MH
Contact
Back to AI Engineering
AI-Developer/AI Engineering
Part 1 of 16

OpenClaw: The Complete Guide — From Zero to Expert (2026)

In November 2025, a burned-out millionaire built an AI agent in one hour in a Madrid café. 60 days later it surpassed React to become GitHub's most-starred project. This is the complete guide: what OpenClaw really is, how to install and configure it, why 135,000 exposed instances became a security crisis, and how to build your own autonomous AI agent — correctly.

March 20, 2026
35 min read
#AI Agents#OpenClaw#Self-Hosted LLM#Automation#Telegram#Tutorial#Open Source#Peter Steinberger

The Most-Starred Project in GitHub History.

Most AI tools are places you go to. OpenClaw is something that works for you. Learn how to deploy, secure, and automate your life with the open-source agent gateway that surpassed React in 60 days.

Primary Objective
250K+ Stars | #1 on GitHub | 15+ Messaging Channels

The Story Behind the Most-Starred Project in GitHub History

In 2021, Peter Steinberger sold his company for over €100 million.

He had spent 13 years building PSPDFKit in Vienna — a PDF rendering SDK that ended up inside over a billion devices, powering apps at Apple, Adobe, Dropbox, and Disney. He bootstrapped it from nothing, never took outside money, grew it to 50 people, and then Insight Partners wrote the biggest check he'd ever seen.

He expected to feel something. He didn't.

💡
The Madrid Café Story

"I felt like Austin Powers where they suck the mojo out. I couldn't get code out anymore. I was just staring and feeling empty." — Peter Steinberger, Lex Fridman interview

He booked a one-way ticket to Madrid. Spent a year walking, reading, deliberately not building anything. The burnout was real. No amount of travel or therapy could resolve the emptiness left by shutting down a decade of work.

Then, one November afternoon in a Madrid café in 2025, he got annoyed.

He wanted an AI that could actually do things — check his calendar, scan his email, search the web, take system actions — all through apps he already used, like Telegram. Every existing AI tool required him to go to it. He wanted one that came to him.

He opened his laptop. He had been building AI projects since 2009. This was his 44th. One hour later, he had a working prototype. He pushed it to GitHub, called it Clawdbot (a pun on Anthropic's "Claude"), and went to bed.

That tool now has 250,000+ GitHub stars, 150,000+ Discord members, a community of 1,000+ active contributors — and a serious security incident that should inform how you install and use it.

Why OpenClaw? The Paradigm Shift

The Agent Paradigm Shift

TRADITIONAL AI
  • You go to it. (Web interfaces, apps)
  • Stateless. Forgets context when the session ends.
  • Reactive. Responds only when explicitly asked.
  • Vendor-locked. Restricted to a single cloud provider.
OPENCLAW
  • It comes to you. Works through Telegram, Discord, Slack.
  • Persistent. File-based memory system (SOUL.md, MEMORY.md).
  • Proactive. Runs background 'heartbeats' to check tasks.
  • Agnostic. Connects to Ollama, OpenAI, Claude, or Gemini.

The Growth Explosion

60 Days to 250,000 Stars
  • Nov 2025: Clawdbot prototype built in a Madrid café.
  • Jan 2026: Goes viral; 100k stars in two weeks.
  • Jan 27: Trademark rename to Moltbot; $CLAWD token chaos.
  • Jan 29: Final rename to OpenClaw.
  • Mar 3: Surpasses React (~329K stars) as GitHub's #1 project.

Deployment Strategy: Where Your Agent Lives Matters

Where you run OpenClaw determines your agent's reliability and security. Before anything else, decide where OpenClaw will live. This decision matters more than the installation itself.

Hosting Options

PERSONAL COMPUTER
  • Pro: Free, zero setup, access to local files.
  • Con: Session dies when laptop closes.
  • Best for: Rapid testing and development.
VPS (CLOUD SERVER)
  • Pro: 24/7 uptime, isolated from personal files.
  • Con: ~$5/mo cost, requires SSH knowledge.
  • Best for: Production automation and reliable briefings.
DEDICATED HARDWARE
  • Pro: Massive power for local models (Ollama).
  • Con: High upfront cost ($500+).
  • Best for: Privacy-first power users and heavy LLM workloads.

Security Architecture: The Supply Chain Crisis

In January 2026, as OpenClaw was going viral, an attacker ran an industrial-scale supply chain poisoning operation against the ClawHub skills marketplace.

The attacker disguised malware as high-demand skills: cryptocurrency trackers, YouTube summarizers, and Ethereum gas monitors. The skills looked professional, had documentation, and a "Prerequisites" section — that section told you to install a malicious binary first.

🚫
CVE-2026-25253 & ClawHavoc

Over 135,000 instances were exposed to RCE. OpenClaw responded by implementing a community reporting system and patching the core vulnerabilities. Never install a skill without source code review.

The Secure Agent Perimeter
  • Auth: Gateway token is the master key. Keep it secret.
  • Sandboxing: Run via Docker with --read-only flag.
  • Networking: Block port 18789 via UFW; use SSH tunnels only.
  • Permissions: Define behavioral rules in AGENTS.md to gate sensitive actions.

Setup Workflow: From Zero to Autonomous

The installation is straightforward, but the configuration is where the "Soul" is born.

The OpenClaw Lifecycle

📦
INSTALL

npm install -g openclaw or use the official Docker image.

🔒
SECURITY

Enable authentication, lock external ports, and define ground rules in agents.md.

🧠
IDENTITY

Complete the 'Bootstrap Interview' to define the agent's personality and goals in SOUL.md.

📱
CHANNELS

Link your messaging platform (Telegram/Discord) and set allowedUsers for safety.

💓
HEARTBEAT

Define proactive tasks in HEARTBEAT.md that the agent checks every 30 minutes.

The Brain System: Persistent Memory

This is the most important architecture concept to understand. OpenClaw isn't a stateless chatbot — it has a persistent file system that defines who it is and what it knows.

Understanding the Workspace

SOUL.md

The core identity. Values, tone, and behavioral boundaries.

MEMORY.md

Accumulated knowledge, user preferences, and patterns learned over time.

HEARTBEAT.md

Scheduled checklists. The agent decides if action is needed based on your plain-English instructions.

The Bigger Picture

When Peter Steinberger sat in that Madrid café in November 2025, he wasn't trying to build a movement. He was annoyed that something didn't exist, so he built it in an hour.

Eight months later:

  • It's GitHub's most-starred project.
  • 150,000+ people are on its Discord.
  • It has fundamentally changed how we think about "apps" vs. "agents".

The transition from "place you go" to "thing that follows you" is the defining shift of 2026 AI engineering. OpenClaw just happened to be the first one to get the protocol right.

Key Takeaways

01
01
The $40 Rule

Don't use a $5 API credit tier. Setup is token-heavy; Tier 2 ($40+) avoids silent rate-limit failures during bootstrapping.

01
01
Heartbeats are 'Thinking' Intervals

Unlike cron jobs, heartbeats are reasoning steps. They decide whether to act based on context, not just time.

01
01
Audit Your Skills

Only install skills from vetted sources. Malicious skills can harvest your SSH keys and Keychain in seconds.

💡
The Future of Engineering

You've mastered the setup. Now, prepare for the next leap: Multi-Agent Orchestration and the Cognitive Loop.

AI Engineering
MH

Mohamed Hamed

20 years building production systems — the last several deep in AI integration, LLMs, and full-stack architecture. I write what I've actually built and broken. If this was useful, the next one goes to LinkedIn first.

Follow on LinkedIn →