OpenClaw网关
openclaw
by bengii
Comprehensive guide for installing, configuring, operating, and troubleshooting OpenClaw — a self-hosted, multi-channel AI agent gateway. Use when the user asks about OpenClaw setup, configuration, channel management (WhatsApp/Telegram/Discord/Slack/iMessage/etc.), model provider setup, Gateway operations, multi-agent routing, security hardening, troubleshooting, or any maintenance task related to their local OpenClaw installation. Also use when encountering errors from `openclaw` CLI commands or the Gateway daemon.
安装
claude skill add --url github.com/openclaw/skills/tree/main/skills/bengii/bengii-gemini-fix文档
OpenClaw Maintenance Skill
OpenClaw is a self-hosted, open-source (MIT) gateway that routes AI agents across WhatsApp, Telegram, Discord, Slack, iMessage, Signal, and 15+ other channels simultaneously. It runs on macOS, Linux, or Windows.
Reference Files
| Reference | Coverage |
|---|---|
| channels.md | Per-channel setup (WhatsApp, Telegram, Discord, etc.) |
| channel_troubleshooting.md | Per-channel failure signatures and walkthroughs |
| tools.md | Tools inventory (profiles, groups, all built-in tools) |
| exec.md | Exec tool: parameters, config, PATH, security, process tool |
| exec_approvals.md | Exec approvals: allowlists, safe bins, approval flow |
| browser.md | Browser tool: profiles, CDP, relay, SSRF, Control API |
| web_tools.md | Web tools: Brave, Perplexity, Gemini search providers |
| pdf_tool.md | PDF tool: native/fallback modes, config, page filtering |
| elevated.md | Elevated mode: /elevated directives, sandbox breakout |
| lobster.md | Lobster: typed workflow runtime with approvals |
| llm_task.md | LLM Task: JSON-only LLM step for structured output |
| openprose.md | OpenProse: multi-agent program runtime |
| plugins.md | Plugins: official list, config, manifest, CLI, authoring |
| skills.md | Skills: locations, config, ClawHub, watcher, token impact |
| providers.md | Model provider setup |
| multi_agent.md | Multi-agent routing |
| nodes.md | Nodes (iOS/Android/macOS/headless) |
| security.md | Security hardening |
| secrets.md | Secrets management (SecretRef, vault) |
| sandboxing.md | Sandboxing (Docker isolation) |
| config_reference.md | Full config field reference |
| gateway_ops.md | Gateway operations |
| remote_access.md | Remote access, SSH, Tailscale, web dashboard |
| sessions.md | Session management, DM isolation, lifecycle, compaction |
| hooks.md | Hooks: internal event hooks, HTTP webhooks, authoring, CLI |
| automation.md | Cron jobs, webhooks, Gmail Pub/Sub |
| acp_agents.md | ACP agents: spawn external AI runtimes (Codex, Claude, etc.) |
| install.md | Installation, updating, rollback, migration, uninstall |
| web_ui.md | Web surfaces: Dashboard, Control UI, WebChat |
| slash_commands.md | Chat slash commands (/new, /model, /acp, etc.) |
| platforms.md | Platform-specific guides (macOS, iOS, Android, Linux, Windows) |
| diffs_firecrawl.md | Diffs plugin + Firecrawl anti-bot fallback |
| subagents.md | Sub-agents: nested spawning, thread binding, announce, tool policy |
| memory.md | Memory system, vector search, hybrid BM25, compaction, QMD backend |
| architecture.md | Gateway architecture, wire protocol, pairing, invariants |
| agent_runtime.md | Agent runtime, bootstrap files, agent loop, hooks, timeouts |
| streaming.md | Streaming + chunking: block streaming, coalescing, preview modes |
| queue.md | Command queue: modes (steer/followup/collect), concurrency, per-session |
| model_failover.md | Model failover, OAuth, auth profiles, cooldowns, billing disables |
| clawhub.md | ClawHub: public skill registry, CLI commands, publish/install |
| thinking.md | Thinking levels, verbose directives, reasoning visibility |
| polls.md | Polls: Telegram, WhatsApp, Discord, MS Teams |
| voice.md | Talk Mode (voice interaction) + Voice Wake (wake words) |
| presence_discovery.md | Presence system, discovery (Bonjour/Tailscale), transports |
| gateway_internals.md | Network model, gateway lock, health checks, doctor, logging, background exec |
| heartbeat.md | Heartbeat: config, delivery, visibility, HEARTBEAT.md, per-agent |
| bonjour.md | Bonjour/mDNS: TXT keys, wide-area DNS-SD, debugging, failure modes |
| pairing.md | Gateway pairing: node approval, CLI, API, auto-approval, storage |
| tui.md | TUI: keyboard shortcuts, slash commands, pickers, local shell, delivery |
| media.md | Media: camera capture, images, audio/voice notes, transcription |
| channel_routing.md | Channel routing, session keys, agent selection, Mattermost, BlueBubbles |
Quick Reference
Key Paths
| Path | Purpose |
|---|---|
~/.openclaw/openclaw.json | Main config (JSON5) |
~/.openclaw/.env | Global env fallback |
~/.openclaw/workspace | Default agent workspace |
~/.openclaw/agents/<id>/ | Per-agent state + sessions |
~/.openclaw/skills/ | Managed/local skills |
~/.openclaw/agents/<id>/qmd/ | QMD memory backend state |
~/.openclaw/agents/<id>/agent/auth-profiles.json | Auth profiles + OAuth tokens |
OPENCLAW_CONFIG_PATH | Override config location |
OPENCLAW_STATE_DIR | Override state directory |
OPENCLAW_HOME | Override home directory |
Essential Commands
openclaw status # Overall status
openclaw gateway status # Gateway daemon status
openclaw gateway status --deep # Deep scan including system services
openclaw doctor # Diagnose config/service issues
openclaw doctor --fix # Auto-fix safe issues
openclaw logs --follow # Tail gateway logs
openclaw channels status --probe # Channel health check
openclaw security audit # Security posture check
openclaw security audit --fix # Auto-fix security issues
openclaw update # Self-update
openclaw dashboard # Open Control UI in browser
openclaw tui # Terminal UI (interactive REPL)
openclaw agent # Direct agent interaction via CLI
openclaw health # Health check
openclaw usage # Usage tracking
openclaw config validate # Validate config file
openclaw config file # Print active config path
openclaw sessions cleanup # Session disk cleanup
openclaw agents bindings # Agent-channel bindings
openclaw agents bind # Bind agent to account
openclaw agents unbind # Unbind agent
openclaw update --dry-run # Preview update
openclaw system presence # View connected clients/nodes
openclaw system heartbeat last # Last heartbeat info
openclaw system heartbeat now # Trigger heartbeat immediately
openclaw memory search <query> # CLI memory search
openclaw docs <query> # Search OpenClaw docs
openclaw nodes pending # List pending pairing requests
openclaw nodes approve <id> # Approve node pairing
openclaw nodes status # Show all paired nodes
openclaw health --json # Full health snapshot (JSON)
openclaw message send --media <p> # Send media message
Default Gateway
- Bind:
127.0.0.1:18789(loopback) - Dashboard:
http://127.0.0.1:18789/ - Protocol: WebSocket (JSON text frames)
Core Workflow
Diagnosing Issues
Always follow this command ladder:
openclaw status— quick overviewopenclaw gateway status— daemon running? RPC probe ok?openclaw logs --follow— watch for errorsopenclaw doctor— config/service diagnosticsopenclaw channels status --probe— per-channel health
Starting / Restarting Gateway
# Foreground with verbose logging
openclaw gateway --port 18789 --verbose
# Force-kill existing listener then start
openclaw gateway --force
# Service management (launchd on macOS, systemd on Linux)
openclaw gateway install
openclaw gateway start
openclaw gateway stop
openclaw gateway restart
Configuration
Edit config via any method:
# Interactive wizard
openclaw onboard # Full setup
openclaw configure # Config wizard
# CLI one-liners
openclaw config get <path> # Read value
openclaw config set <path> <value> # Set value (JSON5 or raw string)
openclaw config unset <path> # Remove value
# Direct edit
# Edit ~/.openclaw/openclaw.json (JSON5 format)
# Gateway hot-reloads on save (if gateway.reload.mode != "off")
Minimal config example:
{
agents: { defaults: { workspace: "~/.openclaw/workspace" } },
channels: { whatsapp: { allowFrom: ["+15555550123"] } },
}
Channel Setup
For detailed per-channel setup, see references/channels.md. For per-channel troubleshooting (failure signatures, setup walkthroughs), see references/channel_troubleshooting.md. For plugins adding new channels (Matrix, Nostr, MS Teams, etc.), see references/plugins.md.
Quick channel add:
# Interactive wizard
openclaw channels add
# Non-interactive
openclaw channels add --channel telegram --account default --name "My Bot" --token $BOT_TOKEN
openclaw channels login --channel whatsapp # QR pairing for WhatsApp
openclaw channels status --probe # Verify
Model Provider Setup
For detailed provider setup, see references/providers.md.
# Set default model
openclaw models set anthropic/claude-sonnet-4-5
# List available models
openclaw models list --all
# Check auth/token status
openclaw models status --probe
# Add auth interactively
openclaw models auth add
Config example:
{
agents: {
defaults: {
model: {
primary: "anthropic/claude-sonnet-4-5",
fallbacks: ["openai/gpt-5.2"],
},
},
},
}
Multi-Agent Routing
For detailed multi-agent config, see references/multi_agent.md.
openclaw agents add <id> # Create agent
openclaw agents list --bindings # Show agent-channel bindings
openclaw agents delete <id> # Remove agent
Nodes (iOS / Android / macOS / Headless)
For detailed node setup, see references/nodes.md.
openclaw nodes status # List connected nodes
openclaw nodes describe --node <id> # Node capabilities
openclaw devices list # Pending device approvals
openclaw devices approve <requestId> # Approve a device
openclaw node run --host <host> --port 18789 # Start headless node host
Security
For detailed security hardening, see references/security.md. For secrets management (SecretRef, vault integration), see references/secrets.md. For sandboxing (Docker isolation for tools), see references/sandboxing.md. For full config field reference, see references/config_reference.md. For remote access (SSH, Tailscale, VPN), see references/remote_access.md.
openclaw security audit # Check posture
openclaw security audit --deep # Live gateway probe
openclaw security audit --fix # Auto-fix safe issues
openclaw secrets reload # Re-resolve secret refs
openclaw secrets audit # Scan for plaintext leaks
Update / Uninstall
For detailed installation, updating, rollback, and migration guide, see references/install.md.
# Install (recommended)
curl -fsSL https://openclaw.ai/install.sh | bash
# Update
openclaw update # Self-update command
# Or: npm install -g openclaw@latest
openclaw doctor # Run after update to apply migrations
# Uninstall
openclaw uninstall
Tools Reference
For detailed per-tool documentation, see references/tools.md.
For specific tools, see:
- references/exec.md — Exec tool deep-dive
- references/exec_approvals.md — Exec approvals and allowlists
- references/browser.md — Browser automation deep-dive
- references/web_tools.md — Web search/fetch with multiple providers
- references/lobster.md — Lobster workflow runtime
- references/llm_task.md — LLM Task for structured JSON output
- references/openprose.md — OpenProse multi-agent programs
- references/plugins.md — Plugin system (install, author, distribute)
- references/skills.md — Skills system (load, config, ClawHub)
For ACP agents (Codex, Claude Code, Gemini CLI, etc.), see references/acp_agents.md. For Diffs plugin and Firecrawl anti-bot fallback, see references/diffs_firecrawl.md. For chat slash commands (/new, /model, /acp, etc.), see references/slash_commands.md. For thinking levels (/think, /verbose, /reasoning), see references/thinking.md. For polls (Telegram, WhatsApp, Discord, MS Teams), see references/polls.md. For Talk Mode and Voice Wake, see references/voice.md. For Gateway architecture and wire protocol, see references/architecture.md. For agent runtime and loop details, see references/agent_runtime.md. For command queue system, see references/queue.md. For model failover and OAuth, see references/model_failover.md. For ClawHub skill registry, see references/clawhub.md. For presence and discovery, see references/presence_discovery.md. For streaming and chunking, see references/streaming.md. For Gateway internals (network model, lock, health, doctor, logging), see references/gateway_internals.md. For heartbeat system, see references/heartbeat.md. For Bonjour/mDNS discovery details, see references/bonjour.md. For Gateway node pairing, see references/pairing.md. For Terminal UI (TUI), see references/tui.md. For media (camera, images, audio), see references/media.md. For channel routing and session keys, see references/channel_routing.md.
Tool profiles: minimal, coding, messaging, full (default).
Tool groups (for allow/deny):
group:runtime— exec, bash, processgroup:fs— read, write, edit, apply_patchgroup:sessions— sessions_list/history/send/spawn, session_statusgroup:memory— memory_search, memory_getgroup:web— web_search, web_fetchgroup:ui— browser, canvasgroup:automation— cron, gatewaygroup:messaging— messagegroup:nodes— nodesgroup:openclaw— all built-in OpenClaw tools (excludes provider plugins)
Common Failure Signatures
| Error | Cause | Fix |
|---|---|---|
refusing to bind gateway ... without auth | Non-loopback bind without token | Set gateway.auth.token or gateway.auth.password |
another gateway instance is already listening / EADDRINUSE | Port conflict | openclaw gateway --force or change port |
Gateway start blocked: set gateway.mode=local | Local mode not enabled | Set gateway.mode="local" |
unauthorized / reconnect loop | Token/password mismatch | Check OPENCLAW_GATEWAY_TOKEN or config auth |
device identity required | Missing device auth | Ensure client completes connect.challenge flow |
| No replies from bot | Pairing/allowlist/mention gating | Check openclaw pairing list, DM policy, mention patterns |
Embedding provider authentication failed (401) | .env has placeholder API key (e.g. your-jina-api-key-here) | Replace with real API key in ~/.openclaw/.env, restart Gateway |
config change requires gateway restart (plugins.*) | Plugin config changes can't hot-reload | Full openclaw gateway restart or launchctl kickstart -k |
Bootstrap failed: 5: Input/output error | LaunchAgent plist in stale/stuck state | openclaw gateway install then launchctl kickstart -k gui/$(id -u)/ai.openclaw.gateway |
Missing env var "X" referenced at config path: ... | .env missing or variable not defined | Add variable to ~/.openclaw/.env and restart Gateway |
Environment Variables
| Variable | Purpose |
|---|---|
OPENCLAW_GATEWAY_TOKEN | Gateway auth token |
OPENCLAW_GATEWAY_PASSWORD | Gateway auth password |
OPENCLAW_GATEWAY_PORT | Override gateway port |
OPENCLAW_CONFIG_PATH | Override config file path |
OPENCLAW_STATE_DIR | Override state directory |
OPENCLAW_HOME | Override home directory |
OPENCLAW_LOAD_SHELL_ENV | Import shell env (set to 1) |
OPENCLAW_VERBOSE | Verbose logging |
OPENCLAW_LOG_FILE | File logging path |
OPENCLAW_LOG_LEVEL | Log level control |
OPENCLAW_SHELL | Set by OpenClaw in exec/acp/tui runtimes |
BRAVE_API_KEY | For web_search tool |
FIRECRAWL_API_KEY | For Firecrawl anti-bot fallback |
ELEVENLABS_API_KEY | For Talk Mode TTS |
ELEVENLABS_VOICE_ID | Default voice for Talk Mode |
CLAWHUB_TOKEN | ClawHub API token for CI/automation |
CLAWHUB_WORKDIR | ClawHub working directory override |
OLLAMA_API_KEY | For Ollama embeddings provider |
相关 Skills
可观测性设计
by alirezarezvani
面向生产系统规划可落地的可观测性体系,串起指标、日志、链路追踪与 SLI/SLO、错误预算、告警和仪表盘设计,适合搭建监控平台与优化故障响应。
✎ 把监控、日志、链路追踪串起来,帮助团队从设计阶段构建可观测性,排障更快、系统演进更稳。
资深开发运维
by alirezarezvani
覆盖 CI/CD 流水线生成、Terraform 基建脚手架和自动化部署,适合在 AWS、GCP、Azure 上搭建云原生发布流程,管理 Docker/Kubernetes 基础设施并持续优化交付。
✎ 把CI/CD、基础设施即代码、容器与监控串成一条交付链,尤其适合AWS/GCP/Azure多云团队高效落地。
环境密钥管理
by alirezarezvani
统一梳理dev/staging/prod的.env和密钥流程,自动生成.env.example、校验必填变量、扫描Git历史泄漏,并联动Vault、AWS SSM、1Password、Doppler完成轮换。
✎ 统一管理环境变量、密钥与配置,减少泄露和部署混乱,安全治理与团队协作一起做好,DevOps 场景很省心。
相关 MCP 服务
kubefwd
编辑精选by txn2
kubefwd 是让 AI 帮你批量转发 Kubernetes 服务到本地的开发神器。
✎ 微服务开发者最头疼的本地调试问题,它一键搞定——自动分配 IP 避免端口冲突,还能用自然语言查询状态。但依赖 AI 工作流,纯命令行爱好者可能觉得不够直接。
Cloudflare
编辑精选by Cloudflare
Cloudflare MCP Server 是让你用自然语言管理 Workers、KV 和 R2 等云资源的工具。
✎ 这个工具解决了开发者频繁切换控制台和文档的痛点,特别适合那些在 Cloudflare 上部署无服务器应用、需要快速调试或管理配置的团队。不过,由于它依赖多个子服务器,初次设置可能有点繁琐,建议先从 Workers Bindings 这类核心功能入手。
Terraform
编辑精选by hashicorp
Terraform MCP Server 是让 AI 助手直接操作 Terraform Registry 和 HCP Terraform 的桥梁。
✎ 如果你经常在 Terraform 里翻文档找模块配置,这个服务器能省不少时间——直接问 Claude 就能生成准确的代码片段。最适合管理多云基础设施的团队,但注意它目前只适合本地使用,别在生产环境里暴露 HTTP 端点。
相关资讯
OpenClaw通过广泛的即时通讯平台集成和庞大的技能生态,实现了跨渠道的持久化存在,但面临严峻的安全挑战。Hermes Agent则围绕封闭学习循环构建,具备自主技能创建和自我训练能力,架构更为保守。两者代表了构建持久化AI助手的两种不同哲学。
Jentic Mini 是一个免费、开源、可自托管的权限防火墙,旨在解决 OpenClaw 等 AI 智能体(Agent)的凭证泄露和权限控制问题。它位于智能体与 API 之间,集中管理凭证、执行细粒度权限控制,并提供一键切断所有数据访问的紧急开关。该产品基于 Jentic 过去 18 个月的企业级平台经验开发。
本期 AI 新闻简报涵盖多项重要发布:Anthropic 的 Claude Cowork 亮相,OpenAI 推出更小更快的 GPT-5.4 mini/nano 模型。此外,智能体基础设施(如 LangSmith 沙盒、Open SWE)和架构研究(注意力残差、Mamba-3)也取得新进展。