OpenClaw Setup — Project Notes

Architecture

┌─────────────────────────────────────────────┐
│  Docker Container (my-openclaw-agent)        │
│                                              │
│  OpenClaw Gateway (:8080)                    │
│    ├── LLM Provider (Anthropic/OpenAI/etc)   │
│    ├── gogcli (Google Workspace access)      │
│    ├── Skills (plugins for specific tasks)   │
│    └── Channels (WhatsApp/Telegram/Web/etc)  │
│                                              │
│  Sandboxed: no access to host files/apps     │
│  unless explicitly mounted with -v           │
└─────────────────────────────────────────────┘

What's Been Done

• [x] Created Dockerfile (fixed typo: Docerfile → Dockerfile)
• [x] Fixed build: moved installs before USER switch (root needed)
• [x] Switched to pre-built alpine/openclaw base image
• [x] Installed gogcli v0.11.0 (Google Workspace CLI) from GitHub releases
• [x] Fixed CMD: openclaw.mjs gateway (not openclaw run)
• [x] Ran onboarding wizard (openclaw.mjs onboard)
  • Configured LLM provider + API key
  • Skipped: 1password, clawhub (permission errors), gemini, himalaya, summarize (no brew)
  • Skipped: hooks, Google Places API
• [x] Committed container state as my-openclaw-agent:configured

What's Next

• [x] Set up Brave Search API key (for web search tool)
• [x] Enable browser control (Playwright + Chromium installed)
• [x] Connect Gmail / Google Workspace via gogcli
  • Created Google Cloud project "OpenClaw" (hardy-order-487602-n6)
  • Created OAuth credentials (Desktop app)
  • Imported credentials with gog auth credentials set
  • Authed richard@salesfield.net with gog auth add --manual --services gmail
  • Keyring passphrase set (user knows it)
  • NOTE: --manual flag required for Docker (callback ports don't reach host)
  • TODO: Run openclaw plugins add gmail to connect gog to OpenClaw
• [ ] Connect Google Messages (community skill: google-messages-openclaw-skill)
• [ ] Set up persistent volume so data survives container restarts
• [ ] Fix skill permission errors (clawhub needs root for npm global install)
• [ ] Test the gateway actually starts and works

Key Commands

# Build from scratch
docker build --no-cache -t my-openclaw-agent .

# Run onboarding (interactive)
docker run -it -p 8080:8080 my-openclaw-agent:configured openclaw.mjs onboard

# Start the gateway
docker run -it -p 8080:8080 my-openclaw-agent:configured

# Start with persistent data volume
docker run -it -p 8080:8080 -v /d/openclaw-data:/home/node/data my-openclaw-agent:configured

# Run a one-off command inside the container
docker run --rm -it my-openclaw-agent:configured openclaw.mjs doctor

# Save container state after changes
docker commit <container-id> my-openclaw-agent:configured

Docker Images

Tag	Description
my-openclaw-agent:latest	Base build from Dockerfile
my-openclaw-agent:configured	After onboarding wizard completed

Security Notes

• Container is sandboxed — no host file access unless -v mounted
• Google access controlled via OAuth tokens (revoke at myaccount.google.com/permissions)
• Community skills should be checked on ClawHub for VirusTotal reports before installing
• Use --network none to cut internet if needed
• Palo Alto Networks flagged OpenClaw as having a "lethal trifecta" of risks — always run in Docker

Useful Links

• Docs: https://docs.openclaw.ai/cli
• GitHub: https://github.com/openclaw/openclaw
• gogcli: https://github.com/steipete/gogcli
• Brave Search API: https://brave.com/search/api/
• Google Cloud Console: https://console.cloud.google.com
• Revoke Google access: https://myaccount.google.com/permissions