Pre-hardened, multi-agent OpenClaw setup by NanoFlow.
One script to go from zero to a fully secured, multi-agent AI assistant on Discord β with prompt injection defense, security auditing, WAL Protocol for context persistence, and best practices baked in.
- Multi-agent architecture β Main agent + optional specialist agents (Comms, Research, Security)
- Security-first β Prompt injection defense, anti-loop rules, content tagging, credential isolation
- WAL Protocol β Write-Ahead Log for corrections, decisions, and details that survive context loss
- Working Buffer β Danger zone logging to survive context compaction without losing work
- Discord integration β Bot bound to your server with channel-per-agent routing
- Telegram integration β Chat via Telegram bot with DM and group support
- Web dashboard β ClawSuite Console with chat, file browser, terminal, cost analytics (optional)
- Env-based secrets β All API keys in
.env, never in config files - Automated security audits β Security agent runs scheduled hardening checks
- Knowledge graph β Graphthulhu for structured memory across agents (optional)
- API discovery β ApiTap intercepts web traffic to teach agents how APIs work (optional)
- Web scraping β Scrapling for anti-bot-bypassing data extraction (optional)
- Browser automation β Playwright MCP for full GUI workflows (optional)
- GitHub integration β Issues, PRs, CI/CD via
ghCLI (optional) - Token compression β OCTAVE protocol for 3-20x compression in multi-agent handoffs (optional)
- Observability β Clawmetry dashboard for token costs, sessions, live message flow (optional)
- Security suite β ClawSec for file integrity, advisory feed, malicious skill detection (optional)
- AI text humanizer β Humanizer detects and removes AI writing patterns (optional)
- Continuous learning β Self-Improving Agent captures errors and lessons across sessions (optional)
- Skill discovery β Find Skills helps agents install new capabilities on-the-fly (optional)
- Marketing toolkit β 15+ marketing reference skills for copywriting, CRO, SEO, and more (optional)
- Host hardening β Healthcheck audits firewall, SSH, updates, and exposure (optional)
SSH into your server and run:
# 1. Clone Clawdboss
apt-get update && apt-get install -y git
git clone https://github.com/NanoFlow-io/clawdboss.git
cd clawdboss
# 2. Run the setup wizard (auto-installs Node.js 22, Python, build tools, OpenClaw)
./setup.shThat's it. The wizard auto-installs all dependencies (Node.js 22, Python, git, build-essential, OpenClaw) and walks you through everything else.
- An LLM provider β one of:
- GitHub Copilot subscription (cheapest β uses copilot-api proxy)
- OpenAI API key (sk-...)
- Anthropic API key (sk-ant-...)
- A Discord bot token β create one here (if using Discord interface)
- A Telegram bot token β create one via @BotFather (if using Telegram interface)
- Optional: Brave Search API key, ElevenLabs API key, OpenAI key for image gen/whisper
The setup wizard will:
- Ask about you β name, role, what you do, how you want to use your agent
- Ask about your agent β name, personality, mission, domain expertise
- Prompt for your API keys and Discord/Telegram credentials
- Create your
.envfile (gitignored, never committed) - Generate
openclaw.jsonwith${VAR}references to your.env - Create agent workspaces with security rules + WAL Protocol pre-baked
- Offer optional tools: Graphthulhu, ApiTap, Scrapling, GitHub, Playwright, OCTAVE, Humanizer, Self-Improving Agent, Find Skills, Marketing Skills, Healthcheck, Clawmetry, ClawSec
- Run OpenClaw's built-in skills wizard (Whisper, Nano Banana Pro, mcporter, TTS, email, etc.)
- Start the gateway
Your agent starts its first session knowing who you are, what you do, and what personality it should have β zero manual config file editing needed.
| Tier | Agents | Best For |
|---|---|---|
| Solo | Main only | Personal assistant, simple setups |
| Team | Main + 1-2 specialists | Small business, multiple workflows |
| Full Squad | Main + Comms + Research + Security | Full operations center |
clawdboss/
βββ README.md
βββ setup.sh # Interactive setup wizard
βββ .env.example # Template showing required variables
βββ .gitignore # Protects secrets
βββ templates/
β βββ openclaw.template.json # Config with ${VAR} placeholders
β βββ workspace/ # Main agent workspace files
β β βββ AGENTS.md # Operating rules + WAL Protocol + security
β β βββ SOUL.md
β β βββ USER.md
β β βββ TOOLS.md
β β βββ IDENTITY.md
β β βββ HEARTBEAT.md
β βββ agents/ # Specialist agent templates
β βββ comms/
β βββ research/
β βββ security/
βββ docs/
βββ security.md # Security architecture + WAL Protocol overview
βββ customization.md # How to customize your setup
βββ recommended-tools.md # Vetted ecosystem tools (Clawmetry, ClawSec)
βββ octave.md # OCTAVE protocol guide
During setup, choose your preferred interface:
| Option | Best For |
|---|---|
| Discord | Power users who live in Discord. Channel-per-agent, reactions, threads. |
| Telegram | Mobile-first. DM your bot or use group topics for multi-agent routing. |
| ClawSuite Console | Visual dashboard with chat, file browser, terminal, cost analytics. Great for non-technical users. |
| Any combination | Mix and match β Discord + Telegram, Discord + Console, all three, etc. |
ClawSuite Console is an open-source web dashboard β see ClawSuite on GitHub (MIT license).
Clawdboss agents don't lose your corrections and decisions when context resets:
- 3-Layer Memory β L1 (Brain, loaded every turn) β L2 (Memory, searched semantically) β L3 (Reference, opened on demand)
- L1 File Budget β 500-1,000 tokens per workspace file to prevent agents from skimming
- SESSION-STATE.md β Agent writes important details here BEFORE responding (Write-Ahead Log)
- Working Buffer β At ~60% context, every exchange is logged to survive compaction
- Compaction Recovery β Agent reads buffer + state files after context loss, never asks "what were we doing?"
- Breadcrumbs β Topic-organized files in
memory/that point to deep reference docs - Trim β Weekly maintenance to keep L1 files lean, move excess to L2/L3
- Recalibrate β Drift correction, forces re-read of all files and behavior comparison
See docs/security.md for the full architecture.
All API keys are stored in ~/.openclaw/.env and referenced via ${VAR_NAME} syntax in the config. Keys never appear in JSON config files.
All agents come with:
- Prompt injection defense (content isolation, pattern detection)
- Anti-loop rules (prevent token-burning attacks)
- External content security (emails, web pages treated as data-only)
- Relentless resourcefulness + VBR (Verify Before Reporting)
See docs/security.md for the full security architecture.
The setup wizard offers each of these individually. All are free and open-source:
| Tool | Purpose | Install Method |
|---|---|---|
| Graphthulhu | Knowledge graph memory (entities, relationships, constraints) | Binary / cargo |
| ApiTap | API discovery β intercepts web traffic, generates skill files | npm install -g @apitap/core |
| Scrapling | Anti-bot web scraping with adaptive selectors | pip install scrapling |
| Playwright MCP | Full browser automation (navigate, click, fill, screenshot) | clawhub install |
| GitHub | Issues, PRs, CI/CD via gh CLI |
clawhub install + gh CLI |
| OCTAVE | 3-20x token compression for multi-agent handoffs | pip install octave-mcp |
| Clawmetry | Real-time observability dashboard (costs, sessions, flow) | pip install clawmetry |
| ClawSec | File integrity, advisory feed, malicious skill detection | Git clone |
| Humanizer | Detect and remove AI writing patterns (24 patterns, 500+ terms) | clawhub install |
| Self-Improving Agent | Capture errors, corrections, and lessons for continuous learning | clawhub install |
| Find Skills | Discover and install new skills on-the-fly from ClawHub | clawhub install |
| Marketing Skills | 15+ marketing reference skills (copywriting, CRO, SEO, email, ads) | clawhub install |
| Healthcheck | Host security audits: firewall, SSH, updates, exposure | Built-in |
See docs/recommended-tools.md for detailed install guides.
Once the wizard finishes, follow the next steps it shows:
GitHub Copilot (proxy):
# First run β shows a device auth URL + code. Open the URL, enter the code,
# authorize with a GitHub account that has an active Copilot subscription ($10/mo).
npx copilot-api start --port 4141
# Run in background (recommended):
tmux new-session -d -s copilot 'npx copilot-api start --port 4141'OpenAI / Anthropic: No proxy needed β your API key is already in .env.
openclaw gateway start
openclaw status # Verify everything is runningcd ~/clawsuite && HOST=0.0.0.0 PORT=3000 node server-entry.js
# Run in background:
tmux new-session -d -s console 'cd ~/clawsuite && HOST=0.0.0.0 PORT=3000 node server-entry.js'Then open in your browser:
- Local:
http://localhost:3000 - Remote/VPS:
http://YOUR-SERVER-IP:3000
- Discord: Open the channel you configured and send a message
- ClawSuite Console: Use the chat panel in the web dashboard
- Both: Use either β they connect to the same agent
Clawdboss includes a custom memory-hybrid plugin that gives your agent two-tier persistent memory:
- SQLite + FTS5 β Structured facts with full-text search. Instant, zero API cost. Stores entities, preferences, decisions with auto-expiry and confidence decay.
- LanceDB β Semantic vector search for fuzzy/contextual recall. Uses OpenAI embeddings (
text-embedding-3-small).
Both backends are queried in parallel, results merged and deduplicated. The agent gets memory_store, memory_recall, memory_forget, memory_checkpoint, and memory_prune tools automatically.
Requires: An OpenAI API key for embeddings (set EMBEDDING_API_KEY in your .env).
CLI commands:
openclaw hybrid-mem stats # Show memory statistics
openclaw hybrid-mem search "query" # Search across both backends
openclaw hybrid-mem prune # Remove expired memories- Ubuntu 22.04+ (or any Linux with bash)
- Node.js 22+ (setup wizard installs OpenClaw automatically)
- 2GB+ RAM recommended (1GB works for Solo tier)
- A Discord bot token (create one here) and/or Telegram bot token (from @BotFather)
- An LLM provider (GitHub Copilot, OpenAI, Anthropic, or others)
- Optional: Brave Search API key, ElevenLabs API key
MIT β see LICENSE for details.