Install OpenClaw: Run a Telegram AI Assistant on a VPS (Securely)
I wanted an agent that doesn’t just “chat”, but can actually run tasks while I’m offline—without keeping my own laptop running 24/7. OpenClaw: an open-source agent that talks to you through chat apps (Telegram, Slack, Discord, etc.) and can execute actions behind the scenes.
Why “OpenClaw” shows up after multiple rebrands
The project went through rapid naming changes (Claudbot → Moltbot → OpenClaw). Reporting linked that to trademark/name pressure and brand confusion in the ecosystem, which is why you still see older names in tutorials and clips (Business Insider).
Practical rule: install and update from canonical sources only—start at the official site and verify against the official GitHub repository.
Conceptually, OpenClaw is a gateway: it connects your model provider, your “skills/tools”, and your chat channel into one controllable runtime. The baseline flow is described in the Getting Started docs.
来源: YouTube
Install OpenClaw on a VPS
A VPS is usually the clean middle ground: always online, separate from your personal machine, and easier to lock down. The one recurring failure mode is exposing a gateway/dashboard port to the public internet—treat this like a production service from day one. The security checklist in the official security docs is worth skimming before you even start.
1) Install + onboarding wizard
The official docs describe a CLI-first onboarding flow and list “getting started” as the baseline path: docs.openclaw.ai/start/getting-started. The GitHub README also references onboarding and runtime requirements: README.md.
# Example install via installer script\n# Only run scripts from domains you explicitly trust.\ncurl -fsSL https://openclaw.ai/install.sh | bash\n\n# Start the onboarding wizard\nopenclaw onboard
If you prefer a packaging-based install path, the project is published on npm: npmjs.com/package/openclaw.
2) Connect Telegram (BotFather + token)
Telegram is a quick win because you mainly need a bot token. OpenClaw’s Telegram channel docs describe token-based setup and access pairing as a default safety control: docs.openclaw.ai/channels/telegram. You create the bot and obtain the token through Telegram’s official @BotFather.
# Store the token as an environment variable\nexport TELEGRAM_BOT_TOKEN="123456789:ABCdefGHIjklMNOpqrsTUVwxyz"\n\n# Start/inspect your setup (depending on how you run OpenClaw)\nopenclaw dashboard
When you message your bot the first time, OpenClaw can block it until access is paired. You’ll receive a pairing code and approve it on the server, as shown in the Telegram channel documentation: Pairing flow.
# Approve the pairing code (received in Telegram)\nopenclaw pairing approve telegram <PAIRING_CODE>
来源: YouTube
Enable web search (Brave Search API) and build automations
Web search is where an agent starts feeling “alive”—and where you need to be more careful with input quality. Brave documents API key creation in its official guides: Quickstart and Authentication.
# Configure the "web" section and enter your Brave Search API key\nopenclaw configure --section web\n\n# Example prompts you can run after this:\n# - "Track silver vs NVIDIA weekly"\n# - "Alert me if the Pentagon Pizza Index spikes"
For recurring jobs, OpenClaw documents Cron Jobs as a built-in automation mechanism: docs.openclaw.ai/automation/cron-jobs. Keep jobs small and specific—“check X and notify me if condition Y is true” scales better than “monitor everything”.

来源: Screenshot: Telegram
Typical flow: /newbot → name/username → token. Never paste the raw token into public chats, screenshots, or repositories.

来源: Own illustration
If you only do one thing: don’t expose the gateway publicly, enforce pairing/allowlists, and load only the skills you truly need.
Security baseline that actually matters
OpenClaw can run actions—so treat it like a privileged system component. The official security docs call out exposed services, overly broad access, and unsafe extensions: docs.openclaw.ai/gateway/security. DigitalOcean’s guide also highlights the operational risk of giving agents meaningful system access: digitalocean.com/community/tutorials/how-to-run-openclaw.
Hardening steps you can apply immediately
- Pairing is non-negotiable: enforced access is part of the Telegram channel design (Telegram pairing).
- Don’t publicly bind dashboards/gateway endpoints: this is explicitly addressed in Security guidance.
- Protect secrets: tokens/API keys must not end up in logs, screenshots, or git history (Secrets handling notes).
- Load only trusted extensions: review the source before enabling plugins (Extension safety).
- Expect impersonation after rebrands: Malwarebytes describes typosquats and cloned repos used for supply-chain attacks around naming changes (Malwarebytes analysis).
# Practical baseline notes (conceptual)\n# 1) SSH key-only, firewall on, minimal open ports\n# 2) Do NOT expose dashboards publicly\n# 3) Telegram: pairing + allowlisted users only\n# 4) Secrets never in git/logs/screenshots\n# 5) Install/update only from canonical sources:\n# - openclaw.ai\n# - docs.openclaw.ai\n# - github.com/openclaw/openclaw
Quick decision guide: local machine vs VPS vs dedicated host
| Option | Best for | Common pitfalls | Practical tip |
|---|---|---|---|
| Local (laptop/PC) | Fast testing, learning, short demos | Agent sees personal files/keys, privileges creep | Use a separate user/VM and minimal skills |
| VPS | 24/7 assistant, clean isolation, repeatable deploy | Accidentally exposed gateway, sloppy secret handling | Firewall + pairing + “least skills” as default |
| Dedicated host (mini server) | Full control, stable hardware, private network | Updates/monitoring forgotten, weak backup discipline | Automate updates + basic monitoring early |
来源: YouTube
Start small, lock it down, then expand
Once it works, it’s tempting to connect everything. You usually get better results by starting with one channel (Telegram), a short skill list, strict pairing/allowlists, and only then enabling web search + scheduled jobs. That sequencing aligns with the intent of the OpenClaw security notes.
Rebrands often attract scammers. Malwarebytes documents typosquats and cloned infrastructure in the wake of naming changes (Malwarebytes analysis). The boring habit that saves you: verify the domain, verify the repo, and assume any leaked token will be abused.