OpenClaw Advanced Configuration Guide (Security / Multi-Model Routing / Channel Controls / Proxy & Sandbox / Memory & Proactive / Plugins & Skills)

This is a structured advanced config tutorial for OpenClaw (formerly Moltbot, and before that Clawdbot).
Some config keys may vary by version/plugins — always verify with openclaw config get and your gateway logs.
Prefer openclaw config set ... over manual JSON edits to avoid syntax mistakes.

Contents

• 0. Files & recommended workflow
• 1. Advanced model setup (multi-provider / routing / fallback / cost)
• 2. Advanced channel controls (allowlist / mention-only / pairing)
• 3. Security & sandbox (MOST IMPORTANT)
• 4. Proxy & networking
• 5. Persistent memory & proactive behavior (heartbeat)
• 6. Plugins & custom skills
• 7. Pre-flight checklist

0. Files & recommended workflow

Common file locations (latest layout)

• Main config: ~/.openclaw/openclaw.json
• Secrets: ~/.openclaw/.env (recommended)
• Optional (some versions): ~/.openclaw/config.yaml

Recommended workflow (safe & repeatable)

1. Set config via CLI
2. Confirm values
3. Restart gateway/service
4. Send a test message

Common commands:

openclaw config set key.value "value"openclaw config get || trueopenclaw gateway restart || openclaw restart

1. Advanced model setup (multi-provider / routing / fallback / cost)

Goals

• Configure multiple providers (Anthropic / OpenAI-compatible proxy / MiniMax, etc.)
• Define for default agent:
  • primary: daily driver
  • fallback: auto-switch on failure/limits
  • reasoning: force stronger model for hard tasks

Example structure (illustrative)

{  "models": {    "mode": "merge",    "providers": {      "anthropic": {        "baseUrl": "https://api.anthropic.com/v1",        "apiKey": "${ANTHROPIC_API_KEY}",        "api": "anthropic-messages",        "models": [          { "id": "claude-3-5-sonnet-20241022", "name": "Claude Sonnet 3.5", "contextWindow": 200000, "maxTokens": 8192 },          { "id": "claude-opus-4-5", "name": "Claude Opus 4.5", "contextWindow": 200000, "maxTokens": 8192 }        ]      },      "openai-compatible": {        "baseUrl": "https://api.example.com/v1",        "apiKey": "${PROXY_API_KEY}",        "models": [          { "id": "claude-sonnet-proxy", "name": "Proxy Sonnet", "contextWindow": 128000 }        ]      },      "minimax": {        "baseUrl": "https://api.minimax.chat/v1",        "apiKey": "${MINIMAX_API_KEY}",        "api": "anthropic-messages",        "models": [          { "id": "MiniMax-M2.1", "name": "MiniMax M2.1", "contextWindow": 200000 }        ]      }    }  },  "agents": {    "defaults": {      "model": {        "primary": "anthropic/claude-3-5-sonnet-20241022",        "fallback": "openai-compatible/claude-sonnet-proxy",        "reasoning": "anthropic/claude-opus-4-5"      }    }  }}

Put secrets in .env (strongly recommended)

Edit ~/.openclaw/.env:

ANTHROPIC_API_KEY=sk-REPLACE_MEPROXY_API_KEY=sk-REPLACE_MEMINIMAX_API_KEY=YOUR_MINIMAX_KEY

Switch primary model via CLI

openclaw config set agents.defaults.model.primary "minimax/MiniMax-M2.1"openclaw gateway restart || true

Practical cost strategy

• Use cheaper models for daily chat/light tasks (proxy / MiniMax / etc.)
• Use strongest model for architecture/debugging
• Always keep a fallback to avoid downtime

2. Advanced channel controls (allowlist / mention-only / pairing)

Goals

• Restrict control to you / a few trusted users
• In groups, require @mention to trigger
• For higher-risk channels, disable auto-approve pairing

Example structure (illustrative)

{  "channels": {    "telegram": {      "enabled": true,      "botToken": "${TELEGRAM_TOKEN}",      "allowFrom": ["@your_username", "123456789"],      "groups": { "*": { "requireMention": true } }    },    "whatsapp": {      "enabled": true,      "allowFrom": ["+8613xxxxxxxxx"],      "pairing": { "autoApprove": false }    },    "feishu": {      "enabled": true,      "appId": "${FEISHU_APP_ID}",      "appSecret": "${FEISHU_APP_SECRET}",      "connectionMode": "websocket",      "allowFrom": ["ou_xxx_open_id"]    }  }}

Beginner defaults:

• Telegram: always set allowlist + mention-only in groups
• Feishu: allowlist by open_id
• WhatsApp: spare account + manual approve + allowlist

3. Security & sandbox (MOST IMPORTANT)

Least privilege: allowlist commands

{  "agents": {    "defaults": {      "permissions": {        "allowedCommands": ["ls", "cat", "echo", "git status"],        "blockedCommands": ["rm", "sudo", "dd"]      }    }  }}

Start read-only, then expand carefully.

Sandbox isolation (illustrative)

{  "agents": {    "defaults": {      "sandbox": {        "mode": "non-main",        "scope": "session",        "workspaceAccess": "read-only"      }    }  }}

Never expose gateway publicly: bind localhost + token

{  "gateway": {    "bind": "127.0.0.1",    "port": 18789,    "token": "super-secret-token-here"  }}

Hardening tips:

• Don’t run as root (use a dedicated user on VPS)
• Prefer Docker deployment + volume isolation
• Firewall: open only what you need
• Back up ~/.openclaw/ regularly

4. Proxy & networking

Temporary (current shell only):

export https_proxy=http://127.0.0.1:7890export http_proxy=http://127.0.0.1:7890

Persistent:

• Docker: set HTTP_PROXY/HTTPS_PROXY in compose env
• systemd: use Environment=... in unit file

5. Persistent memory & proactive behavior (heartbeat)

Memory (illustrative)

{  "agents": {    "defaults": {      "memory": {        "enabled": true,        "vectorStore": "local",        "embeddings": { "provider": "local" }      }    }  }}

Heartbeat (illustrative)

{  "agents": {    "defaults": {      "heartbeat": {        "every": "30m",        "activeHours": { "start": "08:00", "end": "22:00" },        "message": "Hi, idle for 8h, any tasks?"      }    }  }}

Always pair proactive behavior with allowlists and mention-only rules.

6. Plugins & custom skills

Install plugin:

openclaw plugins install @xxx/yyyopenclaw gateway restart || trueopenclaw logs | tail -n 100

Custom skills directory (commonly): ~/.openclaw/skills/

mkdir -p ~/.openclaw/skillscd ~/.openclaw/skillsgit clone https://github.com/someone/some-skill-repo.git

Treat plugins/skills as high-risk code — test in isolation.

7. Pre-flight checklist

Config sanity:

openclaw config get > /tmp/openclaw_config_dump.txt || true

Check:

• Secrets stored in .env, not committed in JSON
• gateway.bind is 127.0.0.1 (unless you truly need public access)
• Every channel uses allowFrom allowlist
• Groups require @mention
• Command allowlist is minimal

Runtime:

• No persistent errors in logs
• Only allowed users get responses
• High-risk commands are denied or require approval

Final security warning (copy into your site)

• Never run full-permission OpenClaw on your primary device or anything holding wallets/secrets.
• On VPS: dedicated user + firewall; open only required ports.
• Regularly back up ~/.openclaw/.
• Exposing gateway ports (e.g., 18789/8080) is extremely risky: use token + IP allowlist + reverse proxy auth, or don’t expose at all.