Part 2 is live
This guide covers initial setup — from creating a droplet to chatting with your AI on Telegram. For everything that comes after — skills, memory, integrations, hardening, multi-agent orchestration, and production deployment — read Part 2: From Getting Started to God Mode.
Important: run OpenClaw commands as the openclaw user
The DigitalOcean 1-Click image runs the OpenClaw service as a dedicated openclaw user (not root). Every openclaw CLI command should be prefixed with sudo -iu openclaw so your config lands in the right place. For example: sudo -iu openclaw openclaw health. This is the #1 cause of setup failures — read that section before running any commands.
Keeping this guide current
I've learned a lot from teaching this material — every common stumbling block is now patched into these instructions. If something doesn't match what you're seeing, let me know and I'll update it. Last verified against OpenClaw v2026.3.x and the current DO marketplace image.
OpenClaw is an open-source framework for building AI agents — not chatbots, but agents that work in the background, check on things, and reach out to you when something matters. The difference is important: a chatbot waits for you to talk to it. An agent taps you on the shoulder and says "hey, you have a meeting in 20 minutes and here's what you need to know."
This guide walks you through the entire setup — from creating a server to chatting with your own AI on Telegram. By the end, you'll have a working agent that responds in your messages, runs 24/7, and is locked to only you. No prior experience required.
What is OpenClaw (and why should you care)?
OpenClaw is a full application framework with a runtime, plugin system, and API layer. But its core architecture is designed so that the parts you touch most often — your agent's personality, skills, and behavior — are defined in markdown files. These markdown files are soft guidance: they're loaded into the AI's context at session start and shape how it behaves, but they're not enforced by the runtime. Think of them as a detailed job description — they tell the agent what to do and how to act, but the system doesn't prevent it from coloring outside the lines.
That's the power of the design: OpenClaw handles the complex infrastructure (scheduling, memory, tool execution, security) so you can focus on what your agent does rather than how it works under the hood.
Here's the architecture in plain terms:
Your Phone (Telegram)
^
| messages + alerts
v
+-------------------+
| Your Server | <-- ~$12/month on DigitalOcean
| (OpenClaw) |
| + Gemini Flash | <-- Google's AI model (~$0.50/month)
| + Skills | <-- What your agent knows how to do
| + Heartbeat | <-- Checks in every 30 minutes
| + Memory | <-- Remembers who you are
+-------------------+
How is this different from Claude or ChatGPT?
| Feature | ChatGPT / Claude | Your Claw |
|---|---|---|
| Where it lives | Web app / separate tab | Your Telegram (where you already text) |
| Runs when you close it | No | Yes — 24/7 on your server |
| Remembers you between sessions | Limited | Full memory system with daily logs |
| Acts on its own | No — waits for you to ask | Yes — heartbeats, cron jobs, monitoring |
| Changes its own abilities | No | Yes — writes skills, installs plugins |
| Personality | Generic | Yours — shaped by SOUL.md |
| Your data | On their servers | On YOUR server |
You don't need to build something complex to get value out of OpenClaw. By the end of this guide, you'll have a working agent on Telegram that can manage tasks, answer questions, and proactively check in with you — all configured through markdown files you control. Part 2 covers everything that comes after: skills, memory, integrations, multi-agent orchestration, and the path from markdown editor to AI orchestrator.
The 1-Click setup (seriously, one click)
DigitalOcean has a Marketplace 1-Click App for OpenClaw. It pre-installs everything — Node.js, OpenClaw, all dependencies. You're skipping about 45 minutes of manual installation.
Free Credits
Signup and get $200 in credit for your first 60 days - thanks to DigitalOcean x Devpost.
Step 1: Create a droplet
A "droplet" is DigitalOcean's name for a server. Think of it as renting a tiny apartment for your AI to live in. It has an address (an IP address), a key (SSH), and it never sleeps.
- Go to marketplace.digitalocean.com/apps/openclaw
- Click Create OpenClaw Droplet
- Pick the $12/month option (1 vCPU, 2 GB RAM) — this is DigitalOcean's recommended starting tier for running OpenClaw. The $24/month (4 GB) option works too if you want extra headroom
- Choose an SSH key for authentication (more secure than a password)
- Click Create Droplet
If you don't have an SSH key yet: open your terminal (Mac: search "Terminal" in Spotlight; Windows: open PowerShell), and run:
ssh-keygen -t ed25519 -C "your-email@example.com"
Press Enter through the prompts. Then copy the public key:
cat ~/.ssh/id_ed25519.pub
Paste that into DigitalOcean during droplet creation. That's your digital door key.
Step 2: SSH in
Once your droplet is ready (~60 seconds), copy its IPv4 address from the DigitalOcean dashboard and connect:
ssh root@YOUR_DROPLET_IP
The first time, it asks if you trust this connection. Type yes.
You're logged in as root — that's temporary
The DigitalOcean 1-Click image runs OpenClaw as a dedicated openclaw service user behind the scenes — not as root. You're SSHing in as root for initial setup, but the agent itself runs with limited privileges. This is an important security feature: if the AI ever executes something unexpected, the damage is contained to the openclaw user's permissions, not full system access.
Important quirk: DigitalOcean's OpenClaw droplet shows a model selection prompt every time you SSH in. Press Ctrl+C to skip it. You'll need to do this every time — it's muscle memory after the second time.
Ctrl+C is the universal "cancel" command in a terminal. Think of it as the stop button on a microwave. You'll use it constantly.
New to the terminal?
If you've never used a terminal before, check out the Terminal Primer — it covers the 10 commands you actually need, how to read file paths, and essential keyboard shortcuts.
The terminal in 60 seconds
If you've never used a terminal before, here's the mental model: instead of clicking folders and files, you type their names. That's it.
Seven commands cover everything you need today:
| Command | What it does | Like... |
|---|---|---|
ls | List what's in this folder | Opening a folder on your desktop |
cd foldername | Go into a folder | Double-clicking a folder |
cd .. | Go back one folder | Clicking the back arrow |
pwd | Where am I right now? | Looking at the address bar |
cat filename | Read a file | Opening a document |
nano filename | Edit a file | Opening Notepad |
Ctrl+C | Stop whatever is running | Pressing the emergency stop |
Try it on your server right now:
pwd # Probably shows /root
ls # What's here?
You're talking to a computer in a data center somewhere. Everything you type runs on that server, not your laptop. The prompt changed from your laptop's name to root@your-droplet — that's how you know you're "inside."
Want the full breakdown?
For a deeper dive into terminal commands, file paths, SSH, and copying files between machines, read the Terminal Primer.
The #1 thing that breaks everything
Here's the setup: you SSH into your droplet as root. You run openclaw onboard. It works. You configure Telegram. It works. You run openclaw health. Green across the board.
Then you send a message to your Telegram bot. Nothing happens.
You check the logs. "GOOGLE_API_KEY is not set."
But you just set it. You watched the onboarding wizard accept it. What happened?
The root vs openclaw user trap
The DigitalOcean 1-Click image creates two separate contexts on your server:
| Context | Home directory | What it's for |
|---|---|---|
root (you SSH as this) | /root/ | System admin: apt, ufw, systemctl, npm |
openclaw (service user) | /home/openclaw/ | OpenClaw runtime: config, keys, workspace, gateway |
The OpenClaw systemd service — the thing that actually runs your agent 24/7 — runs as the openclaw user. It reads config from /home/openclaw/.openclaw/.
When you SSH in as root and run openclaw onboard, the config lands in /root/.openclaw/. The service never sees it. Your API key, your Telegram token, your model selection — all sitting in the wrong directory.
The golden rule
Every OpenClaw CLI command must run as the openclaw user:
# WRONG — config goes to /root/.openclaw/ (service can't see it)
openclaw onboard
openclaw health
# RIGHT — config goes to /home/openclaw/.openclaw/ (service reads this)
sudo -iu openclaw openclaw onboard
sudo -iu openclaw openclaw health
sudo -iu openclaw means "switch to the openclaw user and run the following command in their environment." Every time you see openclaw in a command from this point forward, prefix it with sudo -iu openclaw.
Write this on a sticky note
sudo -iu openclaw before every openclaw command. Tape it to your monitor until it's muscle memory.
How to tell if you already made this mistake
# Check: does root have a config the service can't see?
ls -la /root/.openclaw/openclaw.json
# If that file exists, you ran onboard as root. Fix it:
# Option 1: Re-run onboard as the correct user
sudo -iu openclaw openclaw onboard
# Option 2: Copy root's config to openclaw (if you customized a lot)
sudo cp -r /root/.openclaw/* /home/openclaw/.openclaw/
sudo chown -R openclaw:openclaw /home/openclaw/.openclaw/
# Restart the service
sudo systemctl restart openclaw
# Verify
sudo -iu openclaw openclaw health
Add swap memory (required on 2 GB droplets)
The $12/month droplet has 2 GB of RAM and no swap memory by default. Without swap, the npm update in the next step can exhaust memory and hang — forcing you to kill the process, which corrupts the OpenClaw binary.
This step takes 30 seconds and prevents the most frustrating failure mode in the entire setup:
fallocate -l 2G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
echo '/swapfile none swap sw 0 0' >> /etc/fstab
Verify it's active:
free -h
# You should see Swap: 2.0Gi in the output
Do this BEFORE the next step
The npm install can exhaust 2 GB of RAM — the terminal freezes, you press Ctrl+C, and the OpenClaw binary gets corrupted. Adding swap first prevents this entirely.
Update OpenClaw
The version DigitalOcean deploys may be behind the latest release. Update before configuring anything:
sudo npm install -g openclaw@latest
This takes 2-5 minutes with swap enabled. You'll see deprecation warnings — that's normal. Wait for it to complete. Do not press Ctrl+C — killing npm mid-install corrupts the binary and you'll need to clean up and reinstall.
When it finishes, you'll see something like:
added 1 package, removed 2 packages, and changed 697 packages in 3m
Verify:
sudo -iu openclaw openclaw --version
# Should show 2026.3.x
If npm hung or you killed it
If you interrupted the install, the binary is likely corrupted. Fix it:
rm -rf /usr/lib/node_modules/.openclaw-*
npm cache clean --force
sudo npm install -g openclaw@latest
The .openclaw-* files are temporary staging directories npm leaves behind when killed mid-install. They block the next attempt.
Get your API key
Your agent needs an AI model to think. Google's Gemini is fast, capable, and cheap — about $0.50/month for light usage.
What is an API key? It's like a library card. Google's AI (the library) won't give you responses (books) without your card (API key). Google gives you the card for free.
Google Gemini (recommended)
- Go to aistudio.google.com/apikey
- Sign in with Google
- Click Create API Key and copy it
Keep that key handy — you'll paste it in the onboarding wizard next.
If Google doesn't work: the fallback ladder
Not everyone can get a Google API key — work/school Google Workspace accounts often have API access disabled. If the "Create API Key" button is grayed out or missing, try the next provider:
| Provider | Setup URL | Min cost | Model to use |
|---|---|---|---|
| Google (Gemini) | aistudio.google.com/apikey | Free tier available | google/gemini-2.0-flash |
| Anthropic (Claude) | console.anthropic.com | $5 minimum | anthropic/claude-sonnet-4-20250514 |
| OpenAI (GPT) | platform.openai.com/api-keys | $5 minimum | openai/gpt-4o-mini |
Claude subscription is NOT Claude API
A paid Claude subscription at claude.ai is NOT the same as API access at console.anthropic.com. They're completely separate products. You need the API key from the console, not a subscription.
The goal is "get any model running." You can switch providers later.
Run the onboarding wizard
sudo -iu openclaw openclaw onboard
The wizard walks you through everything in order:
- Model/Auth — Pick your AI provider (Google, Anthropic, OpenAI) and paste your API key
- Workspace — Where your agent's files live (accept the default)
- Gateway — Port, auth mode, Tailscale (accept defaults)
- Channels — We'll set up Telegram separately in a moment
- Daemon — Installs the systemd service so your agent runs 24/7
- Health check — Verifies everything is running
- Skills — Install recommended skills
Choose QuickStart when prompted — it picks sensible defaults for everything. You can reconfigure any section later with sudo -iu openclaw openclaw configure --section [section].
After onboarding, explicitly set your default model:
sudo -iu openclaw openclaw models set google/gemini-2.0-flash
sudo -iu openclaw openclaw models status
Verify the gateway is running:
sudo systemctl status openclaw --no-pager
sudo -iu openclaw openclaw health
Fastest first chat
You don't need Telegram to test. After the wizard completes, run sudo -iu openclaw openclaw tui --deliver and chat with your agent right in the terminal. Part 2 covers the TUI in detail.
Connect the Control UI (Dashboard)
The Control UI is OpenClaw's built-in web dashboard. It shows sessions, tools, skills, heartbeat status, config, and real-time logs. We're connecting this first — before Telegram — so you have a visual overview of your system while you set up messaging.
The dashboard runs on port 18789 on your droplet but isn't exposed to the internet. To access it from your laptop, create an SSH tunnel — think of it as a periscope that lets only you see the dashboard:
# Run this from your LAPTOP terminal (not the droplet)
ssh -L 18789:localhost:18789 root@YOUR_DROPLET_IP
Then open http://localhost:18789 in your browser.
If the dashboard asks for a token, find yours with:
sudo -iu openclaw openclaw config get gateway.auth.token
Paste that into the dashboard settings. You can also get the full tokenized URL:
sudo -iu openclaw openclaw dashboard --no-open
This prints a URL like http://127.0.0.1:18789/#token=YOUR_TOKEN — copy and open it in your browser (with the SSH tunnel running).
Why localhost, not your public IP?
The dashboard is bound to 127.0.0.1 (localhost) by design. Nobody on the internet can reach it — only you, through the SSH tunnel. This is the secure default. Part 2 covers how to expose it on a domain with HTTPS if you want that later.
Connect Telegram
This is where your AI gets a phone number. After this step, you'll be chatting with your agent in Telegram like texting a friend.
Create your bot
- Open Telegram and search for
@BotFather - Send
/newbot - Name it whatever you want (e.g., "My AI Assistant")
- Give it a username ending in
bot(e.g.,my_assistant_2026_bot) - Copy the bot token — it looks like
123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11
Get your Telegram user ID
This is your user ID, not the bot's. You need it so the bot knows who's allowed to talk to it.
- In Telegram, send a message to
@userinfobot - It responds with a numeric ID — copy that number
Add Telegram via CLI (recommended)
From your SSH session on the droplet:
sudo -iu openclaw openclaw configure --section channels
In the wizard:
- Select Telegram (Bot API) as the channel
- Paste your bot token from BotFather
- When asked about DM access policy, select Allow list
- Enter your numeric Telegram user ID
- Add a display name (e.g., your name)
Then verify:
sudo -iu openclaw openclaw health
Option B: Dashboard setup
If you prefer a visual interface, you can also configure Telegram through the OpenClaw Dashboard. Open the Control UI (via the SSH tunnel you set up earlier) and navigate to the channels configuration.
DM Pairing: lock your bot to you
Here's something that catches everyone: you set up Telegram, send a message to your bot, and... nothing. No response. Is it broken?
No — it's a security feature called DM pairing. By default, your bot doesn't respond to unknown users. When you first message it, the bot generates a pairing code that needs to be approved on the server. This prevents random people from finding your bot and using your AI (and running up your API bill).
Approve your pairing
- Send any message to your bot in Telegram (like
/startor just "hello") - On your droplet, check for pending pairing requests:
sudo -iu openclaw openclaw pairing list
- Approve your account:
sudo -iu openclaw openclaw pairing approve telegram YOUR_CODE
Replace YOUR_CODE with the code shown in the pairing list.
After approving, send another message to your bot. This time it will respond with AI.
Why this matters
Without DM pairing, anyone who guesses your bot's username can interact with your agent — triggering actions, reading your data, or running up your API bill. DM pairing is your front door lock. Keep it on.
Your first conversation
Open Telegram. Find your bot. Send:
Hey, who are you?
Wait a few seconds. When it responds — that's YOUR server, running YOUR config, through YOUR Telegram bot. Nobody else controls this. It's yours.
Try a brain dump:
I need to finish the pitch deck, respond to Sarah's email, book a dentist appointment, and figure out pricing for the new product. What should I focus on first?
Your agent is already running with a heartbeat — a process that checks in every 30 minutes. Right now it doesn't have much to check on, but as you add memory and skills (covered in Part 2), it'll start proactively alerting you about things that need attention.
Quick diagnostics
When something isn't working, run through this in order:
# 1. Is it running?
sudo systemctl status openclaw --no-pager
# 2. Is the config valid?
sudo -iu openclaw openclaw config validate --json
# 3. Full health check
sudo -iu openclaw openclaw health
# 4. Run the doctor
sudo -iu openclaw openclaw doctor
# 5. What do the logs say?
journalctl -u openclaw -f # Ctrl+C to stop
# 6. Model status
sudo -iu openclaw openclaw models status
This sequence resolves 90% of issues. If you're still stuck, Part 2 has deeper troubleshooting resources, and DeepWiki is an AI-generated wiki of OpenClaw's entire codebase that's always up to date.
What this costs
| Component | Monthly |
|---|---|
| DigitalOcean droplet (2 GB) | $12.00 |
| Gemini 2.0 Flash (light use) | ~$0.50 |
| Telegram | Free |
| Total | ~$12.50/month |
About the cost of a streaming subscription. For an always-on AI assistant that runs 24/7 and lives in your messages. New DigitalOcean accounts get $200 in free credit — that's roughly 16 months free.
Troubleshooting: when things don't match this guide
OpenClaw is evolving fast. The version DigitalOcean deploys, the CLI commands, the config format — any of these can change between when I write this and when you read it. Here's how to handle drift:
1. Check your version first.
sudo -iu openclaw openclaw --version
Compare to the latest release on GitHub. If behind, update with sudo npm install -g openclaw@latest.
2. Use DeepWiki. DeepWiki is an AI-generated wiki of OpenClaw's entire codebase. It's free, always current, and the best resource when this guide doesn't match what you're seeing. Ask it questions like "how do I add a Telegram channel?" — it reads the actual source code.
DeepWiki works for any public GitHub repo. Just replace github.com with deepwiki.com in any repo URL. So github.com/openclaw/openclaw becomes deepwiki.com/openclaw/openclaw.
3. Check the DigitalOcean marketplace page. The DO marketplace listing has its own instructions maintained by the DigitalOcean team.
4. Read the logs. journalctl -u openclaw -f usually explains exactly what's wrong.
5. Run the health check. sudo -iu openclaw openclaw health after any config change.
What's next
You now have a working AI assistant that:
- Runs 24/7 on your own server
- Responds in Telegram
- Is locked to only you via DM pairing
- Has a visual dashboard you can access from your laptop
This is the foundation. Part 2: From Getting Started to God Mode covers everything that comes after:
- Skills — teaching your agent specific workflows (no code required)
- Memory — giving it long-term context about you, your contacts, your projects
- Integrations — connecting Gmail, Calendar, and other services
- Hardening — five layers of security for production use
- The three tiers — from markdown editor to multi-agent orchestrator
Your Claw is a reflection of you. The more you invest in it, the more it gives back. Start with Part 2 whenever you're ready.
Companion guides
New to the terminal? Start with the Terminal Primer. Never used Git? Read the GitHub Primer. Ready for Part 2? From Getting Started to God Mode.
Last updated: March 4, 2026
Verified against OpenClaw v2026.3.x and the current DigitalOcean 1-Click Marketplace image. Thanks to everyone who helped teach this material and surface the common gaps. If something doesn't match what you're seeing, let me know and I'll patch it.
