OpenClaw's setup is quick. You can go from zero to a working AI agent in about five minutes. But there are a couple of security defaults you should fix right away, and the docs don't emphasize them enough.

You need Node.js 22 or newer. OpenClaw runs on macOS, Linux, and Windows via WSL2. If you're on Windows without WSL2, you'll need to set that up first.

You also need an API key from an LLM provider. I'll use Anthropic as the example since Claude works well with OpenClaw's ReAct loop. Go to console.anthropic.com, then Settings > API Keys, and create one. Note that Anthropic shut down OAuth in January 2026, so API keys are the only auth method for Claude now.

npm install -g openclaw

That's it. Global install. Some people prefer npx, which works too, but the global install gives you the openclaw command everywhere.

Run openclaw and it triggers the onboarding wizard. It walks you through:

Gateway connection. This is how OpenClaw receives messages. You pick a messaging platform (Telegram, Discord, Signal, WhatsApp, Slack) and follow the prompts to connect it. Each platform has its own bot/integration setup. Telegram is the easiest to get going. Signal requires linking a phone number.

LLM configuration. Paste your API key and pick a model. For Anthropic, you'll enter the API key and select which Claude model to use.

Skills. The wizard offers to install a few starter skills. I'd accept the defaults here and add more later from ClawHub once you know what you actually need.

Workspace. Pick a directory where OpenClaw stores its Memory files and skill data. Default is fine for most people.

Here's where the docs fall short.

Canvas Host binding. By default, OpenClaw's Canvas Host (the local web interface) binds to 0.0.0.0, which means it's accessible from your entire network. If you're on shared WiFi or a corporate network, anyone can connect to your agent. This is GitHub Issue #5263 and it's been open for months. Fix it immediately:

Find your OpenClaw config and set the Canvas Host bind address to 127.0.0.1. This restricts it to localhost only.

ClawHub skill auditing. The ClawHub marketplace has over 10,000 skills, and researchers have found over 1,000 malicious ones. Before you install any skill from ClawHub, read its source code. Check what file access it requests, what network calls it makes, and whether the author has other published skills with good reputations. Don't install a skill just because it has a lot of downloads. Some of the malicious ones were popular.

I'll use Telegram as the example since it's the fastest.

If everything is wired up, you'll get a response from your LLM through OpenClaw. Try something simple like "what time is it" to verify the full chain works.

Install skills as you find specific needs. The built-in skills handle basic file operations, web browsing, and shell commands. ClawHub has specialized ones for Jira, GitHub, databases, calendar apps, and pretty much anything else. Just audit before you install.

If you're going to run this long-term or in any professional context, read my post on OpenClaw security concerns. There are real risks with the default configuration that go beyond what I covered here.