ClawFather is a better, more secure way to install OpenClaw with Docker.
The family business with macOS in mind uses a lightweight bridge to communicate with your system "OpenClaw Bridge" instead of giving full system access π§¨
βItβs not personal. Itβs strictly business.β
Please at least read this before installing OpenClaw: 01-security-risks.md
Why? So that you don't fuck up. From there, you are on your own my friend.
Please don't create Skynets or Molt churches. Use Asimov's laws as a guide. And always be careful with API keys!
Run this in terminal:
bash <(curl -fsSL https://raw.githubusercontent.com/Jaroslav84/clawfather/master/install.sh)Demo
asciinema play -s 2 ./screenshots/demo.cast (local replay)
-
Setup wizard: for OpenClaw inside Docker in a super secure and easy way
-
Folder Mirroring:
From To Description macOS/Linux Docker "Projects" folder mirrored into Docker workspace (optionally) Docker macOS/Linux 'workspace' folder mirrored into your macOS/Linux -
Range of Docker images to select:
Image Security alpine ββ fourplayers βββββ phioranex ββββ [UNTESTED] coollabsio βββ [UNTESTED] 1panel βββ [UNTESTED] -
Local LLM support: pre-configures Docker to work with Ollama, installs everything needed.
-
Easy Pairing process: so that no one (even with token) can talk to your OpenClaw
-
Skills: Hand picked collection from clawhub.ai with
sync_skills.shwhich downloads skills inside CLAWHUB_SKILLS.md -
Guides: Pre-install Β· Post-install Β· OpenClaw Reference Β· Bonus
-
Pre-configured with 3 agents (general/light/heavy): Fine-tuned model and agent selection for different use cases. Keeps costs low.
-
OpenClaw Bridge: lightweight bridge for Docker β macOS enabled by default
NOTE: setup channels, change provider yourself ;)
- Sandbox Mode: restricts agent file access to the workspace folder only
- Safe Mode: blocks destructive commands unless you approve them manually
- OpenClaw Bridge (Host Access): allows container to reach Ollama, bridges, and host services
- Browser Control: lets the agent drive a browser for web automation
- Tools Elevated: enables elevated host exec and high-privilege tools
- Hooks: enables gateway hooks for automation and custom event handling
- No New Privileges: prevents process privilege escalation (hardens container)
- Offline Mode: disconnects the container from all networks (air-gapped)
- Paranoid Mode (cap_drop): drops all Linux capabilities for maximum container isolation
- Auto-Start Docker: restarts the container automatically after system reboot
- Read-Only Mounts: protects the skills folder from agent modification
- Root Mode: runs container as root
- God Mode: grants agent control over the Docker socket to manage other containers
Pre-configured with 4 providers Γ 3 agents (general/light/heavy):
Fine-tuned model and agent selection for different use cases. Keeps costs low.
- Z.AI is default provider
- general zai/glm-4.7
- light zai/glm-4.7-flash
- heavy zai/glm-4.7
- Google & Antigravity as fallback
- general: google/gemini-3-pro-preview OR google-antigravity/gemini-3-pro-high
- light google/gemini-3-flash-preview OR google-antigravity/gemini-3-flash
- heavy google/gemini-3-pro-preview OR google-antigravity/gemini-3-pro-high
- Anthropic as option
- general anthropic/claude-sonnet-4-5
- light anthropic/claude-haiku-4-5
- heavy anthropic/claude-opus-4-5
- Local Ollama as option
- general ollama/glm-4.7 OR ollama/gemini-3-pro OR ollama/claude-3-sonnet-20250219
- light ollama/glm-4.7-flash OR ollama/gemini-2.0-flash-lite OR ollama/claude-3-haiku-20240307
- heavy ollama/glm-4.7 OR ollama/gemini-3-pro OR ollama/claude-opus-4-5-thinking
| Doc Set | Entry |
|---|---|
| Pre-install | 00-TABLE-OF-CONTENTS Β· Post-install Β· OpenClaw |
| Post-install | 00-TABLE-OF-CONTENTS Β· README |
| OpenClaw | 00-TABLE-OF-CONTENTS |
| Bonus | Use cases & monetization Β· Top 30 time-saving skills |
| # | Guide | Description |
|---|---|---|
| 01 | Security Risks | Threat model, API keys, bridge exposure |
| 02 | Security Pre-Install | Environment hardening, firewall, secrets |
| 03 | Cost Estimations | API costs, model pricing, usage estimates |
| 04 | Docker vs Local | Trade-offs, isolation, host access |
| 05 | Bridge Options | OpenClaw Bridge, Keyboard Maestro, host commands |
| 06 | OpenClaw Readme | Architecture, apps, official docs |
| 07 | Manual Install | Docker setup, multi-model, hardening |
| 08 | Docker Image Comparison | Image variants, sizes, tags |
| 09 | Dashboard & Assistant Troubleshooting | Startup issues, UI, debugging |
| 10 | Security Post-Install | β redirects to post-install |
| # | Guide | Description |
|---|---|---|
| 00 | Use Cases & Monetization | Ideas, earning, integrations |
| 01 | Ways to Save Time | Top 30 time-saving OpenClaw skills |
| # | Guide | Description |
|---|---|---|
| 01 | Security Post-Install | Bridge audit, Docker hardening, skill scanner, log review |
| 02 | Cron Jobs | Scheduled tasks, reminders, morning briefings |
| 03 | Heartbeat Builder | Periodic checks via HEARTBEAT.md |
| 04 | Session Reset Rules | Idle timeout, daily reset, custom triggers |
| 05 | Chat via Baileys with allowlist & pairing | |
| 06 | Telegram | Bot in DMs and groups |
| 07 | Discord | Bot in guilds and DMs |
| 08 | Slack | Bot in channels, slash commands |
| 09 | Matrix | E2EE rooms via plugin |
| 10 | Secure DM Mode | Per-user session isolation |
| 11 | Webhook Presets | Gmail, GitHub, custom wake/agent webhooks |
| 12 | Identity Wizard | Name, theme, emoji, avatar |
| 13 | Boot Personas | BOOT.md startup instructions |
| 14 | Message Formatting | Prefixes, reactions, typing indicators |
| 15 | OpenClaw Bridge | HTTP server, AppleScript, host commands |
| 16 | macOS Docker Setup | Security-focused Docker options |
| 17 | Keyboard Maestro | KM Web Server, macros, auth |
| 18 | macOS Skills | peekaboo, apple-mail, accli, etc. |
| 19 | Tool Allowlist | Control exec, read, write, elevated |
| 20 | Sandbox Options | Workspace restriction, Docker sandbox |
| 21 | Media & Transcription | Audio/video transcription (Whisper, Gemini) |
| 22 | Model Role Routing | General, light, heavy model routing |
| 23 | Custom Provider | LiteLLM, self-hosted models |
| 24 | Tailscale Setup | Serve, Funnel for remote access |
| 25 | Remote Gateway | Connect clients to remote gateway |
| 26 | Discovery mDNS | LAN discovery |
| 27 | Logging Config | Level, file, redaction |
| 28 | Background Exec | Long-running commands |
| 29 | Health & Doctor | doctor, security audit commands |
| 30 | Memory Search | Embeddings, RAG |
| 31 | Queue & Routing | Batching, mention patterns |
| 32 | Skill Quick-Install | Sync, clawhub, scanner |
| 33 | Scheduled Backup | Config and skills backup automation |
| # | Doc | Description |
|---|---|---|
| 01 | Configuration | Config file, paths, RPC apply/patch, key options |
| 02 | Security | Audit, checklist, hardening, credential storage |
| 03 | CLI Reference | Command tree, global flags, all CLI commands |
| 04 | CLI config | config get/set/unset β config by path |
| 05 | CLI gateway | gateway run β WebSocket server, channels, nodes |
| 06 | CLI health | health β gateway health probe |
| 07 | CLI security | security audit β config + state checks, fix |
| 08 | CLI devices | devices list/approve/reject β pairing |
| 09 | CLI models | models status/set/scan β model discovery, auth |
| 10 | CLI agent | agent β run one LLM turn |
| 11 | CLI message | message send/poll/react β channel ops (needs --target) |
| 12 | RPC API | Gateway RPC, adapters, config.apply/patch |
skills/
βββ AI Security
β βββ skill-scanner: Malware scanner for skills
β βββ openclaw-security-hardening: Protect from prompt injection
β βββ hivefence: Collective immunity network
β βββ ai-skill-scanner: Audit & scan skills
βββ Managers
β βββ agents-manager: Profile & route tasks
β βββ agnxi-search-skill: Search AI tools directory
β βββ clawhub: Install skills from chat
β βββ clawdbot-skill-update: Backup & update workflow
β βββ update-plus: Config & skill backups
β βββ auto-updater: Daily auto-updates
β βββ skills-search: Search skill registry
β βββ skillcraft: Create & package skills
β βββ skillvet: Security scanner
βββ Web Browsing
β βββ browser-use: Cloud browser with profiles
β βββ browser-use-api: Cloud automation API
βββ MCP
β βββ openclaw-mcp-plugin: Model Context Protocol
βββ macOS
β βββ peekaboo: Capture UI & automate
β βββ homebrew: Manage packages & casks
β βββ apple-mail: Read & send emails
β βββ apple-mail-search-safe: Fast safe search
β βββ accli (Calendar): Manage calendar events
β βββ apple-reminders: Manage todo lists
β βββ apple-photos: Search & view photos
β βββ apple-music: Control playback & playlists
β βββ mac-tts: Text-to-speech
βββ Smart Home
β βββ moltbot-ha: Control Home Assistant
βββ Crawlers / Searchers
β βββ exa-web-search-free: AI web & code search
β βββ google-search: Custom Search Engine
β βββ firecrawler: Scrape & extract data
β βββ job-search-mcp-jobspy: Job aggregator
β βββ topic-monitor: Monitor topics & alerts
βββ News
β βββ clawnews: Aggregator & reader
β βββ finance-news: Market briefings
β βββ market-news-analyst: Impact analysis
β βββ hn-digest: Hacker News digestion
β βββ news-aggregator-skill: Multi-source aggregation
β βββ hn: Browse Hacker News
β βββ news-summary: Daily briefings
βββ YouTube
β βββ yt-dlp-downloader-skill: Download videos
β βββ youtube: Search & details
β βββ youtube-summarizer: Transcripts & summaries
β βββ yt-video-downloader: Download formats
βββ Crypto
β βββ crypto-price: Token prices & charts
β βββ stock-analysis: Analyze assets
βββ Polymarket
β βββ polymarket: Check odds & markets
β βββ polymarket-odds: Sports & politics odds
β βββ polymarket-agent: Auto-trading agent
β βββ polymarket-trading-bot: Trading bot for prediction markets.
β βββ pm-odds: Query markets
β βββ polymarket-api: API queries
β βββ polymarket-analysis: Arbitrage & sentiment
β βββ polymarket-all-in-one: All-in-one tool
β βββ better-polymarket: Improved market tool
β βββ polymarket-7ceau: Trade & analyze
β βββ unifai-trading-suite: Prediction markets suite
β βββ polymarket-trading: Trading operations
β βββ reef-polymarket-arb: Arbitrage discovery
β βββ alpha-finder: Market intelligence oracle
β βββ polyclaw: Autonomous trader agent
β βββ simmer: Trading arena
β βββ clawstake: Agent prediction markets
β βββ reef-polymarket-research: Research & direction
β βββ simmer-copytrading: Mirror top traders
β βββ test: Portfolio tracking
β βββ onchain-test: Onchain portfolio
β βββ simmer-weather: Weather markets
β βββ simmer-signalsniper: Signal based trading
β βββ prediction-markets-roarin: Roarin network betting
β βββ reef-paper-trader: Paper trading system
βββ Coding
β βββ roast-gen: Humorous code review
β βββ code-roaster: Brutal code review
β βββ coding-agent-3nd: Coding & refactoring
βββ Source Control
β βββ github: Issues, PRs, runs
β βββ glab-cli: GitLab CLI
β βββ github-kb: Local KB & search
β βββ gitclaw: Agent workspace backup
β βββ gitlab-cli-skills: GitLab CLI wrapper
β βββ git-sync: Sync local to remote
β βββ github-pr: PR tool
β βββ ai-ci: Generate CI pipelines
β βββ github-mentions: Track mentions
β βββ gitflow: Monitor CI status
βββ Server Monitoring & Security
β βββ linux-service-triage: Diagnose issues
β βββ security-system-zf: Security ops
βββ Memory & Persistence
β βββ penfield: Knowledge graphs
βββ Productivity
β βββ procrastination-buster: Task breakdown
β βββ adhd-assistant: Life management
β βββ proactive-agent: Anticipate needs
β βββ todo: Task management
β βββ personas: AI personalities
βββ Assistants
β βββ founder-coach: Startup mindset
βββ Office
βββ caldav-calendar: Sync calendars
.env(gitignored): Secrets only β API keys,OPENCLAW_GATEWAY_TOKEN,OLLAMA_API_KEY. Install writesOPENCLAW_GATEWAY_TOKENwhen it generates one..env.install(gitignored): Generated fromconfig.yamlfor Docker Compose. Used byenv_filein docker-compose.yml. For manualdocker compose up, run./src/compose.sh up -d(loads both .env and .env.install) orsource .env.install && docker compose up -d.config.yaml: Single config β models, gateway, workspace, docker, ollama, security. Wizard writes chosen values here. Used to prefill wizard on re-run.
