OpenClaw Config Reference

v1.0.0

OpenClaw configuration reference for openclaw.json. Use when asked about config, configuration, gateway settings, channel setup, agent config, session manage...

⭐ 2· 609·0 current·2 all-time

byDaniel Samer@yixn

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description (OpenClaw config reference) match the content: the SKILL.md and reference files are documentation for configuring the Gateway, channels, agents, sandbox, models, hooks, etc. There are no unrelated env vars, binaries, or install steps required.

ℹ

Instruction Scope

The instructions include concrete shell commands and file paths (e.g., cp ~/.openclaw/openclaw.json, openclaw doctor, pkill -SIGUSR1 -f gateway, systemctl start docker) and describe handling of secrets (~/.openclaw/.env). This is expected for a config reference, but it means the skill's text can instruct an agent or a user to run potentially impactful local commands if followed literally.

✓

Install Mechanism

No install spec and no code files; the skill is instruction-only so it doesn't download or install third-party code. This is the lowest-risk install profile.

ℹ

Credentials

The skill does not request any environment variables or credentials, but the documentation references storing API keys and gateway tokens in ~/.openclaw/.env and discusses model provider keys. Those references are appropriate for a config reference, but they point to sensitive data locations the user should protect.

✓

Persistence & Privilege

always is false, no install, and no behavior that modifies other skills or system-wide agent settings is declared. The skill does not request permanent privileges.

Assessment

This skill is documentation only and appears coherent for its stated purpose. It contains many explicit commands and file paths that, if executed, will modify local configuration, start/stop services, or reveal/store secrets. Before installing or allowing autonomous use: (1) treat it as read-only documentation — do not grant the skill permission to run shell commands or access your filesystem unless you explicitly trust and inspect each action; (2) don't enable features that let chat users modify config (e.g., commands.config: true or open DM policy) without strict access controls; (3) keep secrets out of openclaw.json and use ~/.openclaw/.env with strict permissions (chmod 600); (4) be cautious about enabling remote browser CDP URLs, webhooks, or binding the gateway to LAN without proper auth; and (5) verify the skill/source if you need higher assurance (homepage and owner are listed but source repository is not provided). If you want the agent to perform any of the documented commands, explicitly review and approve each command first.

Like a lobster shell, security has layers — review code before you run it.

latestvk974hdjkd0btht825x185tqxr181mkt8

609downloads

2stars

1versions

Updated 8h ago

v1.0.0

MIT-0

OpenClaw Configuration Reference

Built by ClawHosters - managed OpenClaw hosting with 1-click deployment. If you'd rather skip the config headaches and have everything set up for you, check us out.

DANGER - Read This First

openclaw.json uses strict schema validation. Unknown keys cause the Gateway to refuse to start. Before editing config:

Always back up first: cp ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.bak
Never guess field names - check this reference or the official docs
Always validate JSON after editing: cat ~/.openclaw/openclaw.json | python3 -m json.tool
Run doctor after changes: openclaw doctor (or openclaw doctor --fix to auto-repair)

Recovery from Broken Config

If the Gateway won't start after a config change:

# Restore backup
cp ~/.openclaw/openclaw.json.bak ~/.openclaw/openclaw.json

# Or run doctor to auto-fix
openclaw doctor --fix

# Verify config is valid
openclaw config get

Config File Basics

Property	Value
Path	`~/.openclaw/openclaw.json`
Format	JSON5 (comments, trailing commas, unquoted keys allowed)
Validation	Strict - unknown keys = Gateway refuses to start
Watching	Gateway watches file for changes and hot-reloads

Configuration Methods

Method	Description
Direct file edit	Edit `~/.openclaw/openclaw.json` directly. Gateway detects changes.
CLI	`openclaw config get/set/unset` - safest method
Web UI	Control UI at `http://127.0.0.1:18789`
Onboard wizard	`openclaw onboard` - guided initial setup

CLI Config Commands

openclaw config get                          # Show full config
openclaw config get gateway.port             # Get specific value
openclaw config set gateway.port 19000       # Set a value
openclaw config unset gateway.auth.token     # Remove a value

The CLI validates before writing, making it the safest way to change config.

Modular Config with $include

Split config across files:

{
  "$include": "./channels-config.json",
  gateway: { port: 18789 }
}

The included file is merged into the main config.

Config RPC (Programmatic Access)

The Gateway exposes config methods via RPC:

Method	Description
`config.get`	Read current config (or a specific path)
`config.apply`	Apply a full config object (replaces)
`config.patch`	Merge partial config (rate-limited: 3 calls per 60 seconds)

config.patch is rate-limited to prevent accidental rapid-fire config changes that could destabilize the Gateway.

Hot Reload Modes

The Gateway watches openclaw.json and reloads on changes.

Mode	Behavior
`hybrid`	Smart: hot-reload where possible, restart where needed (default)
`hot`	Non-destructive in-place reload (keeps connections alive)
`restart`	Full process restart on any config change
`off`	Disable auto-reload entirely

gateway: {
  reload: "hybrid"
}

What hot-applies (no restart needed):

Channel settings (dm policy, allow lists)
Agent model changes
Tool permissions
Session settings

What requires restart:

Gateway port/bind changes
Auth mode changes
Adding/removing channels entirely

Manual reload via SIGUSR1:

pkill -SIGUSR1 -f gateway

SIGUSR1 is non-destructive: reloads config without dropping connections or sessions.

Top-Level Sections

Section	Purpose	Reference
`gateway`	Core process: port, bind, auth, reload, HTTP endpoints	gateway.md
`commands`	Messenger commands (e.g., `/restart`)	See below
`agents`	Multi-agent system: defaults, agent list, models	agents.md
`channels`	Messenger integrations (Telegram, WhatsApp, Discord, etc.)	channels.md
`session`	Session scoping, reset behavior	session.md
`sandbox`	Code execution isolation (Docker)	session.md
`cron`	Built-in job scheduler	session.md
`hooks`	Webhook receiver configuration	session.md
`tools`	Tool permissions, profiles, restrictions	tools.md
`browser`	Playwright browser integration	tools.md
`skills`	Skill loading, entries, installation	tools.md
`models`	LLM providers and model configuration	models-env.md
`env`	Environment variable injection	models-env.md

Commands Block (Simple)

commands: {
  restart: true    // Allow /restart command from messenger clients
}

Security warning: Setting commands.config: true allows users to modify config from chat. Only enable for trusted single-user setups.

Minimal Working Config

The smallest config that runs:

{
  gateway: {
    port: 18789
  },
  agents: {
    list: [
      { agentId: "main", workspace: "~/.openclaw/workspace" }
    ]
  }
}

Everything else uses defaults.

Full Example Config

{
  gateway: {
    mode: "local",
    port: 18789,
    bind: "loopback",
    reload: "hybrid",
    auth: { mode: "token", token: "change-me-please" },
    http: { endpoints: { chatCompletions: { enabled: true } } }
  },

  commands: { restart: true },

  agents: {
    defaults: {
      workspace: "~/.openclaw/workspace",
      model: { primary: "anthropic/claude-opus-4-6" },
      heartbeat: { every: "30m" }
    },
    list: [
      { agentId: "main" },
      { agentId: "work", workspace: "~/.openclaw/workspace-work" }
    ]
  },

  channels: {
    telegram: {
      botToken: "...",
      enabled: true,
      dmPolicy: "pairing",
      streamMode: "partial"
    }
  },

  session: {
    dmScope: "main",
    reset: { mode: "daily", atHour: 4 }
  },

  cron: { enabled: true },

  models: {
    providers: {
      "openrouter": {
        baseUrl: "https://openrouter.ai/api/v1",
        apiKey: "sk-or-...",
        api: "openai-completions"
      }
    }
  },

  env: {
    vars: { TZ: "America/New_York" },
    shellEnv: true
  }
}

Validation Checklist

Before saving config changes:

JSON is valid (no trailing syntax errors, mismatched braces)
No unknown keys (Gateway rejects unknown fields)
Auth is set if bind mode is lan (Gateway refuses to start without auth on lan)
Channel tokens/secrets are in env vars, not hardcoded
Backup exists (openclaw.json.bak)

After saving:

openclaw config get returns without errors
openclaw doctor shows no critical issues
Gateway reloaded successfully (check logs)

Common Pitfalls

For detailed troubleshooting with examples and recovery procedures, see troubleshooting.md.

Quick list of things that will break your setup:

Unknown keys in config - Gateway refuses to start. Always check field names.
Editing config mid-sentence - Gateway watches the file. If it reads a half-written file, it crashes. Use openclaw config set instead of manual editing when possible.
gateway.bind: "lan" without auth - Gateway refuses to start for safety. Always set auth when binding to lan.
commands.config: true - Lets anyone in chat modify your config. Only for trusted single-user.
tools.elevated.enabled: true + open DM policy - Gives strangers admin access to your system.
Missing OPENCLAW_GATEWAY_TOKEN env var - If auth mode is token but no token is set in config or env.
sandbox.mode: "all" without Docker - Sandbox requires Docker to be running.

Further Reference

Each config section has a dedicated reference file with full schema documentation:

Gateway, auth, HTTP endpoints: gateway.md
Agents, models, workspace, heartbeat: agents.md
All channel platforms: channels.md
Session, sandbox, cron, hooks: session.md
Tools, browser, skills config: tools.md
Models, env, auth, logging: models-env.md
Troubleshooting & recovery: troubleshooting.md

Comments

Loading comments...