What this checklist is optimizing for

New users generally want three things:

A working install (fast)
A safe install (not an open relay / not public)
A recoverable install (backups + upgrades without pain)

Official references:

Dashboard (Control UI): https://docs.openclaw.ai/web/dashboard
Updating: https://docs.openclaw.ai/install/updating
Gateway runbook: https://docs.openclaw.ai/gateway

1) Install + daemonize the gateway (recommended)

Runtime requirement: Node >= 22.

Global install:

npm install -g openclaw@latest
# or:
pnpm add -g openclaw@latest

Run onboarding (recommended path):

openclaw onboard --install-daemon

This installs a per-user supervised service (launchd on macOS, systemd user service on Linux/WSL2) so the gateway keeps running in the background.

2) Dashboard access: avoid the “unauthorized” trap

The Control UI is served by the gateway (default http://127.0.0.1:18789/), but auth is enforced.

If you open the URL and see “unauthorized”:

openclaw dashboard

Use the tokenized link it prints (?token=...). The UI stores the token locally after first load.

3) Secure inbound messaging (do not run “open” by accident)

The most common beginner mistake is leaving a DM policy too permissive.

Recommended pattern:

DMs: pairing (approve new senders) or allowlist
Groups: require mentions by default (so the bot does not reply to everything)

Examples:

Telegram guide: /guides/telegram-setup
WhatsApp guide: /guides/whatsapp-setup

4) Back up the correct thing: the state directory

OpenClaw is stateful. Back up the full state directory:

Default: ~/.openclaw/

It includes:

config (openclaw.json)
credentials (OAuth tokens, channel creds)
sessions
workspace files

Simple backup:

tar -czf openclaw-state-backup.tgz ~/.openclaw

Security note: treat backups like secrets.

5) Updates: prefer the boring path

For global installs, update like this:

npm i -g openclaw@latest
openclaw doctor
openclaw gateway restart
openclaw health

If something breaks after an update:

do not “randomly reinstall” first
capture status + logs, then rollback or adjust config

6) The 3 commands that solve most early problems

Gateway supervisor + probe:

openclaw gateway status

Health snapshot:

openclaw health

Live logs:

openclaw logs --follow

7) First-week wins (high ROI)

Set a strict DM policy for every channel you enable.
Decide your remote access story early (SSH tunnel vs Tailscale). Avoid public exposure of the Control UI.
Add a scheduled backup of ~/.openclaw/.
Keep a “rescue path”: you should be able to reinstall OpenClaw and restore state in under 15 minutes.

New User Checklist: Secure Setup, Backups, and First Week Wins

Implementation Steps

What this checklist is optimizing for

1) Install + daemonize the gateway (recommended)

2) Dashboard access: avoid the “unauthorized” trap

3) Secure inbound messaging (do not run “open” by accident)

4) Back up the correct thing: the state directory

5) Updates: prefer the boring path

6) The 3 commands that solve most early problems

7) First-week wins (high ROI)

Need live assistance?

New User Checklist: Secure Setup, Backups, and First Week Wins

Implementation Steps

Step 1: Install OpenClaw and run the wizard with a daemon

Step 2: Open the dashboard the right way (tokenized link)

Step 3: Lock down inbound messaging (pairing or allowlists)

Step 4: Make a backup plan for your state directory

Step 5: Learn the 3 core debug commands

What this checklist is optimizing for

1) Install + daemonize the gateway (recommended)

2) Dashboard access: avoid the “unauthorized” trap

3) Secure inbound messaging (do not run “open” by accident)

4) Back up the correct thing: the state directory

5) Updates: prefer the boring path

6) The 3 commands that solve most early problems

7) First-week wins (high ROI)

Need live assistance?