How to Set Up OpenClaw in 2026 (And What It Actually Costs)

What Is OpenClaw?

If you've been anywhere near the AI space in 2026, you've heard of OpenClaw. With 247k+ GitHub stars, it's the most popular open-source AI agent project ever built. And unlike most open-source AI tools, people actually use it daily.

Here's what OpenClaw does:

• Runs locally on your own hardware (VPS, personal machine, or any Linux/macOS machine)
• Integrates with messaging apps — WhatsApp, Telegram, Signal, Discord — so you interact with your AI agent through the apps you already use
• Manages email and calendars — reads, drafts, schedules, and responds on your behalf
• 100+ AgentSkills — from web research to file management to code execution to data analysis
• Privacy-first — your data stays on your hardware, not on someone else's cloud

The appeal is obvious. Instead of paying for fragmented AI subscriptions (one for email, one for scheduling, one for research), you get a single agent that handles everything, running on infrastructure you control.

The catch? Setting it up properly is harder than it looks.

The DIY Setup Path

Let's walk through what it actually takes to deploy OpenClaw yourself. This is the honest version — the steps the documentation covers, and the ones it doesn't.

Step 1: Provision Your Server

For a hosted setup, you need a VPS with at least 4GB RAM, 2 vCPUs, and 40GB storage. Hetzner, Contabo, or DigitalOcean all work. Ubuntu 22.04 LTS is the most tested base.

# After SSH into your fresh VPS
sudo apt update && sudo apt upgrade -y
sudo apt install -y docker.io docker-compose git ufw fail2ban

Step 2: Security Hardening

This is where most guides stop at "install Docker and go." In reality, you need:

• SSH key-only authentication — disable password login entirely
• Firewall rules — UFW configured to allow only SSH (custom port), HTTPS, and your messaging bridge ports
• Fail2ban — to block brute-force SSH attempts
• Docker socket security — the Docker socket is root-equivalent access; it needs proper permissions
• Automatic security updates — unattended-upgrades configured for critical patches

# Basic firewall setup
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 2222/tcp  # Custom SSH port
sudo ufw allow 443/tcp   # HTTPS
sudo ufw enable

Most people skip half of this. Then they wonder why their agent gets compromised two weeks later.

Step 3: Deploy OpenClaw

The actual OpenClaw deployment uses Docker Compose:

git clone https://github.com/openclaw/openclaw.git
cd openclaw
cp .env.example .env
# Edit .env with your API keys and configuration
docker-compose up -d

Simple enough on the surface. But the .env file has 40+ configuration variables, and getting them wrong means your agent either doesn't start, doesn't connect to your messaging apps, or exposes your API keys.

Step 4: Composio OAuth Setup

OpenClaw uses Composio for OAuth integrations — Gmail, Google Calendar, Microsoft 365, and others. Setting up Composio requires:

1. Creating a Composio developer account
2. Registering your OAuth application with Google/Microsoft
3. Configuring redirect URIs (which need HTTPS, which means you need a domain and TLS certificate)
4. Generating and securely storing OAuth tokens
5. Connecting the tokens to OpenClaw's configuration

This step alone takes most people 3-5 hours of troubleshooting. OAuth error messages are notoriously unhelpful, and a single mismatched redirect URI means nothing works.

Step 5: Messaging Bridges

Each messaging platform requires its own bridge:

• WhatsApp: Requires either the official WhatsApp Cloud API (business account needed) or a Matrix bridge (mautrix-whatsapp). Both have setup complexity.
• Telegram: Telegram Bot API is straightforward, but configuring it for two-way conversation (not just bot commands) takes additional work.
• Signal: Signal bridge requires a phone number registration and the signald daemon. This is the most finicky bridge to maintain.
• Discord: Discord bot token + gateway intents configuration. Relatively straightforward but requires developer portal setup.

Each bridge runs as a separate Docker container, needs its own configuration, and needs to communicate with the OpenClaw core over a shared network.

Step 6: Agent Workflows

Once everything is running, you configure the agent's behavior:

• What skills to enable (all 100+, or a curated subset?)
• How to handle different message types (is an email from your boss treated differently than a newsletter?)
• Scheduling rules (when should the agent proactively check your calendar?)
• Privacy boundaries (which contacts can trigger actions? which data can the agent access?)

This is where OpenClaw becomes genuinely powerful — but also where the configuration becomes genuinely complex.

Where People Get Stuck

After helping users and reading hundreds of GitHub issues, here are the most common failure points:

Security Hardening

The problem: People run OpenClaw on a VPS with default SSH settings, no firewall, and Docker exposed to the internet. Within days, their server gets compromised.

Why it's hard: Security isn't OpenClaw's domain — it's systems administration. The OpenClaw docs assume you already have a secure server. Most users don't.

OAuth Token Management

The problem: OAuth tokens expire. Refresh tokens sometimes fail. Google's OAuth consent screen has strict requirements. Microsoft requires admin consent for certain scopes.

Why it's hard: OAuth is a maze of provider-specific requirements, and the error messages rarely tell you what's actually wrong. "Invalid grant" could mean 15 different things.

Messaging Bridge Stability

The problem: Bridges disconnect, especially WhatsApp and Signal. WhatsApp has rate limits. Signal's registration process can fail silently.

Why it's hard: These bridges are reverse-engineered or use unofficial APIs. They break when the messaging platform updates, and the fix isn't always immediate.

Docker Networking

The problem: Containers can't communicate with each other. DNS resolution fails inside Docker networks. Port conflicts between bridges.

Why it's hard: Docker networking is a separate skill from Docker itself. Most tutorials don't cover multi-container networking with external bridge services.

The Time-vs-Money Calculation

Let's be honest about the numbers.

DIY setup time (based on community reports and our experience):

If you factor in the value of your time, the DIY path can easily cost more than a professional setup. And that's assuming you succeed on the first attempt — many people spend additional hours on Reddit and Discord asking for help.

The other hidden cost: ongoing maintenance. Bridges break, tokens expire, security patches need applying. Budget 1-2 hours per month for upkeep.

Professional Setup Options

Several providers now offer white-glove OpenClaw deployment. Here's the market in 2026:

ELM Labs offers professional OpenClaw setup starting at 300 EUR, significantly below the market rate. All tiers include 14 days of support.

We offer OpenClaw setup as a service because we've already solved every problem in this article. Our deployments include:

• VPS provisioning and hardening — SSH keys, custom ports, UFW, fail2ban, unattended-upgrades, Docker socket security
• Docker sandbox deployment — isolated containers with proper networking, volume management, and restart policies
• Composio OAuth — fully configured for your Google/Microsoft accounts, with documented token refresh procedures
• Telegram bridge — configured and tested
• Custom agent workflows — tailored to how you actually work
• Full documentation — architecture diagram, configuration reference, troubleshooting guide
• 14-day support — we fix anything that breaks in the first two weeks

The personal machine tier adds local model support (Ollama for offline inference), remote access configuration, and advanced AgentSkills setup.

Additional agents (for family members or team) are available at an additional cost — see our pricing.

What you get that DIY doesn't give you:

1. A deployment that's actually secure from day one
2. Documentation specific to your setup (not generic wiki pages)
3. Someone to call when Telegram bridge disconnects at 2 AM
4. Confidence that your API keys and personal data aren't exposed

Do I Own Everything?

Yes. After setup, you own:

• The server (your VPS account or your personal machine)
• All configuration files
• All documentation and architecture diagrams
• Full admin access to everything

No lock-in. No recurring fees from us. No platform dependency. If you want to modify the configuration, switch providers, or take over maintenance entirely — you can. We provide the documentation to make that possible.

After the 14-day support period, you're fully autonomous with the documentation we provide.

The Bottom Line

OpenClaw is genuinely impressive software. It's the kind of tool that makes you wonder why you ever paid for 5 separate AI subscriptions. But like any powerful tool, the gap between "downloaded" and "running securely in production" is real.

If you enjoy systems administration and want to learn, the DIY path is rewarding. Budget 15-30 hours and accept that messaging bridges will be frustrating.

If you value your time and want it done right, professional setup starts at 300 EUR — less than what most people spend in billable hours trying to do it themselves.

Either way, OpenClaw is worth running. The question is just how you get there.

FAQ

What are the minimum requirements to run OpenClaw?

For a VPS-hosted setup, you need at least 4GB RAM, 2 vCPUs, and 40GB storage. Ubuntu 22.04 LTS is the most tested base OS. You will also need Docker and Docker Compose installed, a domain name with HTTPS for OAuth integrations, and API keys for the LLM providers you want to use. For a personal machine setup, any modern Linux or macOS system with similar specs will work.

How much does OpenClaw cost to run?

OpenClaw itself is free and open-source. Your ongoing costs are VPS hosting (affordable monthly plans from providers like Hetzner or Contabo), LLM API usage (varies based on how heavily you use the agent), and optionally a domain name. There are no subscription fees or platform charges. Professional setup from ELM Labs starts at 300 EUR as a one-time cost, and after the 14-day support period you are fully autonomous with no recurring fees from us.

What kind of support comes with professional OpenClaw setup?

ELM Labs includes 14 days of post-setup support with every tier. During this period, we fix anything that breaks — messaging bridge disconnections, OAuth token issues, Docker networking problems, or configuration adjustments. You also receive full documentation specific to your deployment, including an architecture diagram, configuration reference, and troubleshooting guide. After the support period, you have everything needed to maintain the system independently.

Can I customize OpenClaw after it is set up?

Yes, you own everything after setup — all configuration files, documentation, and full admin access. OpenClaw supports 100+ AgentSkills that you can enable or disable, custom workflow rules for different message types, scheduling preferences, and privacy boundaries. You can modify any configuration, switch LLM providers, add or remove messaging bridges, and extend functionality. There is no vendor lock-in or platform dependency.

What are the alternatives to OpenClaw?

The main alternatives are commercial AI assistant platforms like individual ChatGPT, Claude, or Gemini subscriptions, or other open-source agent frameworks. OpenClaw's advantage is that it consolidates multiple AI functions (email, calendar, messaging, research, code execution) into a single self-hosted agent, giving you privacy control and avoiding fragmented subscriptions. The tradeoff is setup complexity, which is why professional deployment services exist.