Install OpenClaw: Run a Telegram AI Assistant on a VPS (Securely)

Avatar
Lisa Ernst · 25.01.2026 · Artificial Intelligence · 9 min

I wanted an agent that doesn’t just “chat”, but can actually run tasks while I’m offline—without keeping my own laptop running 24/7. That’s the point of OpenClaw: an open-source agent that talks to you through chat apps (Telegram, Slack, Discord, etc.) and can execute actions behind the scenes.

Why “OpenClaw” shows up after multiple rebrands

The project went through rapid naming changes (Claudbot → Moltbot → OpenClaw). Reporting linked that to trademark/name pressure and brand confusion in the ecosystem, which is why you still see older names in tutorials and clips (Business Insider).

Practical rule: install and update from canonical sources only—start at the official site and verify against the official GitHub repository.

Conceptually, OpenClaw is a gateway: it connects your model provider, your “skills/tools”, and your chat channel into one controllable runtime. The baseline flow is described in the Getting Started docs.

Source: YouTube

Install OpenClaw on a VPS

A VPS is usually the clean middle ground: always online, separate from your personal machine, and easier to lock down. The one recurring failure mode is exposing a gateway/dashboard port to the public internet—treat this like a production service from day one. The security checklist in the official security docs is worth skimming before you even start.

1) Install + onboarding wizard

The official docs describe a CLI-first onboarding flow and list “getting started” as the baseline path: docs.openclaw.ai/start/getting-started. The GitHub README also references onboarding and runtime requirements: README.md.

install-openclaw.sh
# Example install via installer script\n# Only run scripts from domains you explicitly trust.\ncurl -fsSL https://openclaw.ai/install.sh | bash\n\n# Start the onboarding wizard\nopenclaw onboard

If you prefer a packaging-based install path, the project is published on npm: npmjs.com/package/openclaw.

2) Connect Telegram (BotFather + token)

Telegram is a quick win because you mainly need a bot token. OpenClaw’s Telegram channel docs describe token-based setup and access pairing as a default safety control: docs.openclaw.ai/channels/telegram. You create the bot and obtain the token through Telegram’s official @BotFather.

telegram-token.sh
# Store the token as an environment variable\nexport TELEGRAM_BOT_TOKEN="123456789:ABCdefGHIjklMNOpqrsTUVwxyz"\n\n# Start/inspect your setup (depending on how you run OpenClaw)\nopenclaw dashboard

When you message your bot the first time, OpenClaw can block it until access is paired. You’ll receive a pairing code and approve it on the server, as shown in the Telegram channel documentation: Pairing flow.

pairing-approve.sh
# Approve the pairing code (received in Telegram)\nopenclaw pairing approve telegram <PAIRING_CODE>

Source: YouTube

Enable web search (Brave Search API) and build automations

Web search is where an agent starts feeling “alive”—and where you need to be more careful with input quality. Brave documents API key creation in its official guides: Quickstart and Authentication.

configure-web.sh
# Configure the "web" section and enter your Brave Search API key\nopenclaw configure --section web\n\n# Example prompts you can run after this:\n# - \"Track silver vs NVIDIA weekly\"\n# - \"Alert me if the Pentagon Pizza Index spikes\"

For recurring jobs, OpenClaw documents Cron Jobs as a built-in automation mechanism: docs.openclaw.ai/automation/cron-jobs. Keep jobs small and specific—“check X and notify me if condition Y is true” scales better than “monitor everything”.

BotFather in Telegram: /newbot → token

Source: Screenshot: Telegram

Typical flow: /newbot → name/username → token. Never paste the raw token into public chats, screenshots, or repositories.

Security checklist for your gateway

Source: Own illustration

If you only do one thing: don’t expose the gateway publicly, enforce pairing/allowlists, and load only the skills you truly need.

Security baseline that actually matters

OpenClaw can run actions—so treat it like a privileged system component. The official security docs call out exposed services, overly broad access, and unsafe extensions: docs.openclaw.ai/gateway/security. DigitalOcean’s guide also highlights the operational risk of giving agents meaningful system access: digitalocean.com/community/tutorials/how-to-run-openclaw.

Hardening steps you can apply immediately

hardening-notes.sh
# Practical baseline notes (conceptual)\n# 1) SSH key-only, firewall on, minimal open ports\n# 2) Do NOT expose dashboards publicly\n# 3) Telegram: pairing + allowlisted users only\n# 4) Secrets never in git/logs/screenshots\n# 5) Install/update only from canonical sources:\n#    - openclaw.ai\n#    - docs.openclaw.ai\n#    - github.com/openclaw/openclaw

Quick decision guide: local machine vs VPS vs dedicated host

Option Best for Common pitfalls Practical tip
Local (laptop/PC) Fast testing, learning, short demos Agent sees personal files/keys, privileges creep Use a separate user/VM and minimal skills
VPS 24/7 assistant, clean isolation, repeatable deploy Accidentally exposed gateway, sloppy secret handling Firewall + pairing + “least skills” as default
Dedicated host (mini server) Full control, stable hardware, private network Updates/monitoring forgotten, weak backup discipline Automate updates + basic monitoring early

Source: YouTube

Start small, lock it down, then expand

Once it works, it’s tempting to connect everything. You usually get better results by starting with one channel (Telegram), a short skill list, strict pairing/allowlists, and only then enabling web search + scheduled jobs. That sequencing aligns with the intent of the OpenClaw security notes.

Rebrands often attract scammers. Malwarebytes documents typosquats and cloned infrastructure in the wake of naming changes (Malwarebytes analysis). The boring habit that saves you: verify the domain, verify the repo, and assume any leaked token will be abused.

Share our post!
Sources