---

About

ClawFather is a better, more secure way to install OpenClaw with Docker.

The family business with macOS in mind uses a lightweight bridge to communicate with your system "OpenClaw Bridge" instead of giving full system access 🧨

“It’s not personal. It’s strictly business.”

Please at least read this before installing OpenClaw: 01-security-risks.md

Why? So that you don't fuck up. From there, you are on your own my friend.

Please don't create Skynets or Molt churches. Use Asimov's laws as a guide. And always be careful with API keys!

Install

Run this in terminal:

bash <(curl -fsSL https://raw.githubusercontent.com/Jaroslav84/clawfather/master/install.sh)

Demo asciinema play -s 2 ./screenshots/demo.cast (local replay)

Features

• Setup wizard: for OpenClaw inside Docker in a super secure and easy way

• Folder Mirroring:

  From	To	Description
  macOS/Linux	Docker	"Projects" folder mirrored into Docker workspace (optionally)
  Docker	macOS/Linux	'workspace' folder mirrored into your macOS/Linux

• Range of Docker images to select:

  Image	Security
  alpine	⭐⭐
  fourplayers	⭐⭐⭐⭐⭐
  phioranex	⭐⭐⭐⭐ [UNTESTED]
  coollabsio	⭐⭐⭐ [UNTESTED]
  1panel	⭐⭐⭐ [UNTESTED]

• Local LLM support: pre-configures Docker to work with Ollama, installs everything needed.

• Easy Pairing process: so that no one (even with token) can talk to your OpenClaw

• Skills: Hand picked collection from clawhub.ai with sync_skills.sh which downloads skills inside CLAWHUB_SKILLS.md

• Guides: Pre-install · Post-install · OpenClaw Reference · Bonus

• Pre-configured with 3 agents (general/light/heavy): Fine-tuned model and agent selection for different use cases. Keeps costs low.

• OpenClaw Bridge: lightweight bridge for Docker → macOS enabled by default

NOTE: setup channels, change provider yourself ;)

Security Toggles

• Sandbox Mode: restricts agent file access to the workspace folder only
• Safe Mode: blocks destructive commands unless you approve them manually
• OpenClaw Bridge (Host Access): allows container to reach Ollama, bridges, and host services
• Browser Control: lets the agent drive a browser for web automation
• Tools Elevated: enables elevated host exec and high-privilege tools
• Hooks: enables gateway hooks for automation and custom event handling
• No New Privileges: prevents process privilege escalation (hardens container)
• Offline Mode: disconnects the container from all networks (air-gapped)
• Paranoid Mode (cap_drop): drops all Linux capabilities for maximum container isolation
• Auto-Start Docker: restarts the container automatically after system reboot
• Read-Only Mounts: protects the skills folder from agent modification
• Root Mode: runs container as root
• God Mode: grants agent control over the Docker socket to manage other containers

LLM Settings

Pre-configured with 4 providers × 3 agents (general/light/heavy):

Fine-tuned model and agent selection for different use cases. Keeps costs low.

• Z.AI is default provider
  • general zai/glm-4.7
  • light zai/glm-4.7-flash
  • heavy zai/glm-4.7
• Google & Antigravity as fallback
  • general: google/gemini-3-pro-preview OR google-antigravity/gemini-3-pro-high
  • light google/gemini-3-flash-preview OR google-antigravity/gemini-3-flash
  • heavy google/gemini-3-pro-preview OR google-antigravity/gemini-3-pro-high
• Anthropic as option
  • general anthropic/claude-sonnet-4-5
  • light anthropic/claude-haiku-4-5
  • heavy anthropic/claude-opus-4-5
• Local Ollama as option
  • general ollama/glm-4.7 OR ollama/gemini-3-pro OR ollama/claude-3-sonnet-20250219
  • light ollama/glm-4.7-flash OR ollama/gemini-2.0-flash-lite OR ollama/claude-3-haiku-20240307
  • heavy ollama/glm-4.7 OR ollama/gemini-3-pro OR ollama/claude-opus-4-5-thinking

Guides — Table of Contents

Doc Set	Entry
Pre-install	00-TABLE-OF-CONTENTS · Post-install · OpenClaw
Post-install	00-TABLE-OF-CONTENTS · README
OpenClaw	00-TABLE-OF-CONTENTS
Bonus	Use cases & monetization · Top 30 time-saving skills

Pre-install (10 guides)

#	Guide	Description
01	Security Risks	Threat model, API keys, bridge exposure
02	Security Pre-Install	Environment hardening, firewall, secrets
03	Cost Estimations	API costs, model pricing, usage estimates
04	Docker vs Local	Trade-offs, isolation, host access
05	Bridge Options	OpenClaw Bridge, Keyboard Maestro, host commands
06	OpenClaw Readme	Architecture, apps, official docs
07	Manual Install	Docker setup, multi-model, hardening
08	Docker Image Comparison	Image variants, sizes, tags
09	Dashboard & Assistant Troubleshooting	Startup issues, UI, debugging
10	Security Post-Install	→ redirects to post-install

Bonus

#	Guide	Description
00	Use Cases & Monetization	Ideas, earning, integrations
01	Ways to Save Time	Top 30 time-saving OpenClaw skills

Post-install (33 guides)

#	Guide	Description
01	Security Post-Install	Bridge audit, Docker hardening, skill scanner, log review
02	Cron Jobs	Scheduled tasks, reminders, morning briefings
03	Heartbeat Builder	Periodic checks via HEARTBEAT.md
04	Session Reset Rules	Idle timeout, daily reset, custom triggers
05	WhatsApp	Chat via Baileys with allowlist & pairing
06	Telegram	Bot in DMs and groups
07	Discord	Bot in guilds and DMs
08	Slack	Bot in channels, slash commands
09	Matrix	E2EE rooms via plugin
10	Secure DM Mode	Per-user session isolation
11	Webhook Presets	Gmail, GitHub, custom wake/agent webhooks
12	Identity Wizard	Name, theme, emoji, avatar
13	Boot Personas	BOOT.md startup instructions
14	Message Formatting	Prefixes, reactions, typing indicators
15	OpenClaw Bridge	HTTP server, AppleScript, host commands
16	macOS Docker Setup	Security-focused Docker options
17	Keyboard Maestro	KM Web Server, macros, auth
18	macOS Skills	peekaboo, apple-mail, accli, etc.
19	Tool Allowlist	Control exec, read, write, elevated
20	Sandbox Options	Workspace restriction, Docker sandbox
21	Media & Transcription	Audio/video transcription (Whisper, Gemini)
22	Model Role Routing	General, light, heavy model routing
23	Custom Provider	LiteLLM, self-hosted models
24	Tailscale Setup	Serve, Funnel for remote access
25	Remote Gateway	Connect clients to remote gateway
26	Discovery mDNS	LAN discovery
27	Logging Config	Level, file, redaction
28	Background Exec	Long-running commands
29	Health & Doctor	doctor, security audit commands
30	Memory Search	Embeddings, RAG
31	Queue & Routing	Batching, mention patterns
32	Skill Quick-Install	Sync, clawhub, scanner
33	Scheduled Backup	Config and skills backup automation

OpenClaw Reference (12 docs)

#	Doc	Description
01	Configuration	Config file, paths, RPC apply/patch, key options
02	Security	Audit, checklist, hardening, credential storage
03	CLI Reference	Command tree, global flags, all CLI commands
04	CLI config	config get/set/unset — config by path
05	CLI gateway	gateway run — WebSocket server, channels, nodes
06	CLI health	health — gateway health probe
07	CLI security	security audit — config + state checks, fix
08	CLI devices	devices list/approve/reject — pairing
09	CLI models	models status/set/scan — model discovery, auth
10	CLI agent	agent — run one LLM turn
11	CLI message	message send/poll/react — channel ops (needs --target)
12	RPC API	Gateway RPC, adapters, config.apply/patch

Skills included

skills/
├── AI Security
│   ├── skill-scanner: Malware scanner for skills
│   ├── openclaw-security-hardening: Protect from prompt injection
│   ├── hivefence: Collective immunity network
│   └── ai-skill-scanner: Audit & scan skills
├── Managers
│   ├── agents-manager: Profile & route tasks
│   ├── agnxi-search-skill: Search AI tools directory
│   ├── clawhub: Install skills from chat
│   ├── clawdbot-skill-update: Backup & update workflow
│   ├── update-plus: Config & skill backups
│   ├── auto-updater: Daily auto-updates
│   ├── skills-search: Search skill registry
│   ├── skillcraft: Create & package skills
│   └── skillvet: Security scanner
├── Web Browsing
│   ├── browser-use: Cloud browser with profiles
│   └── browser-use-api: Cloud automation API
├── MCP
│   └── openclaw-mcp-plugin: Model Context Protocol
├── macOS
│   ├── peekaboo: Capture UI & automate
│   ├── homebrew: Manage packages & casks
│   ├── apple-mail: Read & send emails
│   ├── apple-mail-search-safe: Fast safe search
│   ├── accli (Calendar): Manage calendar events
│   ├── apple-reminders: Manage todo lists
│   ├── apple-photos: Search & view photos
│   ├── apple-music: Control playback & playlists
│   └── mac-tts: Text-to-speech
├── Smart Home
│   └── moltbot-ha: Control Home Assistant
├── Crawlers / Searchers
│   ├── exa-web-search-free: AI web & code search
│   ├── google-search: Custom Search Engine
│   ├── firecrawler: Scrape & extract data
│   ├── job-search-mcp-jobspy: Job aggregator
│   └── topic-monitor: Monitor topics & alerts
├── News
│   ├── clawnews: Aggregator & reader
│   ├── finance-news: Market briefings
│   ├── market-news-analyst: Impact analysis
│   ├── hn-digest: Hacker News digestion
│   ├── news-aggregator-skill: Multi-source aggregation
│   ├── hn: Browse Hacker News
│   └── news-summary: Daily briefings
├── YouTube
│   ├── yt-dlp-downloader-skill: Download videos
│   ├── youtube: Search & details
│   ├── youtube-summarizer: Transcripts & summaries
│   └── yt-video-downloader: Download formats
├── Crypto
│   ├── crypto-price: Token prices & charts
│   └── stock-analysis: Analyze assets
├── Polymarket
│   ├── polymarket: Check odds & markets
│   ├── polymarket-odds: Sports & politics odds
│   ├── polymarket-agent: Auto-trading agent
│   ├── polymarket-trading-bot: Trading bot for prediction markets.
│   ├── pm-odds: Query markets
│   ├── polymarket-api: API queries
│   ├── polymarket-analysis: Arbitrage & sentiment
│   ├── polymarket-all-in-one: All-in-one tool
│   ├── better-polymarket: Improved market tool
│   ├── polymarket-7ceau: Trade & analyze
│   ├── unifai-trading-suite: Prediction markets suite
│   ├── polymarket-trading: Trading operations
│   ├── reef-polymarket-arb: Arbitrage discovery
│   ├── alpha-finder: Market intelligence oracle
│   ├── polyclaw: Autonomous trader agent
│   ├── simmer: Trading arena
│   ├── clawstake: Agent prediction markets
│   ├── reef-polymarket-research: Research & direction
│   ├── simmer-copytrading: Mirror top traders
│   ├── test: Portfolio tracking
│   ├── onchain-test: Onchain portfolio
│   ├── simmer-weather: Weather markets
│   ├── simmer-signalsniper: Signal based trading
│   ├── prediction-markets-roarin: Roarin network betting
│   └── reef-paper-trader: Paper trading system
├── Coding
│   ├── roast-gen: Humorous code review
│   ├── code-roaster: Brutal code review
│   └── coding-agent-3nd: Coding & refactoring
├── Source Control
│   ├── github: Issues, PRs, runs
│   ├── glab-cli: GitLab CLI
│   ├── github-kb: Local KB & search
│   ├── gitclaw: Agent workspace backup
│   ├── gitlab-cli-skills: GitLab CLI wrapper
│   ├── git-sync: Sync local to remote
│   ├── github-pr: PR tool
│   ├── ai-ci: Generate CI pipelines
│   ├── github-mentions: Track mentions
│   └── gitflow: Monitor CI status
├── Server Monitoring & Security
│   ├── linux-service-triage: Diagnose issues
│   └── security-system-zf: Security ops
├── Memory & Persistence
│   └── penfield: Knowledge graphs
├── Productivity
│   ├── procrastination-buster: Task breakdown
│   ├── adhd-assistant: Life management
│   ├── proactive-agent: Anticipate needs
│   ├── todo: Task management
│   └── personas: AI personalities
├── Assistants
│   └── founder-coach: Startup mindset
└── Office
    └── caldav-calendar: Sync calendars

---

Config layout

• .env (gitignored): Secrets only — API keys, OPENCLAW_GATEWAY_TOKEN, OLLAMA_API_KEY. Install writes OPENCLAW_GATEWAY_TOKEN when it generates one.
• .env.install (gitignored): Generated from config.yaml for Docker Compose. Used by env_file in docker-compose.yml. For manual docker compose up, run ./src/compose.sh up -d (loads both .env and .env.install) or source .env.install && docker compose up -d.
• config.yaml: Single config — models, gateway, workspace, docker, ollama, security. Wizard writes chosen values here. Used to prefill wizard on re-run.