developers keep their own configuration, data, and runtime environment.

Key Features

Multi-channel messaging gateway (WhatsApp, Telegram, Slack, Discord, Signal, iMessage, Google Chat, MS Teams, and others)
Multi-agent routing with isolated sessions and configurations
Flexible model support (Anthropic Claude, OpenAI GPT, local/open-source runtimes)
Tool execution: web browsing, API calls, filesystem ops, voice, CLI actions
Containerized sandboxing for safe skill execution
Built-in web UI for configuration, logs, and monitoring
Extendable via plugins and custom skills

System Requirements

OpenClaw runs directly on Ubuntu 24.04 with Node.js 22 and Docker. Choose the appropriate Droplet size based on your usage:

Usage Level	RAM	CPU	Recommended For
Personal (1–5 users)	4GB	2 CPU	Individual use, few channels
Small Team (5–20)	8GB	4 CPU	Small team, multiple channels
Medium Team (20–50)	16GB	8 CPU	Medium team, heavy usage
Large Team (50+ users)	32GB	16 CPU	Large deployment, high volume

Note: This 1-Click includes Docker for sandboxed execution. Additional resources may be needed if you enable multiple sandbox instances or browser automation.

Software Included

Package	Version	License
OpenClaw	2.22	MIT License

Creating an App using the Control Panel

Click the Deploy to DigitalOcean button to create a Droplet based on this 1-Click App. If you aren’t logged in, this link will prompt you to log in with your DigitalOcean account.

Creating an App using the API

In addition to creating a Droplet from the OpenClaw 1-Click App using the control panel, you can also use the DigitalOcean API. As an example, to create a 4GB OpenClaw Droplet in the SFO2 region, you can use the following curl command. You need to either save your API access token to an environment variable or substitute it in the command below.

curl -X POST -H 'Content-Type: application/json' \
         -H 'Authorization: Bearer '$TOKEN'' -d \
        '{"name":"choose_a_name","region":"sfo2","size":"s-2vcpu-4gb","image":"openclaw"}' \
        "https://api.digitalocean.com/v2/droplets"

Getting Started After Deploying OpenClaw

🚀 Getting Started

Follow these steps to get your instance running as a Droplet on DigitalOcean (DO).

1. Deploy the Droplet

Deploy the OpenClaw / Clawdbot 1-Click App from the DigitalOcean Marketplace.
Wait for the droplet to finish provisioning.
Note: The DO dashboard may say “ready” before the SSH service is actually available.

2. Connect via SSH

Access your droplet using the terminal:

ssh root@your-droplet-ip

If SSH fails initially, wait 60 seconds and retry.
A welcome message will appear upon successful login.

3. Interactive Configuration

Follow the automated setup flow:

LLM Provider: Choose Gradient, OpenAI, or Anthropic.
API Key: Paste your provider’s API key when prompted.
The openclaw service will restart automatically to apply changes.
Dashboard Pairing: Follow instructions to open the Dashboard and pair with it.

Once pairing is complete, the dashboard will no longer show any errors and will show “connected”. You should verify you can chat with the agent.

4. Manual Configuration (Optional)

If you need to update settings, edit the environment file directly:

# Edit configuration
nano /opt/openclaw.env

# Restart service to apply changes
systemctl restart openclaw

This file manages AI providers, gateway settings, and messaging channels.

5. Verify Installation

Launch the Terminal UI (TUI) to confirm the service and LLM are functioning:

/opt/openclaw-tui.sh

6. Access the Web Dashboard

Copy the Dashboard URL provided in the login welcome message.
Open the URL in your browser to verify the web interface loads.

7.Proceed to configure messaging channels (Telegram, Discord, WhatsApp, etc.)

Setting up WhatsApp as a Channel

Run /opt/openclaw-cli.sh channels add
Go through the onboarding process in the CLI to add a channel. Select WhatsApp.
Eventually you’ll be presented with a QR code to scan. Scan the QR code with your phone in WhatsApp to pair.
Go through the pairing process on your phone.

Setting up Telegram as a Channel

Start the channel setup flow by running /opt/openclaw-cli.sh channels add.
Go through the onboarding prompts in the CLI and select Telegram as the channel. 1. The CLI will pause and wait for a Telegram bot token.
Open Telegram and start a chat with @BotFather.
Create a new bot by typing /newbot and follow the prompts: 1. Choose a display name
1. Choose a unique bot username (must end in bot)
Once the bot is created: 1. BotFather will confirm creation
1. You’ll receive a bot token
2. You’ll also receive a deep link like https://t.me/your_bot_name
Copy the bot token and paste it back into the waiting CLI prompt to complete the channel setup.
Open the deep link to start a chat with your new bot. 1. You’ll see a message like Clawdbot: access not configured
1. This is expected.
Copy your Telegram user ID from the message.
Open the OpenClaw Gateway Dashboard (URL shown when you SSH’d into the droplet).
Add your Telegram user ID to the allow list in the dashboard.
Return to Telegram and send a message to the bot to confirm it’s working.

🛠 Troubleshooting & Commands

Task	Command
Check Service Status	`systemctl status openclaw`
View Live Logs	`journalctl -u openclaw -f`
Edit Environment	`nano /opt/openclaw.env`
Start TUI	`/opt/openclaw-tui.sh`


### **Security Configuration**

* Randomly generates a OpenClaw gateway token so communication to your OpenClaw is authenticated. This protects your OpenClaw instance from unauthorized users.
* Hardens your server with default firewall rules that rate limit OpenClaw ports to prevent inappropriate traffic from interfering with your OpenClaw use and help prevent denial of service attacks.
* Runs OpenClaw as a non-root user on the server, limiting the attack surface if an inappropriate command is executed by OpenClaw.
* Runs OpenClaw inside Docker containers on your server, which sets up an [isolated sandbox](https://docs.molt.bot/gateway/sandboxing) and further helps prevent any unintended commands from impacting your server.
* Configures [DM pairing](https://docs.molt.bot/start/pairing) by default, which prevents unauthorized users from talking to your OpenClaw.

**Resources**
-------------

* Documentation: <https://docs.molt.bot/>
* GitHub Repository: <https://github.com/moltbot/moltbot>
* Local Configuration Reference: <https://docs.molt.bot/gateway/configuration>
* Channel Setup: <https://docs.molt.bot/channels>
* Security Guide: <https://docs.molt.bot/gateway/security>
* Discord Community: <https://discord.gg/molt>

**Support**
-----------

For issues and questions:

* Check the [documentation](https://docs.molt.bot/)
* Search [GitHub Issues](https://github.com/moltbot/moltbot/issues)
* Join the [Discord community](https://discord.gg/molt)
* Review the [FAQ](https://docs.molt.bot/start/faq)

**OpenClaw on DigitalOcean – FAQ**
----------------------------------

Common questions from people setting up OpenClaw using the one-click droplet.

---

"It's stuck in a sandbox and can't run commands. It's basically just a chat agent now."
---------------------------------------------------------------------------------------

This is the most common issue after a fresh install. OpenClaw is working – but it's locked down to the point where it can't actually do anything useful.

By default, OpenClaw runs in a restricted sandbox mode. It can't make network calls, can't run shell commands, and can't write to most directories. That's a safe default, but it means the agent can only chat. It can't execute skills, call APIs, or interact with anything outside itself.

To fix this, you need to set three execution policies. SSH into your droplet and run these as root:

/opt/openclaw-cli.sh config set tools.exec.host gateway /opt/openclaw-cli.sh config set tools.exec.ask off /opt/openclaw-cli.sh config set tools.exec.security full


Then restart the service:

systemctl restart openclaw


Here's what each one does:

* **`tools.exec.host gateway`** – Tells OpenClaw to route commands through its gateway process. On a VPS there's no terminal window open, so without this, commands have nowhere to run. They'll either fail or hang.
* **`tools.exec.ask off`** – Disables the "are you sure?" approval prompts. On a local machine those are fine – you see the prompt and approve it. On a headless server, nobody's there to approve anything, so commands just hang forever waiting.
* **`tools.exec.security full`** – Gives OpenClaw the highest execution tier *within its sandbox*. This is the big one. Without it, the agent can't make network calls, run shell commands, or do much beyond generating text. This does **not** give it root access – the `openclaw` user still can't touch system files or escalate privileges.

After setting all three and restarting, OpenClaw should go from "just a chatbot" to actually being able to run skills and execute commands.

To verify your settings are correct:

/opt/openclaw-cli.sh config list | grep tools.exec


You're looking for `host: gateway`, `ask: off`, and `security: full`.

---

"It's too expensive."
---------------------

DigitalOcean now supports multiple ways to run OpenClaw. One-click droplets start as low as $12/month, and you can also deploy on App Platform. You don't need a large instance to get started.

---

"How do I add this to an existing droplet? The official one-liner crashed my terminal."
---------------------------------------------------------------------------------------

The one-click droplet is for new installs only – it's not something you can add to an existing server. The Marketplace image provisions a fresh droplet with everything preconfigured (the `openclaw` user, the gateway, the sandbox, Homebrew, etc.). Trying to run the install script on an existing droplet with its own packages, users, and config is likely why it crashed.

If you want OpenClaw, spin up a new droplet from the [Marketplace listing](https://marketplace.digitalocean.com/apps/openclaw). It takes a few clicks and you'll have a clean, working setup.

---

"How can I update it to the latest version?"
--------------------------------------------

The short version – if you're on a one-click droplet (v2.3 or later), run `/opt/update-openclaw.sh` as root.

---

"I'm getting a 'permission denied public key' error."
-----------------------------------------------------

This is usually an API key issue, not an SSH key issue. Try generating a new Gradient AI API key, or switch to a different inference provider. If the key is invalid or expired, OpenClaw can surface misleading error messages.

---

"Everything worked until the TUI started, but my bot doesn't respond to messages."
----------------------------------------------------------------------------------

This can happen for a couple of reasons. First, try sending another message – sometimes the first one is slow and needs a second nudge to get going. If it still doesn't respond, check your API key. An invalid or expired key will cause the agent to silently do nothing. Verify the key is correct in `/opt/openclaw.env` and restart the service (`systemctl restart openclaw` as root).

---

"Can I configure another provider like OpenRouter after install by editing the JSON config?"
--------------------------------------------------------------------------------------------

Same answer as above – not officially supported yet, but likely coming. OpenClaw has been adding support for custom providers, so this may become possible through the config.

---

"It can't access the internet." / "Can I safely let it access the internet for research?"
-----------------------------------------------------------------------------------------

By default, the sandbox blocks outbound network access. That's the safe default, but it means the agent can't call APIs, fetch web pages, or do much beyond generating text.

Yes, you can safely unlock this. That's what the `tools.exec.security full` setting is for. It unlocks network access, shell commands, and other capabilities the agent needs to actually be useful.

It's safe on a dedicated droplet because the `openclaw` user is still sandboxed. It can't touch system files, can't escalate to root, and can't modify its own environment config. You're loosening restrictions *inside* the sandbox, not removing the sandbox itself.

See the [sandbox and execution policies answer above](#its-stuck-in-a-sandbox-and-cant-run-commands-its-basically-just-a-chat-agent-now) for the full setup steps.

---

"My skill installed but isn't doing anything."
----------------------------------------------

Check these in order:

1. Are the required environment variables in `/opt/openclaw.env`?
2. Are the execution policies set correctly? Run `/opt/openclaw-cli.sh config list | grep tools.exec` as root to verify.
3. Did you restart the service after making changes? `systemctl restart openclaw` as root.

---

"I get 'permission denied' when editing `/opt/openclaw.env`."
-------------------------------------------------------------

That's expected. You're probably logged in as `openclaw`. Run `exit` to get back to root, then edit the file.

---

"I changed the env file but nothing changed."
---------------------------------------------

You need to restart the service. Run `systemctl restart openclaw` as root. The env file is only read at startup.

---

"My skill fails silently – no errors, no output."
-------------------------------------------------

This is almost always the `tools.exec.security` setting. At lower tiers, OpenClaw will quietly block operations without telling you. Set it to `full` as root and restart.

---

"Commands seem to hang forever."
--------------------------------

Two likely causes. If `tools.exec.host` isn't set to `gateway`, execution has nowhere to run on a headless VPS. If `tools.exec.ask` isn't set to `off`, commands are waiting for approval that nobody can give. Set both and restart.

---

"Which user should I be for what?"
----------------------------------

* Installing skills, running tools → `openclaw`
* Editing env vars, setting policies, restarting the service → `root`

---

"Everything worked until the TUI started, but my bot doesn't respond to messages."
----------------------------------------------------------------------------------

This can happen for a couple of reasons. First, try sending another message – sometimes the first one is slow and needs a second nudge to get going. If it still doesn't respond, check your API key. An invalid or expired key will cause the agent to silently do nothing. Verify the key is correct in `/opt/openclaw.env` and restart the service (`systemctl restart openclaw` as root).

---

"It can't access the internet. It's running completely lobotomized."
--------------------------------------------------------------------

Same issue as above. By default, the sandbox blocks outbound network access. The fix is the same – set the three execution policies (especially `tools.exec.security full`) and restart the service. See the previous answer for the full steps.

The `security full` setting is the one that unlocks network access. Without it, OpenClaw can't call APIs, fetch URLs, or reach any external service. It's not a bug – it's the default security posture. But on a dedicated droplet where you control what's installed, `full` is the right setting.

---

"Which user should I be for what?"
----------------------------------

* Installing skills, running tools → `openclaw`
* Editing env vars, setting policies, restarting the service → `root`

---

**License**
-----------

OpenClaw is open source software licensed under the [MIT License](https://github.com/moltbot/moltbot/blob/main/LICENSE).

---