Setup OpenClaw Step by Step: From Zero to Running Agent
This tutorial takes you from zero to a running, secured OpenClaw agent.
No prerequisites. No complex configuration. Just follow the steps.
What You'll Have at the End
- A running OpenClaw instance
- Gateway authentication (256-bit token)
- Container sandbox isolation
- Egress filtering
- Audit logging
- Human-in-the-loop approvals (Team plan)
- Prompt injection defense
All secured. All managed. Ready to use.
Step 1: Sign Up via the Web Portal
Open your browser and go to clawctl.com/checkout.
What happens:
- Creates your Clawctl account
- Provisions your secure OpenClaw tenant
- Sets up all infrastructure automatically
Step 2: Complete the Signup Flow
Complete the signup in your browser. Select your plan and enter payment.
What happens:
- Creates a Clawctl account (or logs you in)
- Provisions your OpenClaw tenant
- Deploys a secured container
First-time setup takes about 60 seconds while infrastructure provisions.
Step 3: Check Your Status
Open your dashboard at clawctl.com/dashboard. You'll see a status card at the top:
- Agent Running with a green "Online" badge when everything is healthy
- Configuration Required with a "Setup Needed" badge if you still need to add an LLM key
Below that, five stat cards show your current usage: Runs Today, Events Today, Active Agents, Approvals (monthly), and Storage. All will be at zero on a fresh deploy.
If the status shows "Starting Up," wait a moment and hit Refresh. Provisioning usually takes under 60 seconds.
Step 4: Add Your LLM API Key
Your agent is running but needs an LLM key to respond. The dashboard shows a setup wizard automatically:
- Open your dashboard
- Click Configure LLM (or go to Credentials)
- Pick your provider (Anthropic, OpenAI, Gemini, etc.) and paste your API key
Note: Keys are encrypted at rest and injected at runtime. They're never stored in plaintext. After saving, your agent redeploys automatically with the key injected.
Step 5: Test Your Agent
Connect a messaging channel (Telegram, Discord, Slack, or WhatsApp) from the Channels page, then send your agent a message.
Expected result: Your agent responds, confirming the LLM connection is working. You'll see the run and event counts tick up on your dashboard.
Step 6: View Your Audit Logs
Open the Logs tab in your dashboard to view recent activity:
2026-02-03 10:15:23 agent.start Agent main started
2026-02-03 10:15:24 llm.request anthropic/claude-sonnet-4-5
2026-02-03 10:15:26 llm.response 200 OK (1.8s)
2026-02-03 10:15:26 chat.message "Hello, what can you help me with?"
Every action is logged. Searchable. Exportable.
Step 7: Connect a Messaging Channel (Optional)
Connect your agent to Telegram, WhatsApp, or Discord.
Telegram example:
- Create a bot with @BotFather
- Copy the bot token
- Go to Channels in your dashboard and add Telegram with your bot token
What happens:
- Webhook endpoint created
- DM pairing policy enforced
- Messages routed to your agent
Step 8: Explore the Dashboard
Open app.clawctl.com to access:
- Audit logs — Search and export agent activity
- Approvals — Review high-risk actions (Team plan)
- Policies — Configure tool and network policies
- Settings — API keys, channels, integrations
What's Running
Your Clawctl deployment includes:
| Component | Purpose |
|---|---|
| OpenClaw Gateway | Agent runtime |
| Traefik | TLS termination, routing |
| Squid Proxy | Egress filtering |
| PostgreSQL | Audit logs, configuration |
| Redis | Job queue, sessions |
All managed. All secured. All automatic.
Security Controls (Active by Default)
| Control | What It Does |
|---|---|
| Gateway Auth | 256-bit token required for all requests |
| Container Sandbox | Agent isolated in dedicated container |
| Egress Filtering | Only approved domains reachable |
| Audit Logging | Every action recorded |
| Prompt Defense | Injection attacks blocked |
| Session Isolation | Per-user session boundaries |
These controls address the vulnerabilities found in 93.4% of exposed OpenClaw instances (Maor Dayan, January 2026).
Common Next Steps
Add More Agents (Team+ Plans)
Create additional agents from the Agents section in your dashboard.
Export Audit Logs
Export audit logs from the dashboard under Logs → Export. Choose JSON or CSV format.
Configure Auto-Approve Rules
Configure auto-approve rules in the dashboard under Policies. Add allowed actions and paths.
Upgrade Your Plan
Upgrade your plan from the Billing section in your dashboard or visit clawctl.com/checkout.
Troubleshooting
"Authentication failed"
Log out and back in via the dashboard. Make sure you completed the signup flow in your browser.
"Agent not responding"
Check status in the dashboard. Open the Logs tab to review recent activity for errors.
Summary
You just set up OpenClaw with:
- Sign up — clawctl.com/checkout
- Complete signup — Follow the browser flow
- Check status — View your dashboard
- Add API key — Enter in the dashboard setup wizard
- Test — Send a message via the web chat
Total time: Under 5 minutes.
Your agent is running with production security. No nginx. No Docker configs. No security gaps.