OpenClaw Complete Guide: From Internals to Production

Ch01

What Is OpenClaw: From Clawdbot to the Viral Open-Source AI Agent Platform

OpenClaw's origin, rename history, MIT license positioning, core philosophy (local-first, multi-platform, extensible), fundamental differences from similar tools, product logic behind 247k GitHub stars

Ch02

First Agent in 15 Minutes: Install, Configure and Run Your First Conversation

Three install methods (curl/npm/source), system requirements, onboard flow, minimal openclaw.json config, connecting your first LLM, sending your first message, common error troubleshooting

Ch03

Core Concepts Overview: How Gateway, Pi, Skills, Plugin and Memory Fit Together

Responsibility boundaries of five core components, interdependencies, full data-flow diagram, and precise definitions of Channel/Session/Binding/Tool terminology

Ch04

OpenClaw vs LangChain / AutoGen / CrewAI: Configuration-Driven vs Code-Driven

Six-dimension comparison matrix (positioning/language/install/abstraction/integrations/memory), advantages and trade-offs of configuration-driven paradigm, selection decision tree, team profile fit

Ch05

Five-Layer Architecture: The Complete Journey of a Message from Arrival to Execution

Responsibilities, implementations and key design decisions across all five layers, with complete sequence diagram

Ch06

Gateway Control Plane: WebSocket Protocol, Three-Step Handshake and Session Resolution

Why Gateway binds localhost, three WebSocket message formats, auth handshake sequence, four dmPolicy modes, session key generation, single-writer design principle

Ch07

Command Queue: Lane-Aware FIFO and the Trade-offs of Four Queue Modes

Four lanes (Global/Session/Sub-agent/Cron) concurrency settings and isolation rationale, four queue mode behaviors, preventing state races

Ch08

Pi Framework: Minimalist Agent Execution Engine Design Philosophy and Four Core Packages

Why only 4 base tools, rationale for keeping system prompt under 1000 tokens, four-package responsibilities, embedded vs subprocess architecture decision

Ch09

Pi Agent Execution Loop: State Machine, 11 Lifecycle Events and 7-Layer Tool Pipeline

Complete createAgentSession parameter breakdown, full state machine, five loop termination conditions, 7-layer tool injection pipeline

Ch10

Message Routing: Bindings Rule Engine and Eight-Level Priority Matching

Eight routing priority levels from peer match to default fallback, multi-agent traffic splitting config patterns, session freshness evaluation

Ch11

12+ Providers: Anthropic, OpenAI, Google, Bedrock and Local Models

Authentication methods for 12 official providers, model ID format, Claude/GPT/Gemini series, AWS Bedrock config, DeepSeek/MiniMax/xAI integration

Ch12

Advanced Model Config: Key Rotation, Failover and Inference Depth Control

Multi-key rotation strategy, auto-retry on 429, failover on FailoverError, profile cooldown tracking, inference depth control, per-channel model binding

Ch13

Local Model Deployment: Ollama, LM Studio and vLLM Integration

Configuring OpenAI-compatible endpoints, Ollama pull and run, LM Studio service exposure, vLLM/SGLang high-performance inference, privacy advantages and performance trade-offs

Ch14

Built-In Tools Deep Dive: Capabilities and Use Cases of All 16 Core Tools

Complete breakdown of all 16 tools including read/write/edit/exec/browser/memory/sessions/canvas, input/output formats and use cases for each

Ch15

Tool Policies: Allow/Deny Rules, Three-Level Sandbox Config and Elevated Flag

Global deny over allow priority, per-agent exceptions, three sandbox levels and scopes, Docker/SSH/OpenShell backends, elevated bypass logic

Ch16

ACP Protocol: Using Claude Code, Codex and Gemini CLI as External Harnesses

ACP architectural positioning, 10 supported harnesses, spawn/status/close operations, interactive vs background delivery, 25-35% accuracy improvement for complex projects

Ch17

Skills System Internals: SKILL.md Format, Lazy Loading and Description Trigger Logic

Skills as instruction manuals not code, complete SKILL.md field spec, full metadata.openclaw breakdown, lazy loading mechanism, description as model trigger decision key, five-level loading priority

Ch18

Writing Skills from Scratch: Complete Examples for 5 Patterns and Best Practices

Complete SKILL.md examples for 5 patterns, progressive disclosure design, {baseDir} references, degree of freedom matching, token cost optimization

Ch19

ClawHub Ecosystem: 13,000+ Skills Categories, Top 10 Picks and Installation Guide

Ten major categories with counts, top 10 skills by installs, awesome-openclaw-skills curation methodology, install methods, publishing workflow

Ch20

Advanced Skills Techniques: OS Filtering, Dependency Gating, Command Dispatch and Token Control

Dependency declarations in practice, OS filtering, always gate bypass, zero-inference command dispatch, hiding skills from model, auto-install scripts

Ch21

Skills Security: ClawHavoc 6 Injection Techniques and Complete SKILL.md Audit Checklist

ClawHavoc timeline, six attack techniques (staged download/reverse shell/Base64 social engineering/ClickFix/dormant payload/dynamic fetch), AMOS payload capabilities, five-step pre-install audit, secure skill characteristics

Ch22

Plugin Architecture: 8-Step Loading Pipeline and Unidirectional Dependency Principle

Eight-step loading pipeline breakdown, manifest as control plane source of truth, unidirectional loading principle to prevent global state pollution

Ch23

Plugin API Deep Dive: 45 Hooks Across 7 Phases and Penetration Rules

45 hooks across 7 phases with exact invocation timing, penetration rules, complete registerProvider/Channel/Tool/HttpRoute signatures

Ch24

Writing Your First Plugin: Channel, Tool and Provider Type Walkthroughs

Plugin directory structure and manifest format, Channel/Tool/Provider plugin walkthroughs, HTTP route security levels, jiti hot-reload development workflow

Ch25

Skills vs Plugin Decision Framework: Capability Boundaries and Collaboration Patterns

8-dimension comparison table, what plugins can do that skills cannot, what skills can do that plugins cannot, collaboration patterns (plugin provides pipeline + skill teaches usage)

Ch26

Memory Four-Layer Architecture: Session Context, Daily Logs, MEMORY.md and Vector Index

Storage locations, load timing, suitable information types for each layer, file-as-database philosophy, relationship between memory and context window

Ch27

Compaction Algorithm: Trigger Formula, Pre-Flush Mechanism and Long-Session Information Preservation

Trigger formula, silent agentic turn pre-flush, dedup mechanism, compaction vs pruning distinction, dreaming background consolidation

Ch28

Vector Search: SQLite + BM25 Hybrid Retrieval, 0.7/0.3 Weight Fusion and Embedding Fallback Chain

FTS5 keyword search + vector cosine similarity in parallel, union vs intersection strategy, over-fetching with candidateMultiplier, graceful degradation, four-level embedding fallback chain

Ch29

Workspace File System: AGENTS.md, SOUL.md, USER.md and HEARTBEAT.md Explained

9 standard workspace files with load timing and purpose, AGENTS.md vs SOUL.md core distinction, USER.md user profile, HEARTBEAT.md periodic checklist, bootstrap mechanism and character limits

Ch30

Seven-Layer Security Model: From Gateway Binding to Outbound Message Gating

Seven defense layers from gateway auth to outbound gating, implementation details and configuration for each layer, what each layer protects against

Ch31

ClawBleed CVE-2026-25253: Complete Attack Chain from Token Reflection to RCE

Two independent vulnerabilities combining into CVSS 9.8 four-step chain, 40,214 exposed instances, ClawJacked localhost bypass, remediation and incident response steps, four related CVEs

Ch32

ClawHavoc Supply Chain Attack: 6 Injection Techniques, AMOS Payload and AI Agent Supply Chain Blind Spots

Timeline reconstruction, automated upload of 354 malicious packages by single actor, six techniques, AMOS full capabilities, why traditional security tools fail against prompt injection

Ch33

Production Security Hardening: Least Privilege Config, Skills Audit Workflow and Security Audit Command

Gateway security hardening config, five-step pre-install skill audit, red flag signals, security audit scan items, Tailscale as alternative to public exposure

Ch34

Multi-Agent Routing: Bindings Config Patterns and Multi-Account/Channel Traffic Splitting

Agent isolation principle, per-channel traffic splitting, per-account splitting, binding match failure fallback logic

Ch35

Sub-Agents: Non-Blocking Delegation, Cross-Agent Memory Search and Structured Communication

Non-blocking return mechanism, isolated session and restricted tool access, automatic result announcement, cross-agent memory search config, difference from ACP harnesses

Ch36

Nodes Architecture: Physical Device Integration (macOS, iOS, Android and Raspberry Pi)

Node WebSocket connection with role:node, capability declaration, device pairing flow, per-platform capability matrix, camera/screen/location/call log/SMS interfaces

Ch37

Edge Computing: Building a 24/7 Always-On Raspberry Pi Agent Node

Raspberry Pi requirements, remote node run command, systemd auto-start, cloud inference + local execution split, sensor data collection, camera auto-reporting, low-power always-on best practices

Ch38

Control UI Deep Dive: Config Editor, Live Logs, Approval Management and Dream Diary

Vite+Lit stack, WebRTC voice Talk mode, streaming tool call cards, dual-mode config editor, session overrides, cron tracking, node capability checks, live log tailing, Dream Diary memory introspection

Ch39

Production Deployment: AWS ARM64 + systemd + Tailscale Reference Architecture

t4g.xlarge ARM64 Graviton selection rationale, Ubuntu config, systemd service unit, secure env injection, Tailscale Serve vs public exposure, backup strategy, multi-instance isolation

Ch40

Performance Tuning: Token Cost Control, Context Budget Management and Concurrent Lane Config

Skill lazy loading reduces per-request tokens, zero-inference command dispatch, compaction threshold tuning, per-provider cost matrix, lane concurrency tuning, key rotation for quota balancing

Ch41

Monitoring and Observability: Structured Logs, Health Checks and Alerting Config

Logging config, health check endpoints, log field breakdown, key metrics, Prometheus/Grafana integration approach, alerting rule design

Ch42

10 Real-World Cases: Personal Assistant, Code Review, SEO Pipeline, IoT Edge Automation and More

Daily briefing, email management, PR review assistant, multi-file refactor with ACP, competitive intel monitoring, customer onboarding automation, voice-driven DevOps, SEO pipeline, RPi camera guard, Slack incident bot

Ch43

OpenClaw Ecosystem Future: Foundation Model, ACP Standardization and Open-Source Community

Governance changes after Steinberger joined OpenAI, foundation management model, ACP standardization progress, major sponsors, community contribution pace and release strategy