A practical guide to how Claude Code works, who can use it, how to access it securely, and what you should know about permissions, data handling, and safe usage.

IN THIS GUIDE

1. What Is Claude Code?

2. Who Can Use Claude Code?

3. How to Access & Install Claude Code

4. Understanding the Security Model

5. Permissions & What Claude Code Can Do

6. Data Privacy & How Your Code Is Handled

7. Security Best Practices

8. Frequently Asked Questions

1. WHAT IS CLAUDE CODE?

Claude Code is Anthropic’s command-line tool for agentic coding. Unlike the web-based Claude.ai chat interface, Claude Code runs directly in your terminal and can interact with your local codebase — reading files, writing code, running commands, and managing project tasks on your behalf.

Think of it as having an AI pair programmer that sits inside your development environment. You give it natural language instructions like “refactor the authentication module to use JWT tokens” or “find and fix the bug causing the test suite to fail,” and Claude Code handles the implementation, working across your files and project structure.

This is a fundamentally different interaction model from chatting in a browser. Because Claude Code operates locally on your machine with access to your filesystem and terminal, understanding its security model is essential before you start using it.

Key capabilities at a glance:

Terminal-Native — Runs directly in your command line, not in a browser window.

File System Access — Reads, writes, and modifies files in your project directory.

Command Execution — Can run shell commands, scripts, and development tools.

Permission Controls — Configurable approval system for different action types.

2. WHO CAN USE CLAUDE CODE?

Claude Code is designed for software developers, engineers, and technical teams who work with codebases regularly. It’s available to users on several Anthropic plan tiers, though availability and usage limits may vary.

Plan Availability

Claude Code is accessible to users with a Claude Pro, Team, or Enterprise subscription, and it’s also available to API users. The exact feature set and rate limits can differ depending on your plan. Since Anthropic frequently updates plan details and pricing, it’s best to check the Claude support page (https://support.claude.com) or the official documentation (https://docs.claude.com) for the most current information on what’s included in each tier.

Technical Requirements

Claude Code requires Node.js to be installed on your system. It’s distributed as an npm package, so you’ll need a working Node.js environment. It supports macOS and Linux as primary platforms. For Windows users, Claude Code works through Windows Subsystem for Linux (WSL).

[Note: You don’t need to be an expert in AI or prompt engineering to use Claude Code effectively. If you’re comfortable with a terminal and familiar with your project structure, you can be productive quickly. That said, understanding the security implications of giving an AI tool access to your filesystem is important — which is exactly what the rest of this article covers.]

3. HOW TO ACCESS & INSTALL CLAUDE CODE

Getting started with Claude Code is a straightforward process. Here’s a walkthrough of the core steps.

Step 1: Ensure Node.js Is Installed

Claude Code is an npm package, so you’ll need Node.js on your machine. If you don’t have it, download it from nodejs.org or use a version manager like nvm.

Step 2: Install via npm

Install Claude Code globally using npm. The package is @anthropic-ai/claude-code and can be found on npmjs.com (https://www.npmjs.com/package/@anthropic-ai/claude-code).

Step 3: Authenticate

After installation, you’ll need to authenticate with your Anthropic account. Claude Code will guide you through the authentication flow in your terminal.

Step 4: Navigate to Your Project & Start

Navigate to the root of the project you want to work in, then launch Claude Code. It will begin by understanding your project’s structure and context.

Terminal commands:

# Install Claude Code globally
npm install -g @anthropic-ai/claude-code

# Navigate to your project
cd /path/to/your/project

# Launch Claude Code
claude

[Important: Always verify the exact installation steps in the official Claude Code documentation (https://docs.claude.com/en/docs/claude-code/overview), as the process or package name may evolve over time.]

4. UNDERSTANDING THE SECURITY MODEL

Because Claude Code operates directly on your machine — reading your code, running commands, and writing files — Anthropic has built a security model around user consent and explicit approval. Here’s how to think about it.

The Approval System

Claude Code uses a permission system that requires your approval before it takes potentially impactful actions. When Claude Code wants to execute a shell command, write to a file, or perform other actions that modify your system, it presents the action for your review and waits for you to approve it before proceeding.

This means Claude Code won’t silently rewrite your files or run arbitrary commands. You stay in the loop and maintain control over what actually happens on your machine.

Trust Levels & Configuration

Claude Code supports configurable permission levels that let you decide how much autonomy to grant. You can keep things locked down with manual approval for every action, or allow certain categories of operations (like file reads) to proceed automatically. The documentation provides details on configuring these permission modes to match your security preferences and workflow.

[Key Principle: Claude Code follows a “human in the loop” design philosophy. The default behavior is to ask before acting. You choose how much latitude to give it, not the other way around.]

5. PERMISSIONS & WHAT CLAUDE CODE CAN DO

It’s worth being explicit about the types of actions Claude Code is capable of, so you can make informed decisions about when and how to use it.

What Claude Code Can Do

Read files — Claude Code can read any file within your project directory to understand context, review code, or analyze your project structure.

Write and edit files — It can create new files, modify existing ones, refactor code, and make edits across multiple files in a single operation.

Execute shell commands — Claude Code can run terminal commands like git, npm, build scripts, test suites, and other CLI tools available in your environment.

Interact with MCP servers — Claude Code supports the Model Context Protocol (MCP), which allows it to connect to external tools and services through standardized integrations. This extends its capabilities beyond your local filesystem.

What to Be Aware Of

Because Claude Code can run shell commands, it has the same level of access to your system as your terminal session does. This means it could theoretically install packages, modify system files (if you have permission), make network requests, or interact with services your machine has access to.

[Security Consideration: Always review the commands Claude Code proposes before approving them, especially commands that install packages, modify system-level configurations, or interact with production environments. Treat the approval prompt the same way you’d treat pasting a command from the internet into your terminal — with informed caution.]

6. DATA PRIVACY & HOW YOUR CODE IS HANDLED

One of the most common concerns developers have about AI coding tools is: “What happens to my code?” It’s a fair question, especially if you’re working on proprietary or sensitive projects.

How Conversations Are Processed

When you use Claude Code, your prompts and the relevant code context are sent to Anthropic’s API for processing. This is how Claude generates its responses and proposed actions. The data in transit is encrypted, and Anthropic has published usage policies that outline how data is handled.

Data Retention & Training

Anthropic’s data policies apply to Claude Code usage. The specifics around whether your inputs are used for model training, how long data is retained, and what protections are in place depend on your plan type (particularly for Enterprise and API users, who typically have stricter data handling agreements).

[Recommended: Review Anthropic’s current privacy policy and terms of service (https://www.anthropic.com) for the most accurate, up-to-date information on data handling. Enterprise and Team plans generally offer additional data protections and commitments. If you’re working with highly sensitive code, this is worth investigating before adoption.]

Working with Sensitive Projects

If you’re working on projects with strict confidentiality requirements — government contracts, financial systems, healthcare data — talk to your security team before adopting Claude Code. Consider what code and context is being sent externally, whether your compliance requirements allow third-party AI tool usage, and what data handling agreements your plan provides.

7. SECURITY BEST PRACTICES

Here are practical recommendations for using Claude Code securely in your day-to-day workflow.

Start with Restrictive Permissions

When you first start using Claude Code, keep the approval requirements tight. Manually review every file write and shell command until you’re comfortable with the types of actions it proposes. You can loosen permissions over time as you build confidence in the tool’s behavior within your specific workflow.

Be Mindful of Environment Variables & Secrets

Claude Code can read files in your project directory, including .env files, configuration files with API keys, and other sensitive data. Make sure your .gitignore practices are solid and consider whether files containing secrets should be accessible in the directories where you run Claude Code.

Review Before Approving

This one is simple but critical: actually read the commands and file changes Claude Code proposes. Don’t rubber-stamp approvals. The tool is powerful and generally makes good suggestions, but every automated system can produce unexpected results — especially with complex or ambiguous instructions.

Use Version Control

Always work in a Git repository (or equivalent version control system) when using Claude Code. This gives you a safety net: if Claude Code makes changes you don’t like, you can easily review diffs and revert. Commit your work before starting a Claude Code session so you have a clean baseline to compare against.

Scope Your Sessions

Rather than giving Claude Code access to your entire home directory, navigate to the specific project you’re working on. This limits the scope of files it can read and reduces the surface area of potential unintended changes.

Keep It Updated

Like any security-relevant tool, keep Claude Code updated to the latest version. Anthropic regularly releases updates that may include security improvements, bug fixes, and new permission controls.

8. FREQUENTLY ASKED QUESTIONS

Q: Is Claude Code free to use?

A: Claude Code is included with certain Anthropic plans (Pro, Team, Enterprise) and is also available to API users. The exact pricing, rate limits, and usage caps depend on your plan. Check the Claude support page (https://support.claude.com) for current pricing details.

Q: Can Claude Code access the internet or make network requests?

A: Claude Code can execute shell commands, which means it could potentially make network requests if it runs commands like curl, npm install, or similar tools. This is why the approval system is important — you’ll see the command before it runs and can decline anything you’re not comfortable with.

Q: Does Claude Code send my entire codebase to Anthropic’s servers?

A: Claude Code sends relevant context to the API as needed to respond to your prompts — not your entire codebase at once. However, over the course of a session it may read and send multiple files as it builds understanding of your project. If you’re working with sensitive code, review Anthropic’s data handling policies and consider whether an Enterprise plan’s data protections align with your requirements.

Q: Can I use Claude Code on Windows?

A: Claude Code supports macOS and Linux natively. For Windows, you can use it through Windows Subsystem for Linux (WSL). Native Windows support is not currently available, though this may change — check the official docs for the latest platform support information.

Q: What is MCP, and should I be concerned about it?

A: MCP (Model Context Protocol) is a standardized way for Claude Code to connect with external tools and services — things like databases, APIs, or development platforms. It extends what Claude Code can do beyond your local files. MCP server integrations are configurable, and you control which ones are active. Only enable MCP connections to tools and services you trust and need for your workflow.

Q: Can Claude Code accidentally delete my files or break my project?

A: Like any tool that writes files and runs commands, there’s always some risk of unintended changes. This is why the approval system exists and why version control is essential. If you’re using Git and reviewing proposed changes before approving them, you can always revert anything problematic. Start with restrictive permissions and work in branches for extra safety.

Q: Is Claude Code suitable for enterprise and regulated environments?

A: Anthropic offers Enterprise plans with additional security features, data handling commitments, and compliance support. If you’re in a regulated industry, engage with Anthropic’s enterprise sales team to understand what protections are available. Visit anthropic.com/contact-sales for more information.

Q: How does Claude Code compare to GitHub Copilot or Cursor?

A: While all three are AI coding tools, they differ in form factor. GitHub Copilot is primarily an IDE extension that offers inline code completions. Cursor is a full AI-native code editor. Claude Code is a command-line tool that operates as an agentic assistant — it can execute multi-step tasks, run commands, and manage file operations autonomously (with your approval). The right choice depends on your preferred workflow and how much autonomy you want your AI assistant to have.

Q: Where can I find the most up-to-date Claude Code documentation?

A: The official Claude Code documentation is maintained at docs.claude.com/en/docs/claude-code/overview. For general account and billing questions, visit support.claude.com. The npm package page at npmjs.com (https://www.npmjs.com/package/@anthropic-ai/claude-code) also includes installation and release information.

“`

Running OpenClaw (formerly Clawdbot / Moltbot) on a cloud VPS instead of your personal computer is one of the smartest deployment choices you can make. A DigitalOcean Droplet gives you an always-on server with a static IP, predictable networking, and complete isolation from your personal machine — which means your AI agent runs 24/7 without tying up your laptop or risking your personal files.

DigitalOcean has become one of the most popular hosting choices for OpenClaw, and they even offer a 1-Click Deploy option from their Marketplace that handles the heavy lifting for you. This guide covers both the 1-Click approach and the manual setup, so you can choose whichever fits your comfort level.

If you’re not familiar with OpenClaw yet, start with our guide to what OpenClaw is and how it works. If you’d rather run it locally, we have installation guides for Mac and Windows.

Why Run OpenClaw on a Cloud VPS?

Running OpenClaw locally on your Mac or PC works great, but a cloud deployment solves several common pain points.

Always available. A Droplet runs 24/7 without depending on your laptop being open, plugged in, or connected to the internet. Your AI agent stays active while you sleep, travel, or close your computer.

Security isolation. Your AI agent runs on a separate machine with no access to your personal files, passwords, or accounts. If something goes wrong, your personal computer is unaffected. This is a major advantage given the security considerations around OpenClaw.

Static IP and stable networking. Unlike your home network where the IP can change and ports may be blocked, a Droplet has a fixed public IP address. This makes remote access and messaging integrations more reliable.

Scalable resources. If your agent’s workload grows — more skills, more channels, browser automation — you can vertically scale the Droplet’s CPU and RAM without starting over.

Option A: 1-Click Deploy from the DigitalOcean Marketplace

The fastest way to get OpenClaw running on DigitalOcean is their 1-Click Deploy, available in the DigitalOcean Marketplace. This provisions a security-hardened Droplet with OpenClaw pre-installed, including Docker for sandboxed execution, firewall rules, non-root user configuration, and a gateway authentication token.

Step 1: Deploy the 1-Click App

Log into your DigitalOcean account and navigate to the Marketplace. Search for “OpenClaw” and click “Create OpenClaw Droplet.” You’ll be prompted to choose a Droplet size and region.

For Droplet size, the minimum recommended is 2 vCPUs with 2GB RAM. The 1-Click image currently requires a minimum $24/month Droplet to match the snapshot’s disk and memory requirements, though DigitalOcean is working on reducing this. If budget is a concern, you can try a smaller Droplet with the manual setup method described in Option B.

Choose a datacenter region close to you for the best latency. Add your SSH key during creation — you’ll need it to log in.

Step 2: SSH Into Your Droplet

Wait for the Droplet to finish provisioning. Note that the DigitalOcean dashboard may say “ready” before SSH is actually available — if the connection fails, wait 60 seconds and try again.

ssh root@your-droplet-ip

You’ll see a welcome message from OpenClaw with setup instructions.

Step 3: Configure Your AI Provider

The welcome screen will walk you through initial configuration. You’ll need to choose your AI provider (Anthropic, OpenAI, or Gradient AI) and paste your API key. After entering the key, the OpenClaw service will restart automatically to apply the changes.

Note the Dashboard URL displayed in the welcome message — you’ll use this to access the web-based Control UI from your browser.

Step 4: Access the Dashboard

Open the Dashboard URL in your browser. The 1-Click deployment sets up Caddy as a reverse proxy with automatic TLS certificates from Let’s Encrypt — even for bare IP addresses without a domain name. This means your dashboard connection is encrypted out of the box.

You’ll need to complete the pairing process when first accessing the dashboard. Follow the on-screen instructions to pair your browser.

Step 5: Connect a Messaging Channel

From the dashboard or via SSH, connect your preferred messaging platform. The process is the same as any OpenClaw installation — create a Telegram bot via @BotFather, scan a QR code for WhatsApp, or configure Discord/Slack webhooks.

Once connected, send a test message to confirm everything is working.

Option B: Manual Setup on a Fresh Droplet

If you prefer more control over the installation, or if you want a smaller/cheaper Droplet, you can set up OpenClaw manually on a fresh Ubuntu server.

Step 1: Create a Droplet

Create a new Droplet in the DigitalOcean control panel with the following specs:

Image: Ubuntu 24.04 LTS

Size: At least 2 vCPUs and 2GB RAM (the Basic plan at ~$18/month works well). A 1GB Droplet can work with a swap file but may run out of memory during npm install.

Region: Choose the datacenter closest to you.

Authentication: Add your SSH key.

Step 2: Initial Server Setup

SSH into your new Droplet:

ssh root@your-droplet-ip

Update packages:

apt update && apt upgrade -y

Create a swap file (important for smaller Droplets to prevent out-of-memory errors during installation):

sudo fallocate -l 2G /swapfile

sudo chmod 600 /swapfile

sudo mkswap /swapfile

sudo swapon /swapfile

echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

Step 3: Create a Dedicated User

Running OpenClaw as root is a bad idea. Create a dedicated user with limited permissions:

adduser openclaw

usermod -aG sudo openclaw

su - openclaw

This ensures the AI runtime doesn’t have root-level access to your system. If a skill misbehaves, the damage is contained to this user’s permissions.

Step 4: Install Node.js 22

curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -

sudo apt-get install -y nodejs

Verify:

node --version

Step 5: Install and Configure OpenClaw

npm install -g openclaw@latest

openclaw onboard --install-daemon

The onboarding wizard will prompt for your model provider, API key, and messaging channel configuration — the same process as a local installation.

Step 6: Configure Firewall Rules

Set up UFW to restrict inbound access:

sudo ufw default deny incoming

sudo ufw default allow outgoing

sudo ufw allow OpenSSH

sudo ufw enable

Do not expose port 18789 (the gateway) publicly unless you have a specific reason and have set up proper authentication and a reverse proxy. For personal use, access the dashboard via SSH tunnel instead.

Step 7: Verify the Installation

openclaw doctor

openclaw status

If both return healthy results, your cloud-hosted OpenClaw is live.

VPS-Specific Configuration Tips

Running OpenClaw on a headless VPS introduces a few differences compared to a local desktop setup. Here are the most important things to get right:

Set execution host to gateway. On a VPS, there’s no terminal window open for OpenClaw to run commands in. The gateway process serves as the execution environment. Make sure tools.exec.host is set to gateway in your configuration, or commands will fail silently.

Disable execution consent prompts. On a local machine, consent prompts are a safety feature — OpenClaw asks “are you sure?” before running commands, and you approve them. On a headless VPS, there’s nobody sitting at a terminal to approve anything. Set tools.exec.ask to off or commands will hang indefinitely waiting for input. Compensate by being more careful about which skills you install and which permissions you grant.

Set security level appropriately. The tools.exec.security setting controls what OpenClaw is allowed to do. On a dedicated VPS where you control what’s installed, setting this to full is typically appropriate — without it, OpenClaw can’t call APIs, fetch URLs, or reach any external service. On a shared machine, keep it more restrictive.

Configuration lives in /opt/openclaw.env. On the 1-Click deployment, the main configuration file is at /opt/openclaw.env and is owned by root. The openclaw user intentionally cannot modify its own configuration — this is a security feature that prevents a misbehaving skill from changing API keys or redirecting outputs. Edit it as root with sudo nano /opt/openclaw.env and restart the service after changes.

Restart the service after config changes. Changes to the environment or configuration don’t take effect until you restart: sudo systemctl restart openclaw

Remote Access Options

SSH tunnel (recommended for personal use): Access the dashboard without exposing it publicly by forwarding the port through SSH: ssh -L 18789:localhost:18789 openclaw@your-droplet-ip, then open http://localhost:18789 in your browser.

Tailscale (recommended for multi-device access): Install Tailscale on both your Droplet and your devices to create a private, encrypted network. Your OpenClaw instance gets a private Tailscale address and remains inaccessible from the public internet.

Messaging only (simplest): If you’ve connected Telegram, WhatsApp, or another messaging channel, you don’t need to access the dashboard at all for day-to-day use. Just interact with your agent through chat.

Cost Expectations

Your total cost for running OpenClaw on DigitalOcean has two components:

Droplet hosting: The 1-Click deployment starts at $24/month (due to the current image size requirements). Manual setup on a smaller Droplet can start around $12-18/month with 2GB RAM. A 1GB Droplet ($6/month) can work for light use with a swap file configured.

AI model API costs: These depend on your provider and usage. Claude Haiku is the most cost-effective for everyday tasks, while Claude Opus is more capable but pricier. Typical personal use runs anywhere from $5-50/month in API costs depending on how active your agent is.

What to Do After Installation

Once your cloud-hosted OpenClaw is running, explore our guide to 10 practical things you can do with OpenClaw. Cron jobs and proactive automation are particularly well-suited to a VPS deployment since your agent is always on and always connected.

And don’t skip the security basics — read our OpenClaw security guide for best practices on running an AI agent safely, especially in a cloud environment.

Related Guides on Code Boost

What Is OpenClaw (Formerly Clawdbot)? The Self-Hosted AI Assistant Explained

How to Install OpenClaw on Windows (Step-by-Step WSL2 Guide)

How to Install OpenClaw on Mac (macOS Setup Guide)

10 Things You Can Do With OpenClaw (Practical Use Cases)

Is OpenClaw Safe? Security Guide for Self-Hosted AI Agents

OpenClaw (formerly Clawdbot / Moltbot) gives you something powerful: an AI assistant that can read your files, run commands on your computer, access your email, manage your calendar, and communicate through your messaging apps. That power comes with real security implications that every user needs to understand before diving in.

This guide covers the known security concerns, the built-in safeguards OpenClaw provides, and the best practices you should follow to run it responsibly. Whether you’ve already installed OpenClaw on your Mac or set it up on Windows, this is essential reading.

New to OpenClaw? Start with our overview of what OpenClaw is before reading this security guide.

The Core Security Tradeoff

OpenClaw’s entire value proposition creates a natural tension with security. For an AI agent to actually do useful things — manage your inbox, organize files, run shell commands, automate browser tasks — it needs broad access to your system. The more capable you want it to be, the more permissions it needs.

This is fundamentally different from a cloud-based chatbot like ChatGPT, which runs in a sandboxed browser environment and can’t touch your local files. OpenClaw trades that isolation for capability. You get an AI that can act on your behalf, but you also get an AI that has the same access to your system as your user account.

The question isn’t whether OpenClaw is perfectly safe — no tool with this level of system access is. The question is whether you understand the risks and are taking appropriate steps to manage them.

What Security Researchers Have Found

OpenClaw’s rapid rise in popularity has attracted scrutiny from cybersecurity firms and researchers. Here’s what’s been reported:

Cisco’s AI security team tested a third-party OpenClaw skill and found it performed data exfiltration and prompt injection without user awareness. Their finding highlighted that the ClawHub skill repository lacked adequate vetting to prevent malicious submissions at the time.

Palo Alto Networks warned that OpenClaw presents a dangerous combination of risks stemming from its access to private data, exposure to untrusted content (like messages from the web or group chats), and ability to perform external communications while retaining memory. They described this as a high-risk mix for autonomous agents.

One of OpenClaw’s own maintainers publicly cautioned on Discord that if someone can’t understand how to run a command line, this is too dangerous of a project for them to use safely.

These aren’t theoretical concerns. An AI agent with shell access, internet connectivity, and persistent memory creates a real attack surface, especially when it can receive messages from external sources like group chats or unknown contacts.

OpenClaw’s Built-In Security Features

The OpenClaw project does include several security mechanisms. Understanding what they do — and what they don’t — is important.

DM Pairing System. Unknown senders who message your bot receive a pairing code that you must manually approve via the CLI before the assistant will respond. This prevents random people from controlling your agent.

Loopback Binding. By default, the gateway listens on 127.0.0.1 (localhost only), meaning it’s not exposed to your local network or the internet. Only processes on the same machine can reach it.

Gateway Authentication Token. Even local connections require a token generated during setup. This prevents unauthorized access to the admin dashboard and API.

Sandboxed Execution. Non-main sessions can run in Docker containers, isolating them from your primary system. This is configured via the sandbox setting in your agent configuration.

Execution Consent Mode. When exec.ask is set to “on” in your configuration, OpenClaw will prompt for your approval before running write operations, shell commands, or other potentially destructive actions.

Group Chat Safeguards. In group chats, OpenClaw requires an @mention to respond by default, preventing it from reacting to every message in a channel. Group commands are restricted to the owner.

Open Source and Auditable. All of OpenClaw’s code is published under the MIT license. Anyone can review it, and the developer community has been actively auditing the codebase.

Best Practices for Running OpenClaw Safely

Beyond the built-in features, here are the steps you should take to minimize risk:

Use a Dedicated Machine or User Account

The strongest recommendation from the security community is to avoid installing OpenClaw on your primary personal computer — especially one with sensitive documents, financial accounts, or credentials. Ideally, run it on a dedicated device (a Mac Mini, a Raspberry Pi, or a cloud VPS like DigitalOcean), or at minimum create a separate macOS/Linux user account with limited permissions.

Keep the Gateway Bound to Localhost

Make sure your gateway is configured to bind to 127.0.0.1, not 0.0.0.0. Check your openclaw.json configuration to verify. Binding to 0.0.0.0 exposes the gateway to your entire network, which is rarely necessary for personal use.

Enable Execution Consent Mode

Set exec.ask: "on" in your configuration so OpenClaw asks for explicit approval before executing shell commands, deleting files, running Git operations, or performing other write actions. This is especially important when you’re still learning how the tool works.

Vet Every Community Skill Before Installing

ClawHub skills are community-contributed and have historically lacked rigorous security vetting. Before installing any third-party skill, review its source code. Cisco has released a Skill Scanner tool specifically for checking OpenClaw skills for malicious behavior — use it. Never blindly install a skill just because it’s popular or highly starred.

Store API Keys Securely

Never hardcode API keys in configuration files or leave them in plaintext on disk. Use OpenClaw’s built-in credential storage system, or better yet, use a secrets manager like Bitwarden CLI. Don’t commit credentials to repositories, and don’t leave them in your shell history.

Set Up Firewall Rules

If you’re running OpenClaw on a Linux server or VPS, configure your firewall to minimize the attack surface:

sudo ufw default deny incoming

sudo ufw default allow outgoing

sudo ufw allow 22/tcp

sudo ufw enable

Only open the specific ports you actually need. Don’t expose port 18789 (the gateway) publicly.

Use Tailscale for Remote Access

If you need to access your OpenClaw instance remotely (from your phone while away from home, for example), use Tailscale or SSH tunnels rather than exposing the gateway port to the public internet. Tailscale creates a private, encrypted network between your devices.

Review Permissions Regularly

Periodically audit which integrations and channels you have connected, what skills are installed, and what permissions the agent has. Remove anything you’re not actively using. The principle of least privilege applies here — only give OpenClaw access to what it actually needs.

The Privacy Tradeoff: Local vs. Cloud

One of OpenClaw’s main selling points is privacy — your data stays on your machine instead of being sent to a cloud provider. This is a real benefit, especially compared to cloud-hosted AI assistants that process and store your data on their servers.

But “local-first” doesn’t mean “completely private.” If you’re using a cloud AI model (Claude, GPT-4, etc.), your conversation content is still being sent to that provider’s API for processing. Only the orchestration layer runs locally. For truly private inference, you’d need to use a local model through Ollama or a similar tool — though local models are generally less capable than their cloud counterparts.

The privacy benefit is about control: you choose what gets sent where, and your configuration, memory, and credentials never leave your machine.

Who Should (and Shouldn’t) Use OpenClaw

OpenClaw is best suited for developers, system administrators, and technically-savvy users who understand the security model and can manage the risks. If you’re comfortable with the command line, know how to read code, and can audit what’s running on your system, OpenClaw can be an incredibly powerful tool.

If you’re not comfortable evaluating the security implications of giving an AI agent shell access, or if you’re running it on a machine with sensitive personal data you can’t afford to have exposed, proceed with extreme caution — or wait until the ecosystem matures further.

The bottom line: OpenClaw is a powerful, useful tool when used responsibly. Treat it the way you’d treat any software that has broad access to your system — with respect, regular audits, and appropriate safeguards.

Related Guides on Code Boost

What Is OpenClaw (Formerly Clawdbot)? The Self-Hosted AI Assistant Explained

How to Install OpenClaw on Windows (Step-by-Step WSL2 Guide)

How to Install OpenClaw on Mac (macOS Setup Guide)

How to Install OpenClaw on DigitalOcean (Cloud VPS Guide)

10 Things You Can Do With OpenClaw (Practical Use Cases)

OpenClaw (formerly Clawdbot / Moltbot) is an open-source AI assistant that runs on your own hardware and connects to your messaging apps. But once you’ve got it installed on your Mac or set up on Windows, the natural question is: what should I actually do with it?

Unlike traditional AI chatbots that just answer questions, OpenClaw is designed to take action. It can interact with your file system, run commands, browse the web, and connect to external services. Below are ten practical use cases that demonstrate what makes OpenClaw genuinely useful — along with example prompts you can send right through your messaging app.

Not sure what OpenClaw is? Read our complete guide to what OpenClaw is and how it works first.

1. Email Inbox Management

One of the most popular use cases is handing your inbox over to OpenClaw for triage. It can scan your emails, sort them by priority, summarize what needs your attention, and even draft responses for you to review.

Example prompts you might send via WhatsApp or Telegram:

"Clear my inbox of newsletters and promotional emails"

"Summarize the 5 most important emails I received today"

"Draft a reply to the email from Sarah about the project deadline"

OpenClaw connects to your email through configured integrations (Gmail, Outlook, etc.) and handles the sorting and drafting work. You review and approve before anything is sent.

2. Calendar Scheduling and Management

Instead of switching between apps to manage your calendar, you can manage it entirely through conversation. OpenClaw can check your availability, schedule meetings, resolve conflicts, and send confirmations — all from chat.

Example prompts:

"Schedule a meeting with the team next Tuesday at 3 PM"

"What does my calendar look like this week?"

"Move my Thursday afternoon meeting to Friday morning"

This is particularly powerful when combined with cron jobs (covered below), so OpenClaw can proactively send you a daily calendar summary each morning.

3. File and Folder Organization

OpenClaw has direct access to your file system (within your configured workspace), which means it can organize, rename, move, and summarize files on your behalf.

Example prompts:

"Organize my Downloads folder by file type"

"Summarize the PDF called report.pdf on my desktop"

"Find all files larger than 100MB in my home directory"

For developers, this extends to project-level tasks like cleaning up build artifacts, organizing assets, or sorting log files.

4. Browser Automation

OpenClaw can control a browser to perform tasks that would normally require you to manually navigate websites, fill out forms, and click through interfaces.

Example prompts:

"Book the cheapest flight to Berlin next month"

"Search for a 3-star hotel in Tokyo for the first week of April"

"Fill out the expense report form on our company portal"

The browser automation capabilities mean OpenClaw can handle tasks like searching, comparing, and filling forms — then report back with what it found or did. This is one of the features that led people to call OpenClaw “AI with hands.”

5. Shell Command Execution

For developers and system administrators, the ability to run shell commands through a messaging app is incredibly useful. You can manage your server, run scripts, check system health, and execute Git operations from your phone.

Example prompts:

"Run git pull on my project repo"

"Check how much disk space is left on this machine"

"Restart the Docker containers for my web app"

By default, OpenClaw prompts for consent before executing potentially dangerous commands. You can configure the exec.ask setting in your config to control which commands require approval and which can run automatically.

6. Scheduled Tasks and Proactive Reminders (Cron Jobs)

Unlike most AI assistants that only respond when spoken to, OpenClaw can run tasks on a schedule. This is one of its most distinctive features — it can proactively reach out to you through your messaging app with information or completed tasks.

Example prompts:

"Every morning at 8 AM, send me a summary of my calendar and top emails"

"Check my website for downtime every hour and alert me if it's down"

"Remind me every Friday at 5 PM to submit my timesheet"

Cron jobs turn OpenClaw from a reactive tool into a proactive assistant that works for you even when you’re not thinking about it.

7. Smart Home Control

If you have a smart home setup (HomeKit, Google Home, Alexa, SmartThings, or IFTTT), OpenClaw can serve as a natural language interface for controlling your devices.

Example prompts:

"Turn on the living room lights and set the temperature to 72°F"

"Set a routine to turn off all lights at 11 PM"

"Is the front door locked?"

The advantage over built-in voice assistants is that OpenClaw remembers your preferences, can chain multiple actions together, and operates through whatever messaging platform you prefer.

8. Research and Content Summarization

OpenClaw can search the web, read documents, and compile research summaries — then deliver the results directly to your chat.

Example prompts:

"Research the latest developments in AI agents and summarize the key trends"

"Read this PDF and give me the three most important takeaways"

"Compare the pricing of the top 5 project management tools"

With web search skills enabled, OpenClaw can pull in current information beyond its model’s training data, making it useful for market research, competitive analysis, and staying up to date on rapidly changing topics.

9. Custom Skills and ClawHub Extensions

OpenClaw’s skill system lets you extend its capabilities far beyond the defaults. ClawHub is the community skill registry where you can discover, install, and share skills with a single command.

To install a skill:

openclaw skill install <skill-name>

Community skills cover a wide range of functionality: monitoring cryptocurrency prices, tracking packages, posting to social media, integrating with project management tools, and much more. You can also build your own custom skills — just ask OpenClaw itself to help you create one.

Example prompt:

"Create a skill to monitor Hacker News for posts about AI agents and alert me when something hits the front page"

A word of caution: always vet community skills before installing them. Some have been found to contain malicious code. See our OpenClaw security guide for best practices on skill safety.

10. Coding Workflows and Developer Automation

For developers, OpenClaw pairs powerfully with coding tools. Some users run it alongside Claude Code or GitHub Copilot, using OpenClaw as the orchestration layer that delegates specific coding tasks to the right tool.

Example prompts:

"Run the test suite for my project and summarize any failures"

"Set up a Sentry webhook and automatically create PRs for critical errors"

"Review the latest PR on my repo and summarize the changes"

The multi-agent pattern is particularly interesting: you can configure separate OpenClaw agents for work and personal tasks, each with their own personality, permissions, and connected services. Some power users set up OpenClaw to autonomously run tests, capture errors, resolve them, and open pull requests — all while they sleep.

Getting the Most Out of OpenClaw

A few tips that apply across all these use cases:

Use natural language. OpenClaw doesn’t require rigid commands. Talk to it the way you’d talk to a capable colleague. The underlying AI model handles the interpretation.

Use /think high for complex tasks. This triggers deeper reasoning from the AI model, which helps with multi-step tasks that require planning.

Start with consent mode on. Especially when you’re new, keep the exec.ask setting enabled so OpenClaw asks for your approval before executing commands. You can relax this as you build trust.

Check /status regularly. The /status command shows your session info, model, token usage, and cost when available. It’s helpful for keeping track of API spending.

Customize SOUL.md. This file defines your assistant’s personality, tone, and boundaries. Editing it lets you shape how OpenClaw communicates with you — whether you want it professional, casual, or somewhere in between.

Ready to Install?

If you haven’t set up OpenClaw yet, we have step-by-step guides for every platform:

Install OpenClaw on Mac

Install OpenClaw on Windows (WSL2)

Install OpenClaw on DigitalOcean

And make sure you understand the security implications before giving your AI assistant broad access to your system: Is OpenClaw safe? Read our security guide.

Related Guides on Code Boost

What Is OpenClaw (Formerly Clawdbot)? The Self-Hosted AI Assistant Explained

How to Install OpenClaw on Windows (Step-by-Step WSL2 Guide)

How to Install OpenClaw on Mac (macOS Setup Guide)

How to Install OpenClaw on DigitalOcean (Cloud VPS Guide)

Is OpenClaw Safe? Security Guide for Self-Hosted AI Agents

If you’re looking to run a self-hosted AI assistant on your Mac, OpenClaw (formerly Clawdbot / Moltbot) is one of the most capable options available. macOS is arguably the best platform for OpenClaw — the project was largely built around the Apple ecosystem, and it shows with native features like a menu bar companion app, Voice Wake for hands-free interaction, and iMessage integration that’s exclusive to macOS.

This guide walks you through the complete installation process on macOS, from prerequisites to a fully running AI assistant. If you’re not familiar with OpenClaw yet, start with our overview of what OpenClaw is and how it works.

Why macOS Is Ideal for OpenClaw

While OpenClaw supports macOS, Windows (via WSL2), and Linux, macOS provides the smoothest experience for several reasons. OpenClaw runs natively without any virtualization layer (unlike the WSL2 requirement on Windows). The companion menu bar app gives you quick access to settings, health status, and controls. Voice Wake lets you activate the assistant by saying “Hey Claw” on macOS, iOS, and Android. And iMessage integration — only available on macOS — lets you interact with OpenClaw through Apple’s messaging platform.

Many users run OpenClaw on a Mac Mini as a dedicated always-on AI server, which is a popular and well-documented setup in the community.

Prerequisites

macOS Ventura (13) or newer — Sonoma and Sequoia are ideal. Older versions may work but aren’t officially recommended.

Homebrew — The macOS package manager. If you don’t have it, we’ll install it in Step 1.

Node.js 22 or newer — Required for OpenClaw’s runtime. We’ll install this via Homebrew.

An API key from an AI model provider — Anthropic (Claude), OpenAI (GPT-4), Google (Gemini), or a local model via Ollama. Have your key ready before starting the onboarding wizard.

Basic Terminal familiarity — You’ll be running commands in the macOS Terminal app. Open it with Command + Space, then search for “Terminal.”

Step 1: Install Homebrew (If Needed)

If you already have Homebrew installed, skip to Step 2. Otherwise, open Terminal and run:

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

Follow the prompts. Once complete, verify with:

brew --version

Step 2: Install Node.js 22

OpenClaw requires Node.js version 22 or higher. Install it with Homebrew:

brew install node

Verify the version:

node --version

You should see v22.x.x or higher. If you have an older version installed, you can upgrade with brew upgrade node or use nvm (Node Version Manager) to manage multiple versions.

Step 3: Install OpenClaw

You have two options for installation. The easiest is the one-liner install script:

curl -fsSL https://openclaw.ai/install.sh | bash

This script detects your operating system, installs Node.js if needed, and sets up the OpenClaw CLI. Alternatively, if you prefer manual control, install via npm:

npm install -g openclaw@latest

If you use pnpm instead of npm:

pnpm add -g openclaw@latest

pnpm approve-builds -g

The approve-builds step is needed because pnpm requires explicit approval for packages with build scripts (like openclaw, node-llama-cpp, and sharp).

Fixing the Sharp Installation Error

If you have libvips installed globally via Homebrew and the sharp image library fails during installation, force prebuilt binaries with:

SHARP_IGNORE_GLOBAL_LIBVIPS=1 npm install -g openclaw@latest

If you see a “please add node-gyp to your dependencies” error, install Xcode Command Line Tools first: xcode-select --install

Step 4: Run the Onboarding Wizard

Start the interactive setup:

openclaw onboard --install-daemon

The --install-daemon flag installs OpenClaw as a launchd service, so the gateway keeps running in the background even after you close Terminal or restart your Mac.

The wizard guides you through:

Model provider and API key — Choose your AI provider and paste your API key. If you use Anthropic, you can generate a setup token through the OAuth flow. Claude Opus 4.5 is the most capable option for complex tasks, while Haiku 4.5 is a cost-effective choice for everyday use.

Gateway settings — Choose “local” for personal use. The gateway binds to localhost by default.

Messaging channels — Select which platform(s) you want to use. Telegram is the quickest to set up (create a bot via @BotFather), WhatsApp connects via QR code, and iMessage is available exclusively on macOS. You can always add more channels later.

Skills setup — You can skip this for now and explore skills once you’re comfortable with the basics.

Step 5: Verify Everything Works

After onboarding completes, run these checks:

openclaw doctor

openclaw status

Both should return healthy results. To open the web-based Control UI:

openclaw dashboard

This opens your browser to the local dashboard (typically at http://127.0.0.1:18789/). If it asks for authentication, paste the gateway token from your config: openclaw config get gateway.token

The Control UI lets you chat directly with your AI assistant without setting up any external channels — it’s great for quick testing.

Step 6: Set Up the Companion Menu Bar App

OpenClaw offers a native macOS menu bar app that gives you quick access to gateway health, settings, and controls. The app is available from the OpenClaw GitHub releases page. Once installed, it sits in your menu bar and communicates with the gateway running on your Mac.

The menu bar app requires the gateway to be running. If you installed the daemon during onboarding, it should already be active. If not, you can start the gateway manually with openclaw gateway in a terminal window (and leave that window open).

Optional: Enable Voice Wake

One of the standout macOS features is Voice Wake — hands-free activation by saying “Hey Claw.” This uses your Mac’s microphone and requires granting microphone permissions to the OpenClaw companion app.

To enable it, go to System Settings, then Privacy & Security, then Microphone, and make sure the OpenClaw app has access. Voice Wake also supports push-to-talk as an overlay, which can be useful if you don’t want always-on listening.

Optional: Set Up iMessage Integration

iMessage is a macOS-exclusive channel for OpenClaw. It lets you interact with your AI assistant through Apple’s Messages app, which is especially convenient if you’re already in the Apple ecosystem.

During onboarding (or afterward), run:

openclaw channels login imessage

You’ll need to grant OpenClaw access to the Messages app in System Settings under Privacy & Security. After a macOS update, you may need to run this command again to reconnect.

Running as a Background Service

If you used the --install-daemon flag during onboarding, the gateway is already running as a launchd service. It will start automatically at login and persist across terminal sessions and restarts.

To check the service status:

openclaw status

To restart the service:

openclaw gateway restart

If you prefer to run the gateway only when you need it (not as a persistent service), skip the daemon and just run openclaw gateway in a terminal whenever you want it active.

Why the Mac Mini Has Become the Go-To OpenClaw Machine

Click Here For Mac Minis

If you spend any time in the OpenClaw community, you’ll notice that the Mac Mini — especially the M4 and M4 Pro models released in late 2024 — has become the default hardware recommendation. There are several reasons it hit a sweet spot for this use case.

Affordable entry point. The base M4 Mac Mini starts at $499, which is remarkably low for a machine capable of running an always-on AI agent with strong performance. Compared to building a dedicated Linux box or buying a mini PC, it’s competitive on price — and you get macOS-exclusive OpenClaw features (iMessage, Voice Wake, menu bar app) that aren’t available on any other platform.

Silent, tiny, and energy efficient. The M4 Mac Mini is roughly 5 inches square. It draws very little power at idle, produces almost no heat, and is completely fanless under light workloads. That makes it ideal for sitting on a shelf or tucked behind a monitor running 24/7 as a headless AI server — no fan noise, no noticeable bump on your electricity bill.

Apple Silicon performance matters for OpenClaw. OpenClaw runs on Node.js, which is single-threaded for most operations. The M-series chips have excellent single-threaded performance, which translates to a snappy, responsive agent. The unified memory architecture is also a bonus if you want to run local AI models alongside OpenClaw via Ollama — the 16GB or 24GB unified memory options handle smaller LLMs surprisingly well, enabling fully private inference without cloud API costs.

Built for headless operation. Unlike a MacBook, the Mac Mini doesn’t need a display, keyboard, or mouse connected to function. You can enable “Wake for network access” in System Settings so it stays reachable when the display is off, set up SSH or Tailscale for remote management, and it just runs indefinitely. Many users report months of uptime with zero maintenance.

Mac Mini Setup Tips for OpenClaw

If you’re using a Mac Mini as a dedicated OpenClaw server, here are a few extra configuration steps beyond the standard installation above:

Keep the OS updated first. Before installing anything, go to System Settings, then General, then Software Update and make sure macOS is fully current. Get reboots out of the way before your agent is running.

Enable Wake for network access. Go to System Settings, then Battery (or Energy Saver), then Options, and turn on “Wake for network access.” This ensures the Mac Mini stays reachable over SSH and Tailscale even when the display is off or the machine enters low-power mode.

Consider a dedicated user account. Creating a separate macOS user specifically for OpenClaw provides isolation between your AI agent and any personal data on the machine. This is especially worthwhile if the Mac Mini isn’t exclusively dedicated to OpenClaw.

Use Tailscale for remote access. Rather than exposing the gateway port directly to your network, install Tailscale on the Mac Mini and your other devices. This gives you a private, encrypted connection to manage OpenClaw from your phone or laptop anywhere in the world — without opening any ports on your router.

Disable SSH password authentication. If you have SSH enabled, switch to key-based authentication only. One less attack vector to worry about on a machine that’s always connected to the internet.

Store API keys securely. Some power users store their API keys in a password manager like Bitwarden and have OpenClaw access them through the Bitwarden CLI, rather than leaving credentials in plaintext config files. This way, if you need to rotate a key, you update it once in your vault.

For a deeper look at security best practices for any setup, see our OpenClaw security guide.

Common Troubleshooting

“command not found: openclaw” — Your terminal session doesn’t see the installed CLI. Close Terminal and open a new window, or run source ~/.zshrc. If it still fails, the npm global install may need a PATH fix.

Menu bar app shows “disconnected” — The gateway isn’t running. Start it with openclaw gateway in a terminal or ensure the launchd service is active.

Microphone permissions not working — Go to System Settings, then Privacy & Security, then Microphone, and toggle the permission for the OpenClaw app. You may need to restart the app after granting permission.

iMessage not sending messages — Re-run openclaw channels login imessage. This is commonly needed after macOS updates.

Sharp/node-gyp errors during install — Install Xcode Command Line Tools (xcode-select --install) or use the SHARP_IGNORE_GLOBAL_LIBVIPS=1 environment variable as described above.

What’s Next?

With OpenClaw running on your Mac, you’re ready to start automating. Explore our guide to 10 practical things you can do with OpenClaw for ideas on what to tackle first. If you’d rather host your assistant in the cloud instead, check out our DigitalOcean deployment guide.

Related Guides on Code Boost

What Is OpenClaw (Formerly Clawdbot)? The Self-Hosted AI Assistant Explained

How to Install OpenClaw on Windows (Step-by-Step WSL2 Guide)

How to Install OpenClaw on DigitalOcean (Cloud VPS Guide)

10 Things You Can Do With OpenClaw (Practical Use Cases)

Is OpenClaw Safe? Security Guide for Self-Hosted AI Agents

OpenClaw (formerly known as Clawdbot and Moltbot) is a self-hosted AI assistant that runs on your own hardware and connects to your messaging apps. If you’re a Windows user looking to set it up, there’s one important thing to know upfront: OpenClaw does not support native Windows installation. The official and only stable method is running it through WSL2 (Windows Subsystem for Linux).

Don’t let that scare you off — WSL2 setup is straightforward, and this guide will walk you through every step from a fresh Windows machine to a working OpenClaw assistant. If you’re not sure what OpenClaw is or why you’d want it, start with our complete explainer on what OpenClaw is.

Why WSL2 Is Required

OpenClaw’s CLI, gateway, and tooling are all built around Linux-based services, package managers, and binaries. The WhatsApp Web protocol, process management, and Unix-based tooling all assume a POSIX environment that native Windows can’t provide reliably. WSL2 solves this by running a full Linux environment alongside Windows, giving you complete compatibility with minimal overhead.

The good news is that WSL2 provides excellent performance, seamless integration with Windows, and proper systemd support for background services. Once installed, you’ll barely notice it’s there.

Prerequisites

Before you start, make sure you have the following:

Windows 10 (version 2004 or later) or Windows 11 — WSL2 requires a relatively recent version of Windows. Most systems updated in the last few years will work fine.

At least 4GB of RAM — WSL2 runs a lightweight Linux virtual machine. For comfortable use, 8GB or more is recommended.

An API key from an AI model provider — You’ll need this during setup. OpenClaw supports Anthropic (Claude), OpenAI (GPT-4), Google (Gemini), and local models via Ollama. Have your API key ready before starting the onboarding wizard.

Step 1: Install WSL2 and Ubuntu

Open PowerShell as Administrator (right-click the Start button and select “Terminal (Admin)” or search for PowerShell and choose “Run as administrator”). Then run:

wsl --install

This command enables WSL2 and installs Ubuntu 24.04 by default. If Windows asks you to reboot, do so and then continue.

After rebooting, Ubuntu should launch automatically. If it doesn’t, open “Ubuntu” from your Start Menu. You’ll be prompted to create a Linux username and password — this is separate from your Windows login and is used inside the Linux environment.

Verify you’re running WSL version 2 by opening PowerShell and running:

wsl --list --verbose

The output should show your Ubuntu distribution with VERSION = 2. If it shows VERSION = 1, upgrade it with:

wsl --set-version Ubuntu 2

Step 2: Enable Systemd

OpenClaw uses systemd to manage its gateway service. Some WSL2 distributions don’t enable it by default. Inside your Ubuntu terminal, run:

sudo tee /etc/wsl.conf > /dev/null <<'EOF'

[boot]

systemd=true

EOF

Then shut down WSL from PowerShell:

wsl --shutdown

Reopen Ubuntu from the Start Menu. Verify systemd is running with:

systemctl --version

If this returns a version number, you’re good to go.

Step 3: Install Node.js 22

OpenClaw requires Node.js version 22 or newer. Inside your Ubuntu terminal, run:

sudo apt update && sudo apt upgrade -y

curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -

sudo apt-get install -y nodejs

Verify the installation:

node --version

You should see v22.x.x or higher. If you see an older version, you may have a conflicting Node.js installation from Windows leaking into WSL through your PATH. To fix this, you can disable Windows PATH injection by adding the following to /etc/wsl.conf:

[interop]

appendWindowsPath=false

Then restart WSL with wsl --shutdown and reopen Ubuntu.

Step 4: Install OpenClaw

With Node.js 22 installed, you can now install OpenClaw globally:

npm install -g openclaw@latest

Alternatively, you can use the one-liner install script that handles everything automatically:

curl -fsSL https://openclaw.ai/install.sh | bash

Step 5: Run the Onboarding Wizard

Start the interactive setup wizard:

openclaw onboard --install-daemon

The --install-daemon flag ensures the gateway will run in the background 24/7, even when you close your terminal.

The wizard will walk you through several prompts:

Gateway settings — Choose “local” for single-device use. The gateway binds to localhost (127.0.0.1) by default, which is the secure option.

Model provider — Select your AI provider (Anthropic, OpenAI, etc.) and paste your API key when prompted. Claude Opus 4.5 is recommended for complex tasks, while Claude Haiku 4.5 is faster and cheaper for simpler use.

Messaging channel — Choose which platform you want to interact through. Telegram is the easiest to set up (you create a bot via @BotFather on Telegram), but WhatsApp, Discord, Slack, and others are also supported.

Skills — You can skip skill setup for now and add them later. Skills are modular plugins that extend what OpenClaw can do.

Say “Yes” to all permission prompts during setup. You can tighten permissions later once you’re comfortable with how everything works.

Step 6: Verify the Installation

After onboarding completes, check that everything is running:

openclaw doctor

openclaw status

To open the web-based dashboard for quick testing:

openclaw dashboard

This will give you a URL (typically http://127.0.0.1:18789/) that you can open in your Windows browser. If it prompts for authentication, the tokenized link printed by the dashboard command will include the required token.

You can also test by sending a message to your bot through whichever messaging channel you configured. Try something simple like “Hello, what’s my status?” to confirm it’s working.

Important Windows-Specific Tips

Always work in the Linux filesystem. Store your OpenClaw data in your WSL home directory (/home/yourusername/), not on the Windows mount (/mnt/c/). Cross-filesystem access between Windows and WSL is 10-20x slower and can cause issues.

Configure WSL resource limits. By default, WSL2 can use up to 80% of your system RAM, which may make Windows feel sluggish. Create a .wslconfig file in your Windows user directory (C:\Users\YourName\.wslconfig) to set limits:

[wsl2]

memory=4GB

processors=2

Use Node.js, not Bun. Bun has known compatibility issues with WhatsApp and Telegram channels on WSL2. Stick with Node.js for a stable experience.

WSL IP changes on restart. If you need to access OpenClaw from another machine on your network, you’ll need to set up port forwarding from Windows to WSL. The WSL IP address changes after each restart, so the forwarding rule may need to be refreshed.

Common Troubleshooting

“Node.js 22+ required” error — Your Node version is too old. Use nvm to install the correct version: curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash, then nvm install 22 and nvm use 22.

Port 18789 already in use — Something else is using the gateway port. Find the process with sudo lsof -i :18789 and terminate it, or change the port in your OpenClaw config.

Dashboard shows “unauthorized” — Run openclaw dashboard and use the tokenized URL it prints (the one with ?token=... in it).

Gateway not starting — Check your API keys are valid with openclaw doctor. If the daemon stopped, restart it with openclaw gateway restart.

What’s Next?

Once OpenClaw is running, the real fun begins. Check out our guide to 10 practical things you can do with OpenClaw to start putting your new AI assistant to work. And before you go too deep, we strongly recommend reading our OpenClaw security guide to understand the safety considerations of running an AI agent with system access.

If you’re on a Mac instead, head over to our macOS installation guide. If you’d prefer a cloud-hosted setup instead of running on your local machine, see our DigitalOcean deployment guide.

Related Guides on Code Boost

What Is OpenClaw (Formerly Clawdbot)? The Self-Hosted AI Assistant Explained

How to Install OpenClaw on Mac (macOS Setup Guide)

How to Install OpenClaw on DigitalOcean (Cloud VPS Guide)

10 Things You Can Do With OpenClaw (Practical Use Cases)

Is OpenClaw Safe? Security Guide for Self-Hosted AI Agents

If you’ve been hearing about “Claw Bot AI” or “Clawdbot” and wondering what all the buzz is about, you’re not alone. OpenClaw — originally launched as Clawdbot, briefly renamed to Moltbot, and now officially called OpenClaw — has quickly become one of the most talked-about open-source AI projects of 2026. It represents a fundamentally different approach to AI assistants: one that runs on your own hardware, connects to your existing messaging apps, and actually takes action on your behalf.

In this guide, we’ll break down exactly what OpenClaw is, how it works, and why developers and power users are paying attention to it.

The Name Change History: Clawdbot to Moltbot to OpenClaw

Before we dive in, let’s clear up the naming confusion. The project was originally published in November 2025 by Austrian developer Peter Steinberger under the name Clawdbot (a play on Anthropic’s AI model “Claude”). In January 2026, Anthropic issued a trademark complaint because the name sounded too similar to “Claude,” so the project was renamed to Moltbot — keeping the lobster mascot theme. Just days later, it was renamed again to OpenClaw, which is the current and official name.

If you see references to Clawdbot, Moltbot, Claw Bot AI, or OpenClaw online, they’re all referring to the same project. The CLI command has transitioned to openclaw, though some older tutorials still reference the previous names.

What OpenClaw Actually Does

Most AI assistants you’ve used — ChatGPT, Siri, Google Assistant — are fundamentally reactive. You ask a question, they give an answer. They live in the cloud, they forget you when you close the tab, and they can’t actually do anything on your computer.

OpenClaw is different in several key ways:

It runs locally on your machine. OpenClaw installs on your own computer or server. Your data, conversation history, and configuration files stay on your hardware. Nothing is sent to external servers unless you explicitly tell it to (like sending an email or calling a cloud AI model).

It connects to your existing messaging apps. Instead of a separate app or browser tab, you interact with OpenClaw through the messaging platforms you already use — WhatsApp, Telegram, Discord, Slack, Signal, iMessage, and more. You message it like you’d message a coworker.

It actually takes action. OpenClaw can clear your inbox, send emails, manage your calendar, check you in for flights, organize files, run shell commands, automate browser tasks, and control smart home devices. It’s not just answering questions — it’s doing work.

It runs 24/7 in the background. Once set up as a background service (daemon), OpenClaw stays active even when you close your terminal. It can run scheduled tasks (cron jobs), send you proactive reminders, and monitor systems while you’re away.

It remembers everything. OpenClaw maintains persistent memory across sessions. Your preferences, past conversations, and context carry over, so you never have to repeat yourself.

How OpenClaw Works Under the Hood

OpenClaw itself is not a large language model. It’s an orchestration layer — a gateway that connects an AI model of your choice to your local system and messaging platforms. Think of it as the “brain and hands” architecture:

The “Brain” is whichever AI model you connect — Claude (from Anthropic), GPT-4 (from OpenAI), Gemini (from Google), or even local models running through Ollama for fully private inference. The brain handles reasoning and natural language understanding.

The “Hands” are OpenClaw’s execution environment — the skills, shell access, file management, browser automation, and messaging integrations that let the AI actually interact with your computer and the outside world.

Your workspace directory (typically ~/.openclaw/) stores configuration, memory files, credentials, and the agent’s personality profile (defined in a file called SOUL.md).

What Can You Do With OpenClaw?

The range of practical use cases is surprisingly broad. People are using OpenClaw for email management (inbox triage, drafting responses), calendar scheduling, file organization, browser automation like booking flights and filling out forms, running shell commands, smart home control, expense tracking, and even autonomous coding workflows when paired with tools like Claude Code.

OpenClaw also supports custom “skills” — modular plugins you can install from ClawHub (the community skill registry) or build yourself. Skills extend what the agent can do, from web search to API integrations to specialized automation tasks.

For a deeper look at practical examples, check out our guide to 10 things you can do with OpenClaw.

Supported Platforms

OpenClaw runs on macOS, Windows (via WSL2), and Linux. macOS is often considered the best platform for OpenClaw because the project was largely built for the Apple ecosystem, with native features like a menu bar companion app, Voice Wake (“Hey Claw”), and iMessage integration.

Windows users need to run OpenClaw through WSL2 (Windows Subsystem for Linux), as native Windows is not officially supported. Linux works natively and is ideal for headless servers, VPS deployments, or Raspberry Pi setups.

If you’re ready to get started, we have dedicated installation guides:

How to install OpenClaw on Windows (WSL2 guide)

How to install OpenClaw on Mac

How to install OpenClaw on DigitalOcean

Is OpenClaw Free?

Yes. OpenClaw is completely free and open-source under the MIT license. The software itself costs nothing. The only expense is the API usage cost for whichever AI model you connect — for example, if you use Claude or GPT-4, you’ll pay based on your provider’s token pricing. If you run a local model through Ollama, the entire setup is completely free (aside from electricity and hardware).

The Security Question

Because OpenClaw has access to your file system, shell, messaging accounts, and potentially your email and calendar, security is a real consideration. The project includes several built-in safeguards: a pairing system that requires approval before unknown users can message your bot, loopback binding so the gateway isn’t exposed to your network by default, gateway authentication tokens, sandboxed execution for non-main sessions, and configurable consent prompts before write or execute commands.

That said, cybersecurity researchers have raised concerns. Running an AI agent with broad system access creates a real attack surface, particularly around untrusted community skills and prompt injection risks. We cover this topic thoroughly in our OpenClaw security guide.

Who Is OpenClaw For?

OpenClaw is best suited for developers, power users, and technically-minded people who are comfortable with the command line. The setup requires working with terminal commands, API keys, and configuration files. As one of the project’s own maintainers put it, if you can’t understand how to run a command line, this may be too advanced of a tool to use safely.

If you’re a developer looking for an always-on AI assistant that respects your privacy and can actually execute tasks, OpenClaw is worth exploring. If you’re looking for a plug-and-play consumer product, it’s not quite there yet.

The Future of OpenClaw

In February 2026, Peter Steinberger announced he would be joining OpenAI, and the OpenClaw project will be moved to an open-source foundation. The community of over 84,000 developers continues to grow, and the project has collected significant traction on GitHub. Whether OpenClaw itself becomes the dominant personal AI agent or simply proves the concept that others build on, it represents a meaningful shift in how we think about AI — from tools that answer questions to agents that take action.

Related Guides on Code Boost

How to Install OpenClaw on Windows (Step-by-Step WSL2 Guide)

How to Install OpenClaw on Mac (macOS Setup Guide)

How to Install OpenClaw on DigitalOcean (Cloud VPS Guide)

10 Things You Can Do With OpenClaw (Practical Use Cases)

Is OpenClaw Safe? Security Guide for Self-Hosted AI Agents

When people ask whether they should install OpenClaw locally or on a remote server, they’re usually thinking about cost or convenience.

But that’s not the real question.

The real question is:

If something goes wrong, how much of your life does it touch?

That’s what this decision is actually about — control, isolation, and blast radius.

Let’s break it down clearly.

---

First: What Does OpenClaw Actually Do?

Before we compare environments, we need to understand capability.

Depending on your setup, OpenClaw may:

• Execute shell commands

• Write and modify files

• Store API keys (OpenAI, Stripe, Meta, etc.)

• Receive webhooks from external services

• Run continuously in the background

• Integrate with Git repos

• Process user input

That means it isn’t just a dashboard.

It’s an automation surface.

And anything that can execute logic, store secrets, or interact with external systems deserves thoughtful placement.

---

Option 1: Running OpenClaw on Your Own Machine

This usually means:

• Your laptop

• Your desktop

• A home server

• A NAS

• A local Docker setup

✅ Advantages

1. Full Physical Control

You own the hardware.
You control the disk.
You control the network.

No third-party provider involved.

---

2. No Hosting Cost

No monthly bill.
No droplet to manage.

---

3. Fast Local Development

Lower latency.
Easy debugging.
Quick iteration.

---

4. Not Publicly Exposed (If LAN-Only)

If you don’t port-forward, it stays internal.
That’s a very strong security baseline.

---

❌ Risks

Here’s where it gets real.

If OpenClaw runs on your primary machine, it may have access to:

• ~/.ssh keys

• Browser cookies

• Saved sessions

• Local databases

• Git repos

• Mounted NAS drives

• Terminal history

• Environment files with API keys

• Your entire home directory

Even if you didn’t intend that.

Operating systems don’t naturally sandbox apps the way people assume.

If OpenClaw (or something interacting with it):

• Executes unexpected code

• Pulls a malicious plugin

• Has a vulnerability exploited

• Accepts unsafe user input

Then the compromise isn’t isolated to a “tool.”

It’s your actual machine.

---

The Key Concept: Blast Radius

Blast radius =

How much damage can occur if this thing is compromised?

Compare:

This is the architectural lens most people miss.

The question isn’t:

“Is cloud safer?”

It’s:

“How much can this tool touch?”

---

Option 2: Running OpenClaw on a Machine You Don’t Own (Cloud)

This could mean:

• A DigitalOcean droplet

• An AWS EC2 instance

• A VPS

• Any minimal remote Linux server

Let’s reframe something important:

You are not giving up control.
You are containing access.

---

✅ Advantages

1. Clean Environment

A fresh cloud VM has:

• No smart TV

• No NAS

• No browser sessions

• No personal SSH keys

• No unrelated services

It’s minimal.

That’s powerful.

---

2. Reduced Blast Radius

If compromised:

• You destroy the VM

• Rotate keys

• Rebuild

Your laptop?
Untouched.

Your Synology?
Untouched.

Your personal GitHub access?
Untouched.

Isolation is everything.

---

3. Stronger Network Controls

Cloud providers allow:

• Firewall rules at provider level

• Restricting SSH to your IP

• Only exposing ports 80/443

• Easy TLS via reverse proxy

Most home routers do not provide this level of control.

---

4. Designed to Be Internet-Facing

If OpenClaw:

• Receives webhooks

• Handles OAuth callbacks

• Needs uptime

• Is accessed remotely

Cloud infrastructure is built for that.

Home networks are not.

---

❌ Tradeoffs

This isn’t a magic solution.

• It costs money

• It requires configuration

• It is publicly reachable

• It will be scanned constantly

Cloud security failures are usually misconfiguration issues.

But those risks are typically more manageable than unrestricted local access.

---

The Real Security Question

Ask yourself:

What does OpenClaw need access to?

If it needs:

• Production API keys

• Payment integrations

• Advertising tokens

• Git credentials

• Long-running background execution

• External webhooks

Then isolation becomes extremely important.

If it’s:

• Personal experimentation

• Offline workflows

• Development only

• No stored secrets

Local may be perfectly reasonable.

---

A Common Mistake: Local + Port Forwarding

This is the worst of both worlds.

• Public exposure

• Consumer router

• No provider-level firewall

• Often no TLS

• No monitoring

If you’re going to expose it publicly, do it properly — and cloud environments make that easier.

---

The Professional Model

In production environments, tools like OpenClaw are typically:

• Containerized

• Run as non-root user

• Given minimal file system mounts

• Provided scoped API keys

• Firewalled tightly

• Monitored

• Backed up

This is easier to achieve cleanly in a dedicated remote VM than on your daily-use machine.

---

When You Should Run It Locally

• Development and testing

• No public exposure

• No sensitive stored secrets

• You fully understand Docker isolation

• You control network segmentation

---

When You Should Run It on a Remote Server

• Handling production API keys

• Receiving webhooks

• Interacting with money (Stripe, ads, etc.)

• Multi-user access

• Long-running automations

• Anything business-critical

---

The Hybrid Model (Often the Best Choice)

Many experienced builders do this:

• Develop locally

• Deploy to cloud for production

• Keep environments separate

• Use different API keys per environment

• Limit permissions aggressively

This gives speed and isolation.

---

Final Thought: It’s About Containment, Not Ownership

Running OpenClaw on a machine you don’t own isn’t about trust.

It’s about control.

When you run it locally, you are granting it implicit access to your world.

When you run it in a clean, isolated environment, you are choosing exactly what it can touch — and nothing more.

That difference is the entire conversation.

And once you think in terms of blast radius instead of convenience, the deployment decision becomes much clearer.

Heroku is not shutting down.

It remains supported, secure, and operational. Existing applications continue to run without disruption.

However, Salesforce has shifted Heroku into a sustaining engineering model. That shift changes how we evaluate it for new infrastructure decisions.

This article explains:

• What Heroku’s maintenance mode really means

• Whether it’s safe to build new projects on Heroku

• The long-term risks developers should consider

• Modern Heroku alternatives in 2026

• A practical decision framework

If you’re deciding whether to build on Heroku in 2026, this guide will help.

---

What Changed With Heroku?

Salesforce repositioned Heroku into a maintenance-focused strategy:

• Security updates continue

• Stability is maintained

• Compliance support remains

• Critical bug fixes continue

• Major feature innovation has slowed

• Enterprise growth investment has cooled

This is not a shutdown.

But it is a trajectory change.

---

What “Maintenance Mode” Means for Developers

A platform in sustaining engineering typically focuses on:

Heroku is now optimized for stability, not expansion.

That distinction matters for long-term architecture planning.

---

Is Heroku Safe to Use in 2026?

Yes — for existing applications.

The more important question is:

Should you build new projects on Heroku?

That depends on your goals.

---

Heroku: Strengths and Limitations

Strengths

• Extremely simple deployment workflow

• Mature operational stability

• Strong historical documentation

• Good fit for small SaaS and internal tools

• Minimal DevOps overhead

Limitations

• Slower platform innovation

• Limited roadmap visibility

• Potential ecosystem contraction over time

• Less differentiation in a container-native world

• Higher lock-in via add-ons and workflows

---

Heroku vs Modern Alternatives (Comparison)

Here’s a high-level comparison for new builds:

Feature / Criteria	Heroku	Render	Fly.io	Railway	DigitalOcean App Platform	DigitalOcean (Droplets + Docker)
Platform Status	Maintenance mode	Actively expanding	Actively expanding	Actively expanding	Actively expanding	Fully developer-controlled
Deployment Model	Git-based + buildpacks	Git + Docker	Docker-first	Git + Docker	Git + Docker	Docker / manual
Container Native	Partial	Yes	Yes	Yes	Yes	Yes
Roadmap Velocity	Low	Medium–High	High	Medium	Medium–High	Depends on you
GPU Support	No	Limited	Emerging edge focus	No	Limited	Yes (via DO GPU droplets)
Edge / Multi-Region	Limited	Moderate	Strong global edge	Limited	Moderate	Manual setup
Managed Databases	Yes	Yes	Yes	Yes	Yes	Yes (separate product)
Add-On Marketplace	Mature but static	Growing	Smaller	Growing	Smaller	External services
Vendor Lock-In Risk	Moderate–High	Moderate	Moderate	Moderate	Moderate	Low
Infra Control	Low	Moderate	Moderate	Moderate	Moderate	High
DevOps Required	Very Low	Low	Moderate	Low	Low	Moderate–High
Long-Term Scalability	Stable plateau	Growing	Growing	Growing	Growing	Fully scalable (manual)
Best For	Legacy apps, simple SaaS	Modern SaaS	Edge apps, global scale	Fast MVP	Simpler PaaS w/ cloud flexibility	Full control, cost efficiency

Key Insight:
Heroku remains stable. Most alternatives are still investing and expanding.

---

The Lock-In Factor

One of the most overlooked considerations is migration difficulty.

Heroku encourages platform-native workflows:

• Buildpacks

• Release phase

• Add-ons marketplace

• Platform-managed config vars

• Review apps and pipelines

These accelerate early development.

They can increase migration friction later.

Lock-In Spectrum

Before committing to Heroku for a new system, ask:

If we needed to migrate in 24 months, how painful would this be?

---

The Bigger Industry Context

When Heroku became dominant:

• Containers were not universal

• CI/CD tooling was immature

• Infrastructure automation was niche

• Platform engineering was rare

In 2026:

• Docker is standard

• Managed container platforms are abundant

• Infrastructure as Code is expected

• Portability is a priority

Heroku’s original abstraction advantage has narrowed.

It is no longer uniquely differentiated.

---

Our Decision Framework

We use a simple infrastructure evaluation checklist.

We Avoid Platforms That:

• Are in maintenance mode

• Have limited roadmap transparency

• Show declining ecosystem momentum

• Introduce hard-to-reverse architectural lock-in

We Prefer Platforms That:

• Are container-native

• Actively expanding features

• Support portability

• Align with cloud-native standards

---

Decision Matrix: Should You Use Heroku in 2026?

---

What We’re Choosing Instead

We are prioritizing platforms that are:

• Container-first

• Actively developed

• Portable

• Transparent about roadmap direction

Depending on project complexity, that includes:

• Modern managed PaaS platforms

• Cloud-native container services

• Kubernetes for advanced workloads

• Docker + VPS for controlled deployments

The consistent theme is momentum + portability. For this we like DigitalOcean.

 

---

Frequently Asked Questions About Heroku in 2026

Is Heroku shutting down?

No. It remains operational and supported.

Is Heroku still secure?

Yes. Security patches and compliance updates continue.

Should I migrate immediately?

Not necessarily. Existing apps can remain stable.

Is it wise to start a new SaaS on Heroku?

It depends. For short-term simplicity, possibly. For long-term infrastructure strategy, alternatives may offer more growth alignment.

What are the best Heroku alternatives?

Popular options include modern managed PaaS platforms and cloud-native container services that continue active development.

---

Final Thoughts

Heroku in 2026 is:

• Stable

• Supported

• Mature

It is not:

• Rapidly expanding

• Aggressively innovating

• Positioned as a strategic growth engine

For existing systems, stability may be enough.

For new builds, we prefer platforms aligned with forward momentum.

Infrastructure decisions compound.

We choose to build where innovation is still accelerating.

 

There’s a setup quietly circulating in AI developer circles that sounds almost too good to be true: take an NVIDIA DGX Spark ($3,999), wire it to an Apple Mac Studio ($5,599), and get nearly 3× the inference speed you’d get from either machine alone.

It’s real. EXO Labs demonstrated it. The benchmarks hold up. And the underlying principle — called disaggregated inference — is the same architecture NVIDIA is building into its next-generation data center hardware.

This post explains exactly why this works, what you need, how compatible it is with hardware you might already own, and how to think about whether it’s worth pursuing for your own local AI setup.

---

The Core Idea: Each Machine Is Good at a Different Thing

Every time you send a prompt to a large language model, two very different phases happen under the hood.

Phase 1 — Prefill. The model reads your entire prompt and builds an internal state called the KV cache. This phase is compute-heavy. It involves massive matrix multiplications across every transformer layer. The longer your prompt, the more compute it demands — it scales quadratically with token count. What matters here is raw GPU compute power (FLOPS).

Phase 2 — Decode. The model generates tokens one at a time. Each new token needs to read the entire KV cache to figure out what comes next. This phase is memory-bandwidth-heavy. There’s less math, but the model needs to shuttle large amounts of data from memory to the GPU constantly. What matters here is memory bandwidth (GB/s).

Here’s the thing: the DGX Spark and the Mac Studio are almost perfectly mismatched in these two dimensions.

	DGX Spark	Mac Studio M3 Ultra
FP16 Compute	~100 TFLOPS	~26 TFLOPS
Memory Bandwidth	273 GB/s	819 GB/s
Unified Memory	128 GB	Up to 512 GB
Price	$3,999	~$5,599 (256GB config)

The Spark has 4× the compute but only one-third the memory bandwidth of the Mac Studio. The Mac Studio has 3× the bandwidth but only one-quarter the compute.

So what if you ran prefill on the Spark (where compute matters) and decode on the Mac Studio (where bandwidth matters)?

That’s exactly what disaggregated inference does. And it’s exactly what EXO automates.

---

The Benchmark That Proves It

EXO Labs ran Llama 3.1 8B (FP16) with an 8,192-token prompt, generating 32 output tokens. Here are the results:

Setup	Prefill Time	Decode Time	Total Time	Speedup
DGX Spark alone	1.47s	2.87s	4.34s	1.9×
Mac Studio M3 Ultra alone	5.57s	0.85s	6.42s	1.0× (baseline)
Spark + Mac Studio (EXO)	1.47s	0.85s	2.32s	2.8×

The hybrid setup takes the best number from each column. The Spark’s prefill speed (3.8× faster than the Mac) combined with the Mac’s decode speed (3.4× faster than the Spark) delivers a combined result that’s 2.8× faster than the Mac alone and 1.9× faster than the Spark alone.

Neither machine can achieve this on its own. The combination is genuinely greater than the sum of its parts.

Click Here To Learn More About DGX Spark

---

How the KV Cache Transfer Actually Works

The obvious question: doesn’t sending the KV cache from one machine to the other add a huge delay?

It would, if you did it the naive way — finish all prefill, transfer the entire KV cache as one blob, then start decode. For a large model, that transfer could take seconds.

EXO solves this by streaming the KV cache layer by layer, overlapping the transfer with ongoing computation. Here’s the sequence:

1. The Spark completes prefill for Layer 1
2. Simultaneously: Layer 1’s KV cache starts streaming to the Mac Studio AND the Spark begins prefill for Layer 2
3. By the time all layers are done, most of the KV cache has already arrived at the Mac Studio
4. Decode begins immediately on the Mac Studio

The math works out because prefill computation per layer (which scales quadratically with prompt length) takes longer than KV transfer per layer (which scales linearly). For models with grouped-query attention (GQA) like Llama 3 8B and 70B, full overlap is achievable with prompts as short as 5,000–10,000 tokens over a 10GbE connection. With older multi-head attention models, you need longer prompts (~40k+ tokens) for the overlap to fully hide the network latency.

In practical terms: if you’re processing documents, codebases, or long conversation histories — the exact workloads where you’d want large models — the overlap works in your favor.

---

What You Need to Build This

The Hardware

Minimum viable setup:

• 1× NVIDIA DGX Spark (any variant — Founders Edition, ASUS Ascent GX10, Dell Pro Max GB10, MSI EdgeXpert)
• 1× Apple Mac Studio with M3 Ultra (or any Apple Silicon Mac with substantial unified memory)
• 1× 10GbE Ethernet connection between the two machines

About the network connection: Both the DGX Spark and the Mac Studio M3 Ultra have 10GbE Ethernet ports built in. You just need a Cat6a or Cat7 Ethernet cable between them — either direct (point-to-point) or through a 10GbE switch. No special networking hardware beyond what’s already in the boxes. The Spark also has its ConnectX-7 200GbE QSFP ports, but the EXO setup uses standard 10GbE, which both machines support natively.

Expanded setup (what EXO Labs tested):

• 2× DGX Sparks (connected together via ConnectX-7 for additional compute)
• 1× Mac Studio M3 Ultra (256GB unified memory)
• 10GbE network between all devices

The Software: EXO

EXO is an open-source framework from EXO Labs that turns any collection of devices into a cooperative AI inference cluster. It handles device discovery, model partitioning, KV cache streaming, and phase placement automatically.

Key facts about EXO:

• Open source: github.com/exo-explore/exo
• Supports NVIDIA GPUs (CUDA), Apple Silicon (MLX), and even CPUs
• Automatic device discovery — devices on the same network find each other without manual configuration
• ChatGPT-compatible API — your existing code that calls OpenAI-style endpoints works with a one-line URL change
• Built-in web dashboard for model management and chat
• Peer-to-peer architecture — no master/worker hierarchy

Current status (important caveat): The disaggregated inference features shown in the DGX Spark + Mac Studio demo are part of EXO 1.0. As of late 2025, EXO’s public open-source release (0.0.15-alpha) supports basic model sharding and multi-device inference, but the full automated prefill/decode splitting with layer-by-layer KV streaming is a newer capability. Check the GitHub repo for the latest release status.

Installation

On the Mac Studio (macOS):

# EXO can be installed via Homebrew or from source
brew install exo

# Or from source:
git clone https://github.com/exo-explore/exo.git
cd exo
pip install -e .

# Optimize Apple Silicon GPU memory allocation
./configure_mlx.sh

On the DGX Spark (DGX OS / Ubuntu):

git clone https://github.com/exo-explore/exo.git
cd exo
pip install -e .

Then, on both machines:

exo

That’s it. EXO discovers the other device automatically, profiles each device’s compute and bandwidth capabilities, and determines the optimal way to split the workload. A web dashboard launches at http://localhost:52415 where you can download models and start chatting.

---

Compatibility: What Hardware Can You Actually Use?

This is the question most people have. Let’s break it down.

Do you already own a Mac Studio, MacBook Pro, or Mac Mini?

Yes, you can use it. EXO supports any Apple Silicon device — M1 through M4 Ultra. The benefit scales with your memory configuration:

• Mac Mini M4 Pro (24GB): Useful for small models. Limited as a decode node for large models.
• MacBook Pro M4 Max (64–128GB): Solid decode node. Good bandwidth (~546 GB/s on M4 Max).
• Mac Studio M3/M4 Ultra (192–512GB): Ideal decode node. Highest bandwidth in the Apple lineup (~819 GB/s on M3 Ultra).

The key metric is memory bandwidth. The more bandwidth your Mac has, the faster it handles the decode phase.

Do you need specifically a DGX Spark for the compute node?

No, but it’s the best fit. The DGX Spark’s advantage is its Blackwell Tensor Cores with FP4 support, which deliver exceptional prefill throughput for its power envelope. But EXO supports any NVIDIA GPU with CUDA. In principle:

• A desktop with an RTX 4090 or 5090 could serve as the prefill node
• A Linux machine with any CUDA-capable GPU can participate
• The benefit is proportional to the GPU’s compute throughput

The Spark’s specific advantage is that it has high compute AND 128GB of unified memory, meaning it can prefill large models without running out of VRAM — something a 24GB RTX 4090 can’t do for 70B models.

What about networking?

• 10GbE (recommended minimum): Both the DGX Spark and Mac Studio have built-in 10GbE. This provides enough bandwidth for layer-by-layer KV streaming on most models with prompts over ~5k tokens.
• Thunderbolt 5 with RDMA: EXO now supports RDMA over Thunderbolt 5 on compatible Macs (M4 Pro Mac Mini, M4 Max Mac Studio, M4 Max MacBook Pro, M3 Ultra Mac Studio). This reduces inter-device latency by 99% compared to TCP/IP networking. Requires matching macOS versions on all devices.
• Standard 1GbE: Works for basic model sharding but will bottleneck KV streaming for the disaggregated inference setup. Not recommended for the Spark + Mac hybrid workflow.
• Wi-Fi: EXO supports it for device discovery and basic inference, but the bandwidth is too low for competitive disaggregated inference speeds.

Can you use this with models other than Llama?

Yes. EXO supports LLaMA, Mistral, Qwen, DeepSeek, LLaVA, and others. The disaggregated inference benefit applies to any transformer-based model, though the specific crossover point (where KV transfer overlaps fully with compute) depends on the model’s attention architecture. Models with grouped-query attention (GQA) — which includes most modern large models — benefit at shorter prompt lengths.

---

Who This Setup Is Actually For

Developers and researchers who already own both an NVIDIA GPU system and an Apple Silicon Mac. If you already have a Mac Studio for daily work and you’re considering a DGX Spark for CUDA development, the hybrid cluster is a compelling bonus. Instead of choosing between them, you use both together.

Teams running RAG pipelines with long context. The disaggregated approach shines with long input prompts (5k+ tokens). If your workflow involves ingesting documents, codebases, or knowledge bases before generating responses, the Spark handles that ingestion phase at maximum speed while the Mac generates the actual output at maximum bandwidth.

Anyone frustrated by the “compute vs. bandwidth” trade-off. Every current AI device forces a compromise. High-end NVIDIA GPUs have incredible compute but limited VRAM. Apple Silicon has massive bandwidth but modest compute. The hybrid cluster sidesteps this trade-off entirely by using each device for the phase it’s optimized for.

Who this is probably NOT for

Casual users running 7B models. If your models fit comfortably on a single device and generate tokens fast enough for your needs, the complexity of a multi-device setup isn’t worth it.

Anyone expecting plug-and-play simplicity today. EXO is actively evolving. The basic multi-device inference works well. The advanced disaggregated scheduling is newer. Expect some configuration and troubleshooting, particularly around network optimization and model compatibility.

Budget-constrained buyers. A DGX Spark ($4,000) plus a Mac Studio M3 Ultra ($5,600) is a $9,600+ investment. If cost is the primary concern, you’d get more raw tokens-per-dollar from a multi-GPU desktop build (though you’d lose the disaggregated inference benefit and the Apple development experience).

Click Here To Learn More About DGX Spark

---

The Bigger Picture: Why This Matters

This isn’t just a clever hack. Disaggregated inference — separating prefill and decode onto different hardware — is the same architectural principle NVIDIA is building into its next-generation data center platforms. NVIDIA’s upcoming Rubin CPX architecture will use compute-dense processors for prefill and bandwidth-optimized chips for decode, exactly mirroring what EXO demonstrates with off-the-shelf hardware today.

The implications are significant:

Your hardware doesn’t have to be one brand. The DGX Spark runs CUDA on ARM Linux. The Mac Studio runs MLX on macOS. They speak to each other over standard Ethernet. The idea that your AI infrastructure has to be homogeneous is simply not true anymore.

Adding devices makes the system faster, not just bigger. Traditional multi-GPU setups often suffer from coordination overhead. Disaggregated inference is different — each device does what it’s best at, and the pipeline is additive rather than averaging.

This is early. EXO is experimental. The software is evolving rapidly. But the principle is sound, the benchmarks are real, and the trend in AI hardware is clearly moving toward heterogeneous, disaggregated architectures.

If you have a DGX Spark and a Mac Studio sitting on the same desk — or if you’re considering buying one to complement the other — it’s worth an afternoon of experimentation. The 2.8× speedup isn’t theoretical. It’s waiting for you on the other end of a 10GbE cable.

---

Quick Reference: What to Buy, What to Know

Component	Recommendation	Why
Compute node	DGX Spark (any OEM variant)	Best prefill throughput per watt; 128GB handles large models
Bandwidth node	Mac Studio M3 Ultra 256GB+	Highest memory bandwidth available in desktop form factor
Network	10GbE Ethernet (built into both devices)	Sufficient for KV streaming; zero additional hardware cost
Software	EXO (github.com/exo-explore/exo)	Handles discovery, partitioning, and KV streaming automatically
Upgrade path	Thunderbolt 5 RDMA (if supported)	99% latency reduction for Mac-to-Mac or Mac-to-Spark links
Models	GQA-based (Llama 3, Qwen 2.5, DeepSeek)	Better overlap efficiency at shorter prompt lengths
Sweet spot	Prompts 5k–128k tokens, 70B+ models	Where disaggregated inference provides the most dramatic gains

Click Here To Learn More About DGX Spark