Setup OpenClaw Step by Step: From Zero to Running Agent
This tutorial takes you from zero to a running, secured OpenClaw agent.
No prerequisites. No complex configuration. Just follow the steps.
What You'll Have at the End
- A running OpenClaw instance
- Gateway authentication (256-bit token)
- Container sandbox isolation
- Egress filtering
- Audit logging
- Human-in-the-loop approvals (Team plan)
- Prompt injection defense
All secured. All managed. Ready to use.
Step 1: Sign Up via the Web Portal
Open your browser and go to clawctl.com/checkout.
What happens:
- Creates your Clawctl account
- Provisions your secure OpenClaw tenant
- Sets up all infrastructure automatically
Step 2: Complete the Signup Flow
Complete the signup in your browser. Select your plan and enter payment.
What happens:
- Creates a Clawctl account (or logs you in)
- Provisions your OpenClaw tenant
- Deploys a secured container
First-time setup takes about 60 seconds while infrastructure provisions.
Step 3: Check Your Status
Open your dashboard at clawctl.com/dashboard. You'll see:
Gateway Status
────────────────────────────────────────
Status: ● running
URL: https://abc123.tenant.clawctl.com
Plan: Starter ($49/mo)
Security (All Active)
────────────────────────────────────────
✓ Gateway Auth (256-bit token)
✓ Container Sandbox
✓ Egress Filtering
✓ Audit Logging
✓ Prompt Injection Defense
Usage Today
────────────────────────────────────────
Runs: 0 / 100
Events: 0 / 1,000
Your OpenClaw is running. All security controls are active.
Step 4: Add Your LLM API Key
Enter your API key in the dashboard setup wizard:
- Open app.clawctl.com
- Go to Settings → API Keys
- Add your Anthropic or OpenAI key
Note: Keys are encrypted at rest and injected at runtime. They're never stored in plaintext.
Step 5: Test Your Agent
Send a test message via the web chat in the dashboard to verify everything works. Try: "Hello, what can you help me with?"
Expected response: Your agent responds, confirming the LLM connection is working.
Step 6: View Your Audit Logs
Open the Logs tab in your dashboard to view recent activity:
2026-02-03 10:15:23 agent.start Agent main started
2026-02-03 10:15:24 llm.request anthropic/claude-sonnet-4-5
2026-02-03 10:15:26 llm.response 200 OK (1.8s)
2026-02-03 10:15:26 chat.message "Hello, what can you help me with?"
Every action is logged. Searchable. Exportable.
Step 7: Connect a Messaging Channel (Optional)
Connect your agent to Telegram, WhatsApp, or Discord.
Telegram example:
- Create a bot with @BotFather
- Copy the bot token
- Go to Channels in your dashboard and add Telegram with your bot token
What happens:
- Webhook endpoint created
- DM pairing policy enforced
- Messages routed to your agent
Step 8: Explore the Dashboard
Open app.clawctl.com to access:
- Audit logs — Search and export agent activity
- Approvals — Review high-risk actions (Team plan)
- Policies — Configure tool and network policies
- Settings — API keys, channels, integrations
What's Running
Your Clawctl deployment includes:
| Component | Purpose |
|---|---|
| OpenClaw Gateway | Agent runtime |
| Traefik | TLS termination, routing |
| Squid Proxy | Egress filtering |
| PostgreSQL | Audit logs, configuration |
| Redis | Job queue, sessions |
All managed. All secured. All automatic.
Security Controls (Active by Default)
| Control | What It Does |
|---|---|
| Gateway Auth | 256-bit token required for all requests |
| Container Sandbox | Agent isolated in dedicated container |
| Egress Filtering | Only approved domains reachable |
| Audit Logging | Every action recorded |
| Prompt Defense | Injection attacks blocked |
| Session Isolation | Per-user session boundaries |
These controls address the vulnerabilities found in 93.4% of exposed OpenClaw instances (Maor Dayan, January 2026).
Common Next Steps
Add More Agents (Team+ Plans)
Create additional agents from the Agents section in your dashboard.
Export Audit Logs
Export audit logs from the dashboard under Logs → Export. Choose JSON or CSV format.
Configure Auto-Approve Rules
Configure auto-approve rules in the dashboard under Policies. Add allowed actions and paths.
Upgrade Your Plan
Upgrade your plan from the Billing section in your dashboard or visit clawctl.com/checkout.
Troubleshooting
"Authentication failed"
Log out and back in via the dashboard. Make sure you completed the signup flow in your browser.
"Agent not responding"
Check status in the dashboard. Open the Logs tab to review recent activity for errors.
Summary
You just set up OpenClaw with:
- Sign up — clawctl.com/checkout
- Complete signup — Follow the browser flow
- Check status — View your dashboard
- Add API key — Enter in the dashboard setup wizard
- Test — Send a message via the web chat
Total time: Under 5 minutes.
Your agent is running with production security. No nginx. No Docker configs. No security gaps.