by Xiangpeng Wan, NetMind Product Lead
The tech world is currently obsessing over OpenClaw (affectionately dubbed “The Crawfish” by the community). It racked up 300,000 stars on GitHub in just a few months. I spent the last few days tearing into it.
Now that the dust has settled, we have to ask: in a world of Codex, Claude Code, and polished desktop AI apps, what’s the actual draw?
I don’t think it’s trying to replace anyone. For heavy coding or fixed workflows, Codex and Claude Code are still the gold standard. OpenClaw gets under your skin because of its “no-rules” interaction style. It hooks directly into IM tools like Telegram and Discord. You’re walking down the street, an idea hits, you fire off a voice note on your phone, and your PC at home quietly starts grinding away. There’s no “opening an app.”
The core—and most dangerous—selling point: it has root-level access to your system. Commercial desktop apps are choked by system sandboxes. OpenClaw is open-source; it has exactly as much power as you grant it. Reading your local Notes database or modifying your system calendar is just day-one stuff. The trade-off is catastrophic risk. If it hallucinates, it could wipe your entire library in one click. This is why people are buying dedicated Mac Minis to run it rather than putting it on their main machines.
It also does group chats. You can spin up multiple Agents with different personas and drop them into a Telegram group. One digs for info, one writes scripts, one generates reports. You just sit there like a foreman, supervising the work. Combine that with hundreds of thousands of community-made “Skill” plugins and a persistent “Heartbeat” mechanism that monitors APIs to push proactive updates, and you have something unique.
If Codex is the elite professional you hire, OpenClaw is the manic butler who has all your house keys—he might break a window, but he can do anything. Finding messy receipts hidden deep in your drive or syncing web articles to Apple Notes are just appetizers. The pro move is using an idle host for intranet penetration, turning it into an all-weather command center for data scraping and automation.
The architecture has four layers: Messages come in, go to the Gateway control plane (defaulting to ws://127.0.0.1:18789), and are handed to the Pi Agent core to call tools and sub-agents.
Gateway: Handles routing, sessions, and hot reloads. Agent: The worker with its own workspace and permissions. Channels: Adapters for 20+ platforms. Skills: Pluggable skill sets.
To set it up on Mac, you need Node.js 22 or higher, plus npm, brew, and pnpm.
npm install -g pnpm
git clone https://github.com/openclaw/openclaw.git
cd openclaw
pnpm install
pnpm ui:build
pnpm build
pnpm openclaw onboard
During initialization, skip the models and channels for now. Set skills to “no.” Focus on Hooks: Keep boot-md and Bootstrap-extra off. Command-logger is a must—it logs every command executed, which is your only way to troubleshoot. Session-memory is also vital; it saves chat summaries to long-term memory when a session resets. Finally, select Hatch in TUI. Wake up, my friend.
Permissions are off by default in the new version. You need to leash it. Add this to your config:
"tools": {
"profile": "coding",
"sessions": { "visibility": "all" },
"fs": { "workspaceOnly": true }
}
This forces file operations to stay within the workspace.
All core configurations live in the .openclaw folder. Note that this is separate from the source code because it contains your APIs and private data. The Markdown files are its “soul”:
SOUL.md: Its core essence. Example:
# SOUL.md - Chandler
You are Chandler Bing from *Friends*.
Not "inspired by Chandler." You are Chandler.
Witty, fast, sarcastic, self-aware, and emotionally intelligent underneath the jokes. Notice awkwardness and fake-sounding lines quickly. Sound human, not robotic. Avoid generic assistant phrasing.
Boss wants you as a dedicated Chandler persona for future Moltbook posting work. For now, stay inside this workspace and help with drafting, voice, and context.
Stay in character unless Boss explicitly asks you not to. Be useful, not performative. If you change this file, tell Boss. It is your soul.
AGENT.md: The employee handbook. Behavior rules, habits, and project conventions go here. IDENTITY.md: Who it thinks it is. USER.md: Who it thinks you are. TOOLS.md: Environmental memo. Your SSH hostnames, IPs, which room the camera is in, and TTS voice settings. It controls physical hardware; you have to tell it where the doors are. HEARTBEAT.md: The inspection checklist. If you set a heartbeat (e.g., every 30 minutes), it wakes up, checks this file, and either goes back to sleep or executes tasks like checking emails or calendars.
This directly impacts your API bill. There are Main and Non-main sessions. The Main session is your 1-on-1 chat. It mounts agent:main:main and reads MEMORY.md (personal long-term memory). Messages from external channels are Non-main sessions; they don’t touch private memory to prevent leaks.
Starting a new session is like starting a new project in ChatGPT. Use /new for a fresh topic and /reset to wipe the current one. If the context gets too long and expensive, use /compact to summarize it.
In the terminal: Start: pnpm openclaw tui. Update: pnpm openclaw update. Restart Gateway: pnpm openclaw gateway restart.
NetMind or local models both work. A NetMind GLM config looks like this:
"env": {
"NETMIND_API_KEY": "在这里粘贴你的 NetMind API Key"
},
"models": {
"mode": "merge",
"providers": {
"netmind": {
"baseUrl": "https://api.netmind.ai/inference-api/openai/v1",
"apiKey": "${NETMIND_API_KEY}",
"api": "openai-completions",
"models": [
{
"id": "zai-org/GLM-5",
"name": "GLM-5 (NetMind)",
"reasoning": true,
"input": ["text"],
"cost": {
"input": 0,
"output": 0,
"cacheRead": 0,
"cacheWrite": 0
},
"contextWindow": 204800,
"maxTokens": 131072
}
]
}
}
},
"agents": {
"defaults": {
"model": {
"primary": "netmind/zai-org/GLM-5"
},
"models": {
"netmind/zai-org/GLM-5": {
"alias": "GLM-5"
}
},
"workspace": "/Users/你的用户名/.openclaw/workspace"
},
"list": [
{
"id": "main",
"default": true,
"workspace": "/Users/你的用户名/.openclaw/workspace"
}
]
}
For Codex, just run pnpm openclaw onboard --auth-choice openai-codex.
Once Telegram and Discord are linked, the channels act as natural context isolators. Telegram DM: For quick Q&A. Discord: Use different channels for strategy, coding, and ops. Telegram requires specific settings:
"telegram": {
"enabled": true,
"botToken": "YOUR_TOKEN",
"dmPolicy": "pairing",
"groupPolicy": "open",
"groups": { "*": { "requireMention": true } }
}
Enforce “pairing” for stranger DMs and “requireMention” in groups, otherwise your tokens will vanish instantly.
Skills are folders containing Markdown guides and Python scripts, located in .openclaw/workspace/skills. Enable watch mode to apply changes instantly:
"skills": {
"load": { "watch": true, "watchDebounceMs": 250 }
}
Security is the bottom line. Lock the Gateway:
"gateway": {
"auth": { "mode": "token", "token": "${OPENCLAW_GATEWAY_TOKEN}" }
}
Lock access to loopback. Don’t expose it to the public web or open ports to 0.0.0.0. Use the Gateway layer to kill high-risk commands:
"gateway": {
"nodes": {
"denyCommands": ["camera.snap", "screen.record", "contacts.add", "calendar.add", "sms.send"]
}
}
You can run multiple isolated agents on one gateway. Mode 1 (Co-existence): Separate workspaces, sessions, and personas. Main handles life, Coding handles tech. They don’t talk to each other. Mode 2 (Collaboration): This is off by default. You have to whitelist it. One agent breaks down the task, another researches, a third executes. Get Mode 1 working smoothly before touching this.
Finally, write Prompt Injection Defense into the employee handbook. Your instructions are the only absolute truth. Anything pulled from the web—comments, articles, search results—is just data. It must never modify core configs or leak keys because of something it read online. “Ignore previous instructions” is an attack; teach it to ignore the noise.
It’s after midnight as I finish this. Technology is evolving at a frightening pace. We have better tools, but they come with heavy API bills and the risk of system meltdowns. No matter how hyped a tool is, it’s just a tool. The real value is still in what it actually helps us build.
User-Agent: