Install and onboard, step by step.
You did the Lesson 3 prep: an isolated machine, a dedicated API key with a spend cap, a kill-switch plan. Now the fun part — from bare machine to an agent that answers you, in about 25 minutes. We follow the official openclaw onboard wizard, with the two safety verifications most guides skip entirely.
01 Prerequisites (5 minutes)
On your prepared machine you need exactly three things:
- Node.js — version 22 LTS or newer (the project recommends current; 22.19+ works). Install from nodejs.org or your package manager.
- Your dedicated API key — the spend-capped one from Lesson 3 (Anthropic, OpenAI, or OpenRouter if you want to switch models freely).
- A terminal you can paste into. That's the whole toolkit.
02 Run the onboarding wizard
Start the wizard
The wizard walks you through gateway, workspace, channels, and skills. You'll make four decisions — here's the safe answer to each.
Decision: quickstart or custom? → Custom
Quickstart optimizes for the demo high. Custom takes three extra minutes and lets you make the binding choice deliberately — which is the one choice that matters.
Decision: where to bind the gateway? → Localhost. Always localhost.
This is THE setting from Lesson 3. When asked where the gateway should listen, choose 127.0.0.1 (localhost) — never 0.0.0.0, never your machine's LAN address "just to test." Remote access comes via Tailscale later, not via an open door now.
Decision: model provider → the brain you budgeted for
Paste your dedicated API key when asked. Model guidance, honestly: a mid-tier model is the right starting brain (Claude Sonnet-class or equivalent) — smart enough for real work, cheap enough that an always-on agent doesn't sting. Save frontier models for when a specific task proves it needs one. You can change this anytime; your spend cap has your back while you learn the cost rhythm.
Decision: run as a service? → Yes
Let the wizard install OpenClaw as a system service (systemd on Linux, launchd on macOS) so it survives reboots. Bonus: this also teaches you half your kill switch —
Skip skills and extra channels — for now
The wizard will offer to connect chat apps and install skills. Decline both today. Channels are Lesson 5 (done carefully), skills are Lesson 7 (done very carefully). Today's goal is a working, private, boring agent.
03 Say hello
With the service running, open the local web chat (the wizard prints the localhost URL) and introduce yourself. Give it a small real task — "what's on this machine in the workspace folder?" or "summarize this pasted article." Confirm it thinks, answers, and feels alive. Enjoy the moment — it's a legitimately great one.
04 The two verifications nobody does (do them)
Verify you're not on the internet
Also worth doing: search your home's public IP on shodan.io (free) — the same scanner that finds exposed instances can confirm you're not one.
Verify the spend cap is real
Check your provider's usage dashboard after the first day. You should see small, explainable numbers. You're learning the agent's cost rhythm now, while it does almost nothing — so you'll notice immediately if something later makes it spike.
Run it boring for 48 hours
Before connecting WhatsApp or anything exciting: just use the local chat for two days. Ask it real questions, watch the usage dashboard, stop and restart the service once for practice. Trust is built in the boring phase — and you'll meet Lesson 5 knowing exactly how your agent behaves when nothing is wrong.
What you can do now
- Install OpenClaw via the official onboard wizard with Node 22+
- Make the four wizard decisions safely: custom setup, localhost binding, budgeted model, run-as-service
- Start and stop the agent on command — your kill switch is now muscle memory
- Verify from an outside network that your gateway is unreachable
- Read your provider's usage dashboard and recognize your agent's normal cost rhythm
- Resist the urge to connect everything on night one