Lesson 5 · OpenClaw, Safely Pro ~10 min read Channels, done right

Connect your channels: WhatsApp, Telegram, Discord.

This is the feature that made OpenClaw famous — your agent as a contact in your own messenger. It's also where two of the nastiest real-world exploits happened. So we'll do it the way professionals connect anything: one channel, least privilege, and a hard rule about group chats.

Pick ONE channel to start

OpenClaw supports twenty-plus channels: WhatsApp, Telegram, Slack, Discord, Signal, iMessage, Teams, and more. Connect exactly one today. Every channel is a new door into your agent; doors are easier to watch when there's one of them. Honest guidance on the big three:

1

Telegram — the easiest safe start (our pick)

Telegram's bot system was built for exactly this: you create a dedicated bot via @BotFather in two minutes, get a token, and paste it into OpenClaw. Your agent is a separate identity from you by design — no account sharing, clean revocation (kill the token, kill the access), and only people who know the bot exists can message it. Set it to ignore everyone except your own Telegram user ID (the wizard offers an allowlist — use it).

2

WhatsApp — the famous one, with a real trade-off

The classic OpenClaw experience links via WhatsApp Web QR code — meaning the agent acts as a WhatsApp account. If that's your main account, your agent can see and message everyone you know. Don't do that. If you want WhatsApp, give the agent its own number (a cheap eSIM or spare SIM) so it's a contact you message, not a puppet wearing your identity. Also know that automation sits in a gray zone of WhatsApp's terms — accounts have been banned; another reason it shouldn't be your main one.

3

Discord — fine, with the server caveat

A dedicated Discord bot in a private server you control is a solid setup. The danger is the tempting one: inviting your agent into busy public servers — which is the group-chat problem below, at scale, with strangers.

The two traps that burned real users

A

The shared-context trap

Researchers found real deployments where all direct messages fed one shared conversation context — so a password or API key one person pasted became visible to anyone else who messaged the bot. The fix is configuration: ensure per-user (or at minimum per-chat) session isolation, and never paste secrets into an agent chat at all — a chat log is a place credentials go to be discovered.

B

The group-chat trap

An agent in a group chat takes instructions from everyone in the group — and acts with your permissions. Researchers demonstrated group members steering agents into reading environment variables and even joining other groups. One sentence of policy prevents all of it: your agent doesn't sit in group chats. If you ever relax this, it's a read-only agent in a group of people you'd hand your laptop to — and even then, no file or shell access wired up behind it.

Your agent's inbox is an attack surface. Anyone who can message your agent is effectively typing into a terminal on your agent's machine — that's the mental model. Allowlists (only my user ID, only these two numbers) are not paranoia; they're the seatbelt.

Connect it (10 minutes)

  1. Stop the service (kill-switch practice!), run openclaw onboard again or the channels config, and pick your one channel.
  2. Follow the wizard: bot token for Telegram/Discord, QR link for WhatsApp (dedicated number).
  3. Set the allowlist so the agent answers only you.
  4. Restart, message it from your phone: "introduce yourself." Savor the reply — this is the moment OpenClaw sells itself.
  5. Then test the boundary: have a family member message it. Correct result: silence.
The payoff

From here on, your agent is ambient: in line at the store you can ask it to check a fact, kick off research, or note a thought into a file on its machine. The next lesson makes that power routine — real workflows that justify the whole project.

This week's discipline

One channel, allowlisted to you, no groups, no secrets in chat. Live with it for a week before even thinking about a second channel. Each door you add after this should answer a real need — not the collector's itch.

Next: your first real workflows → All OpenClaw lessons →

What you can do now

  • Choose the right first channel — Telegram bot for clean identity separation, WhatsApp only with a dedicated number
  • Configure an allowlist so only you can command your agent
  • Explain the shared-context leak and verify per-user session isolation
  • State the group-chat rule and why an agent in a group obeys the whole group
  • Treat the agent's inbox as an attack surface — and never paste secrets into it
Pro
Up next in OpenClaw, Safely

Lesson 6 · Your first real workflows: email triage, calendar, daily briefing

The starter automations that turn a cool demo into a working assistant — designed so each one stays inside the safety rails you've built. See pricing →