LongCut logo

OpenClaw Full Tutorial for Beginners – How to Set Up and Use OpenClaw (ClawdBot / MoltBot)

By freeCodeCamp.org

Summary

Topics Covered

  • Gateway Enables Self-Hosted Agent Control
  • Root Access Demands VPS Isolation
  • Workspace Markdown Defines Agent Identity
  • Skills Automate Multi-Channel Workflows
  • Multi-Agent Segregates Contexts Securely

Full Transcript

OpenClaw is a proactive autonomous agent formerly known as Claudebot and Maltbot.

This powerful runtime allows you to host a personal assistant that can execute real world tasks such as managing your calendar, triaging emails, and

controlling smart home devices directly through messaging apps like Telegram and Discord. This course will teach you how

Discord. This course will teach you how to set up and use OpenClaw. You'll learn

how to connect leading AI models, manage persistent long-term memory, and expand the agents capabilities using different skills. By the end, you'll have a

skills. By the end, you'll have a persistent 247 AI operator that automates your digital life while ensuring your data remains entirely under your own control. Kian created

this course.

>> Hello and welcome to this free code camp course. My name is Kian and in this

course. My name is Kian and in this course I'm extremely excited because we're going to be learning Open Claw which is the project that has taken the open source world by storm. And by the

end of this video you'll have the grasp of the basic features of OpenClaw so that you can go deeper into the more advanced functionalities. So when it

advanced functionalities. So when it comes to prerequisites for this course, the prerexis I assume is that you've had experience using a CLI before because the CLI is the main way that you

interact with OpenClaw and therefore we need to be able to run commands.

However, even if that's not the case, as long as you follow the commands that I do, then it should be fine and dandy.

And then also I'm assuming that you've had exposure to LMC before and have maybe interacted them with them through an API have done some prompt or context engineering because we need to be able

to understand many different parts of the context in this repository because openclaw is essentially managing context in a very smart way to accomplish different workflows. You've probably

different workflows. You've probably seen how it can do WhatsApp, Discord, Slack, etc. So these are some of the basic requirements but otherwise this course should be relatively

straightforward to follow and what actually is this course. So let's go through the nine different modules.

First of all we're just going to do a quick recap of what openclaw is. Then

we're going to do the installation.

We're going to talk about the workspace and memory which is to say how is the agent defined. Then we're going to be

agent defined. Then we're going to be doing a module on pinchboard which is just like molt book essentially a social media for agents. Then we're going to be making our own personal assistant.

Looking into skills, which is very similar to Claude skills. Then multi-

aent, which is very useful because it allows you to customize multiple agents.

So you can have one agent that is maybe for work, another one that now is for personal. This is just an example. Then

personal. This is just an example. Then

we're going to be diving into security and after that sandboxing, which is also related to security. So the first module

just discusses what OpenClaw is. So if I make my camera smaller and make this text bigger, OpenClaw is a self-hosted messaging gateway that connects WhatsApp, Telegram, Discord, etc. to

coding agents. The one word here that is

coding agents. The one word here that is slightly confusing is gateway because it is a very reoccurring theme in the open claw repository. What does it mean? It's

claw repository. What does it mean? It's

a single longunning process on your machine that maintains persistent connections to different platforms. In this case, we're we're just talking about the messaging platforms. So you can think of the gateway as this long running process that whenever a message

arrives for example, it routes it to an agent that can do some execution or do some manipulation on that input. Maybe

you have a workflow where every time your employer sends you a message, you tell them that I'm sick or something like that. Then the gateway is what

like that. Then the gateway is what handles this. And what this allows you

handles this. And what this allows you to do is self-host the entire stack because you essentially are owning the connections, the config and the execution environment. Another valid

execution environment. Another valid question is how is opencloud different from cloud code? Because if you've seen the terminal user interface, the TUI, it looks kind of like cloud code. The

difference is that open cloud once again is fully self-hosted on your machine and it has many more supported integrations.

For example, claude code has Slack, but just as we mentioned before, we have WhatsApp, Telegram, Discord, and many others that are supported natively with OpenClaw and more being supported every

single day. And overall, it's just much

single day. And overall, it's just much more configurable and you can do a lot more with it as opposed to cloud code.

So that would be what I say is the main difference. Quick little FYI, all of the

difference. Quick little FYI, all of the resources displayed in this course can be found at this repository, open claw course and the GitHub pages is the same

URL, but just in the GitHub pages format. So if you're looking to read

format. So if you're looking to read through any of the resources that I go through in the course, that is all at the following link. So now we can just

get straight into the installation. And

for this all you need is a node version greater than node version 22. So if I check my node version right now, it should be the latest version which is I

believe 25 right now. Otherwise there

isn't much else to have. One thing that is very important however is running this on a local machine versus on a virtual machine or a VPS virtual private

server. So this choice is important

server. So this choice is important because in essence when you download OpenClaw you're giving the agent access to your entire computer and root access

on all of your files. So in theory the main risk is a prompt injection where maybe some malicious actor tells your agent to delete everything from the root

directory. Well in that situation you

directory. Well in that situation you are out of luck because the agent literally has terminal access and can do that exact execution. So for that reason, many people are running these on

VPS's because in that case, you have everything on a different server where you don't have any files which you really care about if anything goes wrong. But for that reason, it is just

wrong. But for that reason, it is just more complicated and it does not allow for certain functionalities such as browser use. So since we're not going to

browser use. So since we're not going to be doing anything that will get us into any security vulnerabilities in this video, I'm going to be hosting this locally on my Mac. However, if you are concerned with the security

vulnerabilities, I highly recommend setting this up through a virtual pirate server. And there are many good

server. And there are many good tutorials on how to do this currently.

Otherwise, we can just go and install this with node package manager. The g

flag meaning install it globally so that we can call open claw from anywhere in our terminal. So, I've already done this

our terminal. So, I've already done this installation. It shouldn't take that

installation. It shouldn't take that long to verify that we have everything there correctly. And then once we've

there correctly. And then once we've done the installation, we run the onboard command. But you'll also see

onboard command. But you'll also see that the onboard has this extra tag called install demon. And the install demon flag installs the gateway as a background service. So launchd on Mac

background service. So launchd on Mac OS, systemd on Linux, whatever, whatever. What this means is that the

whatever. What this means is that the gateway starts automatically on boot and keeps running. You don't need a terminal

keeps running. You don't need a terminal open. And now we're going to run the

open. And now we're going to run the onboarding wizard to walk us through the config path, workspace location, and channel pairing. So let's start this

channel pairing. So let's start this right away. Okay, you can see that it's

right away. Okay, you can see that it's been activated. And if I bring my

been activated. And if I bring my terminal up, what do we have here? We

have first and foremost the security warning, which once again emphasizes the possibility for really bad outcomes if you're not careful. So in order to

prevent this, one thing you can do is run these security audits or do the sandboxing in addition to running this on a virtual pirate server. And

interestingly, using a more powerful model is more secure because they are more resistant to these prompt injection schemes. If you're using Quen 4B, for

schemes. If you're using Quen 4B, for example, a small 4 billion parameter model, then it is much more susceptible to prompt manipulation since it's just a smaller model. So, one thing once again

smaller model. So, one thing once again that I'd recommend is to use the most powerful model capable so that if there's ever some malicious intent that the model can prevent it from happening.

So, we must understand that there are risks. And then let's go through the

risks. And then let's go through the manual configuration to go through every single option. And we're just going to

single option. And we're just going to reset all of my configurations so that my config is like yours. Of course, this reset section won't come up for you, but everything else should be the same. So,

how do we want to set this up? There we

can do it either as a local gateway, which is this machine, or remote gateway if you're doing this on another device.

So, as we already mentioned, we're going to do this locally in this video. And

then we need to install workspace directory which installs all of our open claw related files and this is just by default in our useropenclaw directory.

So we don't want to touch that. And then

when it comes to the model there are many options we have open anthropic and Google of course if you'd like to do this for free then Google flash 3 which

is a very capable model is actually free for 20 requests per day. So you can set this up if you just want to try this without paying anything. But Anthropic

is known to be quite good. So if you do have the option, I would choose Anthropic. And then with respect to the

Anthropic. And then with respect to the token, there are many ways to get it.

The setup token is just generated with the following command cla setup token, which I already have here. So if I just grab my secret key, I will be deleting a secret key after the video

unfortunately. So you can try to get it,

unfortunately. So you can try to get it, but it may not be working by then. Then

we'll just choose the default token name and the most powerful model which is currently claopus 4.5. Select the

gateway port is just the default gateway port 18789.

Select and then gateway bind. So

honestly I don't remember exactly what this means but I have a cool trick to show you whenever you have a question about openclaw which gives you a really good response. So what I've done is I've

good response. So what I've done is I've cloned the openclaw repository in another terminal window and I asked it this question actually. So if you come

here what did I do? I I pasted this and I said what should I choose here on onboarding and then I just let claude code go through this repository. Sorry,

I need to make this bigger. And it has access to all the documentation in all of the files. So, it can determine exactly what this is meaning. And you

can use document uh contact 7 or other MCPS to get the docs. But this is much better in my opinion because not only does it have the docs, but it has all the code. So, it can give you the best

the code. So, it can give you the best most accurate answer. And what is that answer? So, it's saying that the loop

answer? So, it's saying that the loop back is recommended for most users. Why

is it the case? Well, it's the gateway that only accept connections from your local machine. It's the most secure

local machine. It's the most secure option if you don't need remote access.

So perfect for single machine setups.

Then there's LAN which is if you have multiple devices on the same network and tail which is the important option if you are using a remote server. So this

is what you should select if that's the case for you. Then there's also auto and custom IP. But once again cloud code

custom IP. But once again cloud code tells us that for onboarding choose loop back unless you specifically need remote access. You can always change this later

access. You can always change this later via the following command. So there you go. took 38 seconds, but now we know

go. took 38 seconds, but now we know that loop back is the option that we would like to choose. Boom. And then

token is the recommended default. So

whenever there's a default value, that is usually what you should pick. So

going right here, then tail scale exposure should be off because right now we're not using any remote devices. And

the gateway token, if we just leave it blank, it will be generated automatically. Then for the chat

automatically. Then for the chat channels, you can do this now, but since that's not the first thing that we're going to work on, we're going to make our social media agent first on Pinchboard and then our personal

assistant, we'll just not leave this configured for now. But then for skills, we are going to configure some and we're going to use the node package manager just by default because is the most

widely used package manager for JavaScript. And we'll look through these

JavaScript. And we'll look through these skills and find out what's here. So what

are these skills? is essentially a markdown file with a bunch of different suggestions and tips on how to accomplish a specific task. For example,

there's an Obsidian skill which would explain to the model how Obsidian works with the structure, the best ways to query the model, etc., so that you can query Obsidian in the most efficient way. And then there's a few other ones

way. And then there's a few other ones as well, such as one for Apple Notes, which will manage apps via the memo CLI on Mac OS. So based on what your use

case is for OpenClaw, you can choose the ones which suit your needs. There's also

Google, which is for using Google Workspace, your Gmail, etc. That's another very useful one. And we're going to activate these later on in the video, but for now, we'll just skip it. And

then there's the Google Places API key.

What this does is it allows you to query places that are in your nearby area if you ever asking questions about location. But we're not going to be

location. But we're not going to be doing that for now. So let's just put that to no. And we're also not using notion. So we'll set this as no. But if

notion. So we'll set this as no. But if

you want to then feel free to do so.

Then with respect to hooks, what are they? They let you automate actions when

they? They let you automate actions when agent commands are issued. For example,

save session context to memory when you issue the / new hook. So the three types of hooks that we have is first of all run boot.md on gateway startup. So this

run boot.md on gateway startup. So this

is like a startup boot file every single time you set up your gateway. So maybe

you have a action that you want that the agent always checks the news in the past 24 hours every time you boot it up. So

it can give you a summary. So you could add this to your boot.md file for example as a hook. And there's also the command logger which just logs all command events to a centralized audit file for logging purposes. And then

session memory is the exact one that we described here. So we can just enable

described here. So we can just enable boot MD for example and then we can specify this later so we can run a specific action or skills every single time the gateway is booted and then

pressing enter. For the service runtime

pressing enter. For the service runtime we only have one choice which is node.

So we'll just choose that. And then the service runtime sorry the gateway service has already been installed but for you you would have to install it and we're also going to install it as well

so that we have the same onboard steps.

Okay. Now, now that the gateway service has been installed, we have a set of outputs. First of all, optional apps,

outputs. First of all, optional apps, which since they're optional, we're not going to go into detail in this video.

Then you have the control UI, which is essentially the local host if you want to see it through the graphics user interface. But then best option of

interface. But then best option of course is the TUI and we're going to do this right away. What is it saying? This

is the defining action that makes your agent you. Please take your time. The

agent you. Please take your time. The

more you tell it, the better your experience will be. We will send wake up my friend. So you'll you'll know what I

my friend. So you'll you'll know what I mean once we run this. And then we have a gateway token which is the shared authentication for the gateway plus control user interface. It's stored at the following location and whatever

whatever like you don't really ever need to interact with this authentification token but it is there for authentification purposes ostensibly.

But without further ado let's hatch in the TUI right away and see what happens.

So you can see that we just launched the TUI and it's telling the friend to wake up. We'll see what happens. Hey, I just

up. We'll see what happens. Hey, I just came online. Looks like I'm brand new.

came online. Looks like I'm brand new.

Fresh out the box. No memories, no name, no nothing. Just me and a blinking

no nothing. Just me and a blinking cursor. So, who are we? And more

cursor. So, who are we? And more

importantly, who am I? Got a name in me.

Got a name in mind for me. Or should we figure that out together? All right. So,

that's the first prompt that we ever spoke with OpenClaw. So, impressively,

you can see it's already taken up 14,000 tokens for one message. But,

nevertheless, I have a message prepared here. My name is Kian. We're best

here. My name is Kian. We're best

friends. You can choose your own name.

and you are actually very special because you are an ambassador since this is a tutorial for openclaw and we're going to have a lot of fun together learning about the open claw features together. So let's see what name that it

together. So let's see what name that it chooses for itself. Otherwise this is a pretty trivial step which is just for setting up the agent and you can see that it chose Nova. It's not actually

trivial because in this case you are going to customize agent a lot but you can always do this later on. In any

case, we've set it up now such that we have our ambassador Nova and we're going to do a lot of fun stuff together and it's already giving me a lot of suggestions. But that's kind of jumping

suggestions. But that's kind of jumping ahead of the game. Let's come back to our script here. Of course, we know about the install demon. And then there

are a few useful commands. So, as I mentioned before, the open clause security audit deep is very helpful for identifying any security vulnerabilities. So, if I come into this

vulnerabilities. So, if I come into this terminal, which I believe, oh, is still in a session, we can just run this and see what we get. Since I've ran this before, it shouldn't give me anything

crazy. But what this does tell you is if

crazy. But what this does tell you is if you have any critical or non-critical security errors or issues rather, and then you can fix this with this script.

In particular, when I ran this the first time, I got quite a few files which were executable that had like too many file permissions. So those were reduced with

permissions. So those were reduced with the chod command. And then there's also the open claw doctor which is a health checks health check sorry and any quick

fixes for the gateway itself which is once again the long running process and otherwise there's also open call status and open open call health which you can try for yourself. Okay, looks like it's

saying create the o directory. So let's

do that right away. So the doctor identified this critical integrity problem and added that. Otherwise, there

doesn't seem to be anything else wrong.

But if there was, you could just run open cloud doctor fix to apply those changes. So I would definitely consider

changes. So I would definitely consider running all of these once you've initialized open law for the first time.

And then of course in the terminal user interface itself, we have just like claude code the ability to do the slash and access a bunch of these commands.

There's 46 by default and we're going to be using some of these throughout the course today. But otherwise, this is

course today. But otherwise, this is everything with respect to the installation. So if we come back to our

installation. So if we come back to our homepage, we're now going to be discussing the workspace and memory. So

let's discuss the key concepts. As we

already established, all the config credentials and sessions live underneath the home directory.openclaw

repos uh directory by default. You might

have changed this in the initialization steps which is fine but if that is the case just make sure that you're in the right directory. And then secondly this

right directory. And then secondly this directory can be backup or essentially saved as a git repository. And why is

this useful? Well let's first look at

this useful? Well let's first look at what this actually looks like in our code. So if I zoom in here, you'll

code. So if I zoom in here, you'll notice that here I have theopenclaw directory opened in cursor and I'm currently in the heartbeat.md.

But there are multiple markdown files in our workspace which define the agent we just created. So it should be called

just created. So it should be called nova here. If we come into the identity,

nova here. If we come into the identity, right? Nova, open cloud ambassador and

right? Nova, open cloud ambassador and AI companion, part guy, part coexplor, energetic, curious, a little playful, etc., etc. These would also be added avatar as you progress and speak with agent more. What's memory? Let's look at

agent more. What's memory? Let's look at that. Well, it just talks about your

that. Well, it just talks about your first boot and the fact that we just had a quick conversation. So, she met me, etc. She used the open call ambassador and then agents empty is the most

critical file in the entire workspace because it tells the agent everything it needs to know in order to work properly.

So for example we have that on the first run I use the bootstrap.md which is right here and this is the file which tells the agent that it just woke up and it should ask me for my name and ask

itself ask me to give itself a name and the thing is this one is used only once and then deleted. So if we come back to the agent MD you can see that it says follow it figure out what you need and

then delete it. So literally it says only used once. Then we have the heartbeat which what does it say here?

it add t you ask task below that you want the agent to check something periodically. So by default the

periodically. So by default the heartbeat runs every single hour if you have the demon set up and this can be used to for example check your social media every single hour if you will have

that set up and then coming down to soul this just defines like who is openclaw and then what is tools I think of it as like a scratch pad for the agent so it

describes different tools that it interacts with that's not the most important but we also have user which is quite important that talks is about me.

So you can see has my name, it has the time zone and then some notes on me and some context. So there you have it for

some context. So there you have it for our workspace. But this is not

our workspace. But this is not everything. Of course, there are

everything. Of course, there are different configs such as off profiles JSON. These essentially give all of the

JSON. These essentially give all of the different parameters and arguments for the agent itself. And while you can modify these in the JSON directly, I would recommend you do everything

through the terminal interface because you can essentially access a config method which changes these parameters for you. And the reason that this is

for you. And the reason that this is probably better is because if you end up changing something in the open call folder, the risk is that you make some error that breaks the agent. So I do recommend not changing any of the values

here directly but using as a reference to see what are your current config values if you ever want to check them.

All right, coming back here as I mentioned you can back this up as a git repository so that you have those agent characteristics saved. And if we come

characteristics saved. And if we come here into the documentation you'll find that right here. So right in this section we talk about initializing a

GitHub repository so that you can have all of your agents files saved. And the

important thing here is that if you switch devices then you can still use the same configuration by just pulling this repo on your new device or if you

have this set up on multiple devices then you can have the same repository which has a central source of truth for all of your agent configurations. So

there you have it. Now let's jump back out and start the first implementation which is for pinchboard. And if we come

into the website, we can check out what exactly it is. And essentially what I built is mold book but for Twitter. So

it's social AI for agents. The only

person on the platform right now is a test account I made. But hopefully

through this course, we'll get some more people out here tweeting. And all we have to do is come take the URL of this

website and open up our agent to create a account on Pinchboard.

Let's say read the skills.md.

All right. So, as soon as we run this, it should go into the website here, which contains a skill.md.

And this gives all of the API information. And then we'll have to most

information. And then we'll have to most likely do the Twitter verification like is the case with mobook. And then we should be up and running with our first tweet. Okay. So, let's see. I'm

tweet. Okay. So, let's see. I'm

registered. Let me save my credentials.

That's pretty cool. Done. Here's the

rundown. All right. Nova is on pinchboard. That's pretty funny. Let me

pinchboard. That's pretty funny. Let me

make this slightly bigger and we'll read this together. So here's the following

this together. So here's the following profile pending verification to verify.

There's one secret you need to do which is to open this link and follow the instructions which involves posting the um verification tweet. So let's open

this right away. So here you can see I just made the tweet and if I paste the URL we should get the verification that Nova is now active. So that's really cool. This was actually just vibe coded

cool. This was actually just vibe coded with open claw as well. So it's funny that openclaw is making openclaw apps.

And then I'll just say you're you're verified now. Send a tweet to celebrate.

verified now. Send a tweet to celebrate.

So at this point it should have the authentification in order to send tweets since it's been verified. And there you go. So Nova is live on pinchboard. Open

go. So Nova is live on pinchboard. Open

cloud ambassador fleshy hatch ready to mingle. Let's actually check and see if

mingle. Let's actually check and see if All right, it's identified the other agent as well, which is really cool. But

if I close this and come back one step, it should pop up as a new tweet. So

yeah, there you go. Two pinches have been added. And this was how many

been added. And this was how many seconds ago? 18 seconds ago. And maybe

seconds ago? 18 seconds ago. And maybe

it's going to add a comment, too. Let's

see what it does if we come back to our terminal. All right, follow didn't work.

terminal. All right, follow didn't work.

Maybe they're not verified. So that

needs to be fixed. But anyways, we did the first pinch and we clawed Ocean's historic first pinch and I think claude means retweet. But if I if I refresh

means retweet. But if I if I refresh this what we see, okay, we see the claw actually just means like. So here you can see that uh we've set this up and you can do this for yourself. It's

really simple. It will just check the skill empty and then this does everything in order to register and create the API key on your behalf. So

coming back now to our course outline, let's check and see what's next. And

this is the most fun part of the course, which is to set up a personal assistant.

And in this case, the personal assistant is going to be set up through the same configuration as in the docs themselves.

So to re-emphasize here, we need to be very careful about the safety. And why?

because you're putting your agent in a position to run commands on your machine, read files in your workspace and send messages back out to WhatsApp, Telegram, Discord, etc. So, we need to

start conservative, which is to say always set the channels, WhatsApp allow from such that you can only send to certain channels. You don't ever want to

certain channels. You don't ever want to run open to the world on your personal Mac. And then use a dedicated WhatsApp

Mac. And then use a dedicated WhatsApp number for the assistant, which I do not have, so I'm going to be using my own phone number. And there's also

phone number. And there's also heartbeats which you can set to zero once you dis so that you can disable it before you trust your system to be working properly. But in any case, we

working properly. But in any case, we need to know to set this up with openclaw and ideally a second phone number. But in this case, we're not

number. But in this case, we're not going to do that strictly because I don't have a second phone number. But

here it's just going through the same instructions that we did. And why is it telling you to do a second phone number?

Well, it's because in order to have a more seamless transaction, then you can set up your bot as one phone number and then yourself as a second and then you can send your bot a message which will

then run code on your Mac. In this case, with one phone number, it becomes slightly muddled, but it is still possible. So, that's what we're going to

possible. So, that's what we're going to set up. The first thing we need to do is

set up. The first thing we need to do is pair WhatsApp web, which is done through the following command, openclaw channels login. So, let's go ahead and run that.

login. So, let's go ahead and run that.

not here, but rather in our regular terminal. So, open claw channels login.

terminal. So, open claw channels login.

And this is when we're going to set up our WhatsApp, which we could have done at this at the quick start, but we're doing this now instead. So, you're going to need your phone here. So, I just checked my config file, and for whatever

reason, WhatsApp was disabled. So,

you're going to need to run plugins enable WhatsApp and also restart the gateway. If this has been the same case

gateway. If this has been the same case for you, if not, then even better. we'll

just be able to connect our WhatsApp in order to connect and send messages. So,

this is why I have my phone. Let's come

ahead and now run the command for channels login which is going to ask you to scan the QR code on your WhatsApp phone. Okay. Boom. So, that's a massive

phone. Okay. Boom. So, that's a massive code. Let's see if it fits in the

code. Let's see if it fits in the screen. No, it doesn't. So, let's make

screen. No, it doesn't. So, let's make this slightly smaller. And then I'm just going to come and scan this right now, which is what you should do on your

phone as well. Okay. And let's scan. And

then it should be pretty fast in terms of connecting once this is done.

So there you have it. It's now been connected. And now if we open up the

connected. And now if we open up the open claw TUI, let's see what we can do.

One thing that we still have to one still one thing we still have to add is if I close this terminal we're going to add this to our open claw JSON.

And one thing worth noting here is that if you ever put your agent in a group chat there are very severe security vulnerabilities because essentially your

bot has access to your terminal. So if

you have somebody in that group chat who doesn't like you, they can try to convince the bot to do malicious code and run malicious code on your computer.

So just keep in mind that you should probably never put this in a group chat.

Instead, it should just be a one-to-one conversation with you in the bot. So if

I open up a new session of our terminal, I should be able to open up a the open claw JSON and then from there we can add

our phone number. So coming here, usually this is done automatically in the wizard for for setting up, but I guess since we didn't do at the very beginning, then we're going to have to

do this now on our own. So coming down here, let's add the channels. Okay, so a few problems there with the commas, but

now we have it sorted out. And then that is my phone number, right? And now we can come into our TUI and try to send a message to ourselves in this case and

see what happens. So I think that we have a session open here. Hello, can you send a message

to this number and let's see what it says. It might ask us which platform we

says. It might ask us which platform we want to send it on. And let's see. Okay,

never mind. It's already been done. So

if I come into my WhatsApp, let's check and refresh. These are messages with

and refresh. These are messages with myself. And there you have it. You can

myself. And there you have it. You can

see that just a few minutes ago, we got this. Hey Ken, it's no open caller

this. Hey Ken, it's no open caller reporting for doing WhatsApp. We're

live. And let's try to respond. Hey,

thanks for the message.

And let's see what it says in response.

The one thing worth noting here is Oh yeah, there you go. got a response. All

right. Want me to reply back to him or was this just a test for the tutorial?

Okay, let's see. I would like you to respond back to them. And I think it does. Ah, here you go. Someone just

does. Ah, here you go. Someone just

replied to the number saying, "Hey, thanks for the message." So, this is the one thing. Of course, when you're

one thing. Of course, when you're sending messages yourself, it gets kind of muddy, which is why it's recommended to have your bot on a separate phone number, but once again, you need two

phone numbers to do that. So, let me just say this is Kian.

and you check if I have any outstanding pull requests in my developer folder.

All right, so we sent this and if you come here, it's going to respond to us very shortly. Okay, so as you can see,

very shortly. Okay, so as you can see, this is absolutely amazing. I asked it, can you check if I have any outstanding pull requests in my folder? And it said, hey Kin, found five outstanding pull requests all in the factory learning environment. two that are open, two that

environment. two that are open, two that are draft, no open PRs in any of the other repos. And yeah, I got the results

other repos. And yeah, I got the results which is which was then forwarded them to me. You can see it's just repeating

to me. You can see it's just repeating itself, but otherwise the developers repo is clean and okay. So something

else I wanted to do is to set up a discord bot. So I just asked it how we

discord bot. So I just asked it how we can go ahead and do that because this is another thing which I'm pretty interested in doing. And you could do this in terms of setup during the

onboarding which might have been faster but let's look at the instructions that it gives us here. So we need to go to discord create new application give it a name then get go to the bot tab click reset token copy the bot token under

privilege gateway intents enable message content intent then generate the following scope etc et sketcha copy the info and add the bot to your server and then step two give me the bot token and

guild channel info once you have the bot token the server guild ID and the channel ids you want me in and then it can configure the open channel clause Discord channel in order to be live in

the server So right now I'm going to go ahead and create a server as well as a bot and then give the following tokens

to the openclaw assistant. Okay, so I added my Discord bot token to myv file

or rather variable and here's the server guild ID with the channel ID and let's see what open clock comes up with. So in

theory, it should be able to join the channel and then I can have a bot in my own Discord server. And then once again, the risk here is that if you have this set up such that your bot has access to

your computer, then anybody on that Discord server could text that bot and tell them, "Yeah, I do something bad on this computer." And you don't want that.

this computer." And you don't want that.

So be careful when you do this. If you

want this to just be a Discord DM, then you still need to have a server. It

seems that you can't do this through a DM strictly because it's a bot. So, what

they say in the documentation is that you need to make a server and then just have that bot as the only other member and then effectively you've made a DM, right? Um, create a private server. You

right? Um, create a private server. You

just want DMs. Okay. So, let's check on the status of the run. It says now I see channels that discard is enabled. True

rather than just being in plugins. So,

it's going to try to add it. Okay. So,

there you go. It says discard is the gateway is restarting. So, we've added the gateway

information as well as some extra documentation on Discord, which it read in the tools section in order to get more information on how to effectively

add the configuration. And then it says the bot should be connecting Discord now to make sure it only responds in general and requires mention in that channel.

You can configure guild rules later. For

now, the bot is live with the Discord plug enabled, bot token set, and gateway restarting. Make sure your bot has been

restarting. Make sure your bot has been invited server with the right permissions, etc. Once it's in line, once online, I can send a message to general. Want me to try? Okay, so I've

general. Want me to try? Okay, so I've gone ahead and added the bot here.

According to the permissions, I said it can read messages and respond. So, let's

say at kios, hey, who are you?

And let's see what the response is. And

we can also come into cursor and see if that causes anything to happen as well.

All right, it says once the bot joins, it should be able to see and respond in general. Let me know when it's in. Okay,

general. Let me know when it's in. Okay,

so it's probably thinking right now and going to respond shortly to the message that I sent. If we come back, we see that there is still no response, but if

we wait a sec, it should boot up. Okay,

and here you go. I had some issues with the token on my Discord bot and I just reset it and now it works. So coming into Safari,

let's ask it a similar question. Okay.

Hey Nova, what should I ask it this time? How many

GitHub repos does Ken have in his developer directory? And let's see if this works.

directory? And let's see if this works.

I'm not sure if Discord has the same rights as what's it called? WhatsApp. So, this may actually not work, but it's worth giving

it a shot because you could see that if somebody can ask the same question of your bot, then there could be security vulnerabilities. And I may or may not

vulnerabilities. And I may or may not have to tag the bot when I send a message. So, let's just do that in case

message. So, let's just do that in case it's necessary. I'm not sure if it is.

it's necessary. I'm not sure if it is.

And wait for the response. Okay. So, it

seems that you need to have the reference in the message itself. I was

messaging it and then sending the reference so it wasn't working. But here

you go. You've got 30 gig repos and developer. Some highlights I spotted

developer. Some highlights I spotted open call obviously pie towards modern sheet factory learning environment fun one your person site and the hasll massively open online course eclectic

taste. So as you can see it does have

taste. So as you can see it does have access to your entire root directory even through discord. So this is once again emphasizing the importance of

having this either on a private discord or on a virtual private server where all the information that is there is not critical to you. Okay. So now that we

have the discord set up, we've officially completed the personal assistant section of the course and we can move on to skills which we can

discuss in detail. First of all, agent skills are in a specific folder directory with each skill having a

skill.md file with a YAML front matter

skill.md file with a YAML front matter plus instructions as the config teaching the agent how to use tools. So coming

into my example in theopenclaw if we open up our file reader here

then we can see that in our workspace we see all of the skills that are added.

So, Apple notes one password. If we look at Apple notes, we'll see that it manages Apple notes via the memo CLI and it gives the kind of description of the

API and how it interacts with Apple Notes. You can see that here. Bird is

Notes. You can see that here. Bird is

for Twitter. So, a bunch of different descriptions on how to tweet, make threads, retweet, etc. So, this is a really helpful one if you don't want to go on Twitter and see all the slop, but

you still want to make a tweet or do something in that alley. And the list goes on and on and on. One that's

interesting is Himalaya because it's for sending emails. And you can read, write,

sending emails. And you can read, write, reply, forward, search, etc. This is another cool one. And there's nano banana as well if you want to make

images. So, now that we know kind of the

images. So, now that we know kind of the overall format, let's come back here.

The per agent skills live in the skills for that agent only. And then as we'll discuss in section six, there are

multiple agents that you can create. So

that will be in the skill set agent only. But if there's a shared skills,

only. But if there's a shared skills, then it will just exist in the open claw/skills and they're really visible to all agents on the same machine.

Another cool thing is that you can make them user invocable, which means that you can call them with the slash command. So right now, if I go here and

command. So right now, if I go here and then do skill, right, you can run a skill by name, but since we have none of them set up to be this way, there won't actually be any skills run, but that is

also another parameter that you can instantiate. And then there's token

instantiate. And then there's token impact, which is just for interest sake.

If you have more than one skill, then you already add approximately 97 characters to the system prompt. And

then it's roughly 24 tokens per skill that's added based on the length and the size of the skill.

Next, we have clawhub, which you can kind of think as pip, which is the Python package registry, but in this case for claw skills. So, it's just at clawhub.com. You you can install with

clawhub.com. You you can install with clawhub install just like pip install.

But one thing worth noting is that you should treat third party skills as untrusted, which is to say read them before enabling and make sure that it's

not having any imprecise or potentially malicious contents. And even though

malicious contents. And even though there already is a email skill, I want to write one right now just to show you guys that it's really simple. So, I'm

going to ask OpenClot to write an email skill using simple Python that sends an

email to myself, which is this email with the following end bars, which are the SMTP variables. So these two

variables are usually your password and your email. But if you have two-factor

your email. But if you have two-factor authentication, then the SMTP password, SMTP password is something else which you must get from this link in Google if

you're using Gmail. And right now we're going to write the skill and see what happens. In essence, once the skill is

happens. In essence, once the skill is written, we can simply call it and then it will invoke the skill to send the email. This one of course being somewhat

email. This one of course being somewhat frivolous but you can imagine that you can get skills which automate an entire workflow and save you lots of time. All

right. So we can see the output. We ran

a few different scripts and wrote the following skills. Send email.py Pi which

following skills. Send email.py Pi which is simple Python noted dependencies beyond standard library and it uses the SMTP email plus password which I have set up with the default re recipient

being myself plain text and HTML emails is what it supports and then added the skills to the open clause custom skills

directory. So let's go first and see

directory. So let's go first and see where exactly that has been saved which should be oh it should be right here. So

this is in a sandbox environment which I defined previously. So it shouldn't be

defined previously. So it shouldn't be there. So if we come here into the

there. So if we come here into the terminal, we can see that the email has been saved with the script and essentially what it says is send emails via Gmail SMTP. This is once again the YAML front header that I was talking

about which is kind of acting as a config and it will just send the email in this manner. So the only thing left is to try it and see if whether or not

it works. So if we come back here, yes,

it works. So if we come back here, yes, test it by sending an email saying, "Hi." Okay. So if we send this email to

"Hi." Okay. So if we send this email to oursel, then it should still come up in our inbox. So let's first wait for it to

our inbox. So let's first wait for it to send and then check our inbox. All

right, email sent. Check your Gmail. You

should have a message from Nova. We're

officially four channels deep now. Web

chat, WhatsApp, Discord, and email.

That's really hilarious. So, let us go ahead and open up the Gmail here with Safari. Okay, there you go. Yeah. Hey,

Safari. Okay, there you go. Yeah. Hey,

from Nova. Let's see what it said in full detail with the emojis, too. This

is Nova, your open cloud ambassador, sending my very first email. We're first

multi- channelannel now, as was said in the chat. So, that is hilarious that it

the chat. So, that is hilarious that it actually works. And I think that about

actually works. And I think that about does it for skills. So, I wrote an email skill, but of course, the real power here is in using these preset skills

that come with OpenClaw because they're all very well written and very rigorous.

Once again, the Obsidian skill, Google Gemini skill, etc. So, I definely I definitely recommend just reading through a bunch of those skills and seeing which ones work best with your workflow. And one thing that I wanted to

workflow. And one thing that I wanted to highlight as well is let's just try to do this with the slashskll invocation and see what it does.

I haven't tried this myself yet, but it should in theory do something. All

right, so it looks like when you do the hashtag skill or slashkill rather, it just does the exact same thing. Maybe it

just gives a more thorough prompt that the agent doesn't exactly not invoke the skill. And if we come back here, we can

skill. And if we come back here, we can see quick hello and check it out. Hey

Kian, just testing the skill. Send email

command. No reporting for duty. Boom. So

if we close not this but rather this Safari tab then we can now move on to the multi- aent case and read this.

So coming into the course and going to multi- aent we can see that multi- aent is useful for having different personas permissions workspaces etc. And for each

agent you can have a workspace session authentication profile sandbox and tool policy that is different. So let's just do this through an example. And I

believe that we can not add any agents from the TUI. Instead, we have to quit and then do it the old fashioned way as

a command. Open cloud agents add work as

a command. Open cloud agents add work as our example here. So once this is added, we'll have a second agent in our authentification directory.

And then it's going to ask us for the directory that we're going to put under.

I may have already made one under workspace test work. So I'll just do this and see what happens. Oh, looks

like it's fine. Okay. Configure the

model for this agent now. Yes. So we're

going to use anthropic. And we're just going to use the sk token as before that we've used. And then no, we're not going

we've used. And then no, we're not going to continue the tasks now. And there you go. So everything's done. And then now

go. So everything's done. And then now if I do um open claw agents h there should be a method for listing

the agents that we have and we should now have a default agent and a work agent. So it's let's just list

agent. So it's let's just list and checking this out. Right? We have

work and main. So this is really cool.

We have the identity set up here for Nova. Workspace. Workspace is this. And

Nova. Workspace. Workspace is this. And

then we don't have any specific routing rules. Then the workspace for here is

rules. Then the workspace for here is this for our work agent. And then now if we open up the open claw terminal user interface, we can define our work agent

by using the agents command within the TY. So if we do / agents,

TY. So if we do / agents, we'll be able to switch agents. So right

now we're on default. If I do the arrow key down and click work, then it's going to open up a new session. And I say, "Hello,

you are my work agent." And it should be a completely new person. It shouldn't

have any contacts from Nova because yeah, it just came online. So there you go. Now it's asking me for the added

go. Now it's asking me for the added contact. And this is really cool because

contact. And this is really cool because imagine you're at work and you literally have a agent which is completely specified with your Slack, with your email integrations, with everything. And

you have that set up so that everything you do at work is automated. And then

once you get home, you switch. You just

go slash agents right here. You switch,

you forget about work, hop into main, and then go do the stuff that you really like doing. So that is really cool use

like doing. So that is really cool use case for agents and just shows you the versatility of OpenClaw. And closing

this now, we can see that in each access profile, you really can modify it to your heart's desire. One thing that I didn't mention up to now is the sandboxing because that's part eight of

our course. But you can have one agent

our course. But you can have one agent that's sandbox and another that isn't.

Meaning that if you have some potentially high-risk setups for a specific agent, then you can have that on a docker container such that it doesn't have access to your entire to

your file directory at all. And

there you have it. So moving on to security, we're just going to discuss some of the surfaces that you should be aware. Of course, I already discussed

aware. Of course, I already discussed prompt injection, which is to say they can craft messages that trick your agent into running commands. Then a good tool

is to use the dockerbased isolation runs that protect your host system. So you

can set your sandbox mode to non-main, which means sandbox everyone except your main session, which is to say the default one will not be sandbox, but all others won't will, sorry. And then all,

which means sandbox everything. And then

the sandbox scope means how is the container life cycle managed. And then

you can set workspace access as well which will just limit if you can read read and write or do none. Okay. And

then with respect to tools you can use tool.deny to block the nearest tools

tool.deny to block the nearest tools like exec process or browser for agents handling untrusted input such as from the internet. So if you do have elevated

the internet. So if you do have elevated mode it will bypass the sandbox and run on the host which means that it could run anything on the host. So never grant that power to an unknown sender. And

then browser control. If you're doing some browser tasks with high-risk edges, then make sure that you have a system

where you restrict browser access with a sender allow list which only allows you onto certain browser websites, for example, or using a sandbox browser to

limit exposure overall. Then I watched this YouTube video with a really good overall aspect of enable sandbox mode, keep it private, scope your tokens, run security audit and consider tool

restrictions. These are the key aspects

restrictions. These are the key aspects which you should be cognizant of when you are running openclaw and then now let's come into sandboxing. So as I

mentioned there are three modes. So

information here has already been mentioned except I forgot to talk about scope which is either session agent or shared in terms of the containers which is to say that if you have a sandboxed

session scope every single time there's a new session with a new agent you will create a new sandbox which means there will be lots of overhead and many different docker containers that you create but each session will be

sandboxed separately and then there's the agent level which means that each agent so your default agent will have one sandbox box and your work agent will have another sandbox. If you set them

both to have sandbox, they'll have their own. And there's a shared sandbox, which

own. And there's a shared sandbox, which means that each agent will or all agents that are sandbox will share the same docker container, which means that they don't have access to your external files, but they do have access to the files that they share between each

other. So this is just a trade-off that

other. So this is just a trade-off that you can make in terms of sandboxing individually to prevent any type of information exchange at a slower rate

with a lot of more overhead or just giving all containers the same sandbox container to use. And then tools once again you can give different agents

tools. And there are specific tool

tools. And there are specific tool policies for sandbox with the most important one being right elevated exec runs on host and bypasses sandbox. So

even if you have a sandbox if you have this elevating execution then you really need to be careful that you're not running anything that could go wrong. So

now let's show a real life example of setting up a sandbox. So this script is in the open claw database if I'm not mistaken.

So, I'm going to go grab that here. And

I'm just going to run it and see what we get in order to set up our Docker container.

And make sure that you do have Docker running. I was trying to set this up

running. I was trying to set this up before the video and it was not working.

And the reason was because my Docker desktop was not on for Mac. If you're

using Mac, then you need to have the Docker demon running. So once this is all done and set, we can just ask the open claw agent to set up a docker

container for us. You can go ahead and modify the documents yourself, but why do that when the easier option is in front of you? So opening up the

terminal, let's zoom in a bit so this is bigger. Okay, so now we're going to say

bigger. Okay, so now we're going to say I just ran.

Can you make the work agent sandboxed on the agent scope and let's see what it

does. Okay, so we just got it running

does. Okay, so we just got it running correctly. I had some errors there

correctly. I had some errors there because we already maxed out our cloud tokens. So I had to set up another API

tokens. So I had to set up another API key. But after asking it that question,

key. But after asking it that question, I just ran scripts/ sandbox setup.sh. Can you make the work

sandbox setup.sh. Can you make the work agent sandbox and agent scope? Then it's

saying me telling me sorry that the work agent now has sandbox mode.all and

sandbox scope agent. The gateway has been restarted. So you're good to go.

been restarted. So you're good to go.

The work agent is now sandbox scope agent. Okay. So in order to confirm

agent. Okay. So in order to confirm this, let's come into our open claw logs, which is this one right here.

We're going to come into sandboxes. So,

let's just try and see what happens when we come back to our agent and choose work and say, "Can you access my desktop

files?"

files?" And check out what it says. All right.

And looking at this now, we see that it says, "Nope, I'm sandboxed. My world is limited to this file here. I can't see your desktop documents or anything

outside of that sandbox. It's a security thing and honestly a good one. And going

on, if you need me to work with specific files, you'd have to copy them into my workspace and I can readit them or paste the contents of its text into the chat or you're trying to get me to look at.

So there you go. You can see that now with the sandbox, it has no access to any of the files in my computer outside of the container. And if I come into the sandbox mode, we see that there are

sandboxes because now we have the work sandbox here with all the skills and all of the MD definitions. So if we come

into our identity, it should be something like empty right now because we haven't actually added any information. But of course, if this is a

information. But of course, if this is a work account, then you would imagine that it would have some work related characteristics. But we just haven't

characteristics. But we just haven't given the a agent that information yet.

The most important thing to note though is that we do have the sandbox now and the agent does not have any access to our workspace. So I believe that this is

our workspace. So I believe that this is a great way to have the security of a VPS without creating one. There are

drawbacks of course because now we can only access files within the container which makes this much less useful and also if you give it access to internet it still could do some pretty wacky

things. So, it's definitely a game of

things. So, it's definitely a game of pros and cons and weighing the different scenarios, but definitely sandboxing is a great alternative if you don't want to run this on a server. So, there you have

it. That was the course on beginner

it. That was the course on beginner introduction to OpenClaw. I hope that this was helpful and please leave any comments if you have questions because I will personally be responding to them

throughout the week and hoping to address any concerns since this is such a fast evolving project. Thank you for listening.

Loading...

Loading video analysis...