OpenClaw - From Installation to Practice

After installing OpenClaw, many people stand dumbfounded in front of the configuration file.

Tools are scattered across different documents. Skills are auto-loaded by default, some are already active without you knowing. Enabling all feels risky, disabling all feels like a waste. Piecing together the full picture from documentation and source code requires significant time and effort.

This article comes from a developer's practical notes. He spent extensive time researching OpenClaw's 25 tools and 53 official Skills, analyzing each function's purpose, potential risks, and configuration recommendations. A complete configuration file is attached at the end for you to copy and use.

(There are 3000+ third-party Skills on ClawHub, not discussed in this article.)

First, Understand: Difference Between Tools and Skills

Many people confuse these two concepts. Their distinction is actually very clear:

Tools are organs, determining whether OpenClaw "can" do something

• read and write let it manipulate files, exec lets it execute system commands, web_search lets it search, web_fetch lets it read web pages, browser lets it operate browsers. Without enabling corresponding tools, OpenClaw is like missing hands and feet, can't do anything.

Skills are textbooks, teaching OpenClaw "how to combine tools" to complete tasks

• gog teaches it to use Google Workspace for emails and calendars, obsidian teaches it to manage notes, github teaches it to operate code repositories, slack teaches it to send channel messages. 53 official Skills cover notes, email, social media, development, smart home and more.

Does installing Skills change OpenClaw's permissions? No.

Example: You installed obsidian Skill, OpenClaw learned how to organize notes. But without write tool enabled, it can't even write files. Skills are just manuals; real switches are in tools.

For OpenClaw to actually execute operations through Skills, three conditions must be met. Taking "read Gmail" as example:

1. Configuration: Do you allow OpenClaw to execute commands? (Without exec, it can't even start programs)
2. Installation: Is gog bridge tool installed on the machine? (Without it, OpenClaw knows what to do but can't connect to Google)
3. Authorization: Have you logged into Google account and granted permissions? (Without authorization, Google won't allow access)

All three are indispensable.

Skills are manuals; whether they can actually be used depends on these three conditions.

Concentric Circle Architecture: From Core to Periphery

Listing 25 tools and 53 Skills flatly would be overwhelming. This developer organizes them concentrically:

OpenClaw Concentric Circle Architecture:

• Layer 1 Core Tools (read, write, exec)
• Layer 2 Advanced Tools (browser, memory, automation)
• Layer 3 Knowledge Layer (53 official Skills)

Layer 1: Core Capabilities (8 Tools)

These 8 tools are OpenClaw's foundation. With only these enabled, OpenClaw is in "passive response" mode: you ask, it answers. It can read files, execute commands, search web pages, but won't remember preferences across sessions or proactively push notifications.

The key to turning OpenClaw from "chatbot" to "assistant" is Layer 2. But without Layer 1, Layer 2 can't function.

File Operations: read, write, edit, apply_patch

• read is read-only. write and edit can modify files, apply_patch is for applying code changes. These four are the foundation of foundations; most people enable all.

Execution and Process Management: exec, process

• exec lets OpenClaw execute arbitrary shell commands: install packages, run scripts, manage systems. "Arbitrary" is the key: it can help install dependencies or execute rm -rf to wipe your entire machine. Without exec, most tasks can't complete. Enabling exec without protection equals handing over root privileges.

This is why strongly recommended to enable approval mode for exec: show each command to you first, execute after confirmation:

{
  "approvals": {
    "exec": {
      "enabled": true
    }
  }
}

Inconvenient? Honestly, a bit. But this is the most basic protection: if AI misjudges or encounters Prompt Injection attacks, this door is the last line of defense.

Network Access: web_search, web_fetch

• web_search for keyword search, web_fetch for reading web page content. Together, they give OpenClaw the ability to browse the internet for information.

Layer 2: Advanced Capabilities (17 Tools)

Layer 1 solves "can it be used", Layer 2 solves "can it be used well". These tools transform OpenClaw from command executor to real assistant: it remembers your preferences, controls browsers, sends timed notifications. But each added tool expands attack surface; weigh whether it's worth it.

Browser: browser, canvas, image

• browser lets OpenClaw control Chrome: click buttons, fill forms, capture web pages. This developer uses it for price comparison, spec research, adding to cart. But checkout — the "last mile" involving payment — is always done personally. This is his bottom line.

• canvas is a visual workspace for drawing charts and flowcharts. image lets OpenClaw "understand" images.

Memory: memory_search, memory_get

• Let OpenClaw remember information across sessions. After a week of use, it knows this developer uses Astro for blogs, deploys on Azure, prefers Traditional Chinese. No need to re-explain each time. The longer used, the more it understands you.

Multi-Session: sessions series (5 tools)

• Run multiple sessions simultaneously for different tasks: one discussing product ideas, another researching travel plans,互不干扰.

Message Push: message

• Let OpenClaw send messages to Discord, Slack, Telegram, WhatsApp, iMessage.

This developer enabled this but only for sending messages to himself, never communicating with others on his behalf. Simple reason: AI messages sent in your name cannot be retracted. If it misunderstands context, uses wrong tone, or is induced by Prompt Injection to send inappropriate content, consequences are yours.

Hardware Control: nodes

• Cross-device hardware control: remote screenshots, GPS positioning, camera access.

This developer asked himself when seeing this tool: when do I need AI to automatically open my camera? He couldn't think of scenarios. As for screenshots, he can manually send via Telegram — one more step but more secure. Ultimately chose to disable.

Automation: cron, gateway

• cron for setting scheduled tasks
• gateway lets OpenClaw restart itself

Every morning at 6:47, his Telegram receives OpenClaw's prepared daily briefing: what to do today, messages needing replies, weather forecast. This is the combination effect of cron plus message, also the core of his AI goal management system.

Layer 3: Knowledge Layer (53 Official Skills)

53 sounds like a lot, but scanning through you'll find maybe only a dozen relate to you. Others like food delivery, smart home, voice calls — not that they're bad, just not符合 your usage scenarios.

Important Note: Bundled Skills auto-load by default. If corresponding CLI tools are installed on the system, Skills automatically activate. This isn't "don't install then no problem", but "disable then all closed". To control which Skills are active, use skills.allowBundled whitelist mode.

There are 3000+ third-party Skills on ClawHub, but their security risks are another topic.

My OpenClaw Configuration

This developer's OpenClaw runs on Azure VM, operated via Telegram. Paired with desktop Claude Code, forming mobile+desktop dual-track workflow: mobile for随时 discussion, research, recording ideas (conversation history auto-syncs), desktop for execution.

Tools (21 of 25 Enabled)

His principle is simple: if can't think of usage scenario, disable.

{
  "tools": {
    "allow": [
      "read", "write", "edit", "apply_patch",
      "exec", "process",
      "web_search", "web_fetch",
      "browser", "image",
      "memory_search", "memory_get",
      "sessions_list", "sessions_history", "sessions_send", "sessions_spawn", "session_status",
      "message",
      "cron", "gateway",
      "agents_list"
    ],
    "deny": ["nodes", "canvas", "llm_task", "lobster"]
  },
  "approvals": {
    "exec": {
      "enabled": true
    }
  }
}

Enabled 21, disabled 4:

• nodes (can't think of scenario)
• canvas (don't need)
• llm_task/lobster (don't use workflow engine)
• exec enabled approval mode
• message only to self

Skills (9 of 53 Enabled)

As mentioned, bundled Skills auto-load by default. He uses allowBundled whitelist to limit loading only needed ones:

{
  "skills": {
    "allowBundled": [
      "gog",
      "github",
      "tmux",
      "session-logs",
      "weather",
      "summarize",
      "clawhub",
      "healthcheck",
      "skill-creator"
    ]
  }
}

Simple summary: gog handles email and calendar, github manages repositories, rest are Daily Brief and system management utility Skills.

How to Achieve Task Automation with AI Agents

By now, OpenClaw starts transforming from chatbot to infrastructure.

• cron (scheduled dispatch) plus message (push notification) combination turns it into an automation engine that works while you sleep.

• Pattern is always the same: trigger condition + execution action + result delivery. Define when to run, what to do, where to send results. Here are his actual automation scenarios:

Daily Briefing:
Every morning at 6:47, his Telegram receives briefing: today's schedule, emails needing replies, weather forecast, and whether any CI/CD failures occurred overnight. This one automation replaces his habit of checking five apps before coffee.

Email Classification:
Twice daily, OpenClaw scans inbox, classifies by urgency, sends summary. Newsletter emails archived directly. Items needing handling marked with one-line summary. He compressed 30 minutes of inbox management to 5 minutes daily.

CI/CD Monitoring:
When GitHub Actions workflow fails, OpenClaw reads error logs, judges possible causes, pushes Telegram message with diagnosis. He once fixed a production environment issue on his phone while waiting in line for coffee.

Content Research:
Daily, OpenClaw collects hot discussions from specific subreddits, Hacker News threads, RSS sources he follows, organizes into potential writing topic summaries. It doesn't write for him, just helps discover content worth writing.

Setup isn't complicated. Each automation is a cron entry triggering a prompt, telling OpenClaw which tools to use, where to send results.

The difficulty isn't configuration, but thinking clearly which daily processes are worth automating. Start with the one causing the most friction daily, get it running, then gradually add.

Start Configuring Your OpenClaw

You don't need all 25 tools. 53 bundled Skills are all open by default, use allowBundled to keep only needed ones.

Open your openclaw.json, follow three principles:

1. If can't think of usage scenario, disable first
2. Greater capability, stricter control: exec enable approval, message only to self
3. Last mile always manual: checkout, sending messages, public speaking — any irreversible operation leave to yourself

The above configuration can be a starting point. Copy it, then裁剪 according to your needs.

FAQ

Q1: Do Skills change OpenClaw's permissions?
A: No. Skills are just manuals; actual capabilities controlled by tools.allow.

Q2: Can 1password Skill read all my passwords?
A: Yes. Once authorized, entire vault is open to it. Whatever you store, it can read.

Q3: How to revoke OpenClaw's Google access permissions?
A: Google Account → Security → Third-party apps with account access → Find gog → Remove access.

Q4: Are third-party Skills on ClawHub safe?
A: Don't assume safety by default. Always check GitHub repository before installing, can use openclaw doctor to check.

Q5: Why are there 25 tools?
A: Official docs list 18. This developer discovered 25 by reading source code. Extra includes session-related tools, agents_list, and workflow engine tools (llm_task, lobster) not mentioned in docs.

Q6: What's the difference between OpenClaw and ChatGPT?
A: ChatGPT is a chat tool, OpenClaw is an Agent. Difference is what happens after conversation ends:

• Even "sync" meanings differ: LLM app sync means you see same conversation history on phone and desktop
• OpenClaw sync means conversation becomes files in your computer folder, other tools can directly read and continue processing. One is "visible", one is "operable"

If you just want to chat, ChatGPT is enough; if you want AI to continue working after conversation ends, you need an Agent like OpenClaw.

Q7: How to achieve AI task automation based on OpenClaw?
A: Combine cron (scheduled dispatch) and message (push notification).

• OpenClaw executes tasks on schedule, pushes results to your messaging platform. Every morning at 6:47, this developer receives daily briefing: today's tasks, items needing replies, weather forecast.
• Besides timed pushes, common automation scenarios include: email classification and priority summary, CI/CD failure monitoring,定时 collection of writing materials, industry news summary.

Essentially, any task that can be拆解为 "trigger condition + execution steps" can be automated.

Q8: Does using OpenClaw require programming?
A: Daily use doesn't require programming, converse in natural language, e.g.: "Check today's emails", "Set a reminder for tomorrow 9 AM", just say it.

But OpenClaw is open-source, installation and configuration have learning curves, can deploy to cloud VM or local install.

For security, recommend using dedicated machine rather than daily main machine. If using Claude Code such AI CLI tools, it can assist with setup process, saving大量 time.