OpenClaw: How to Run an AI Agent on Your Server Without Sending Production Code to the Cloud

On Habr there was a detailed breakdown of OpenClaw — an open-source AI agent that can be deployed on your own server and connected to Telegram. The author tested not only the installation, but also the main question around such systems: how much convenience autonomous agents provide and what the price is in terms of security.

What OpenClaw Can Do

OpenClaw in the article is described not as another chatbot, but as a framework for an autonomous agent that becomes a layer between the user and the computer. The idea is simple: you formulate a goal, and the system itself breaks it down into steps, opens the necessary tools, and moves toward the result. Interest in the project was additionally fueled by the February news that OpenClaw creator Peter Steinberger is joining OpenAI. For the market, this is a signal: major players are seriously looking at the agent interface as the next product layer above ordinary LLMs.

• Execute a chain of actions on its own, for example checking the calendar, writing messages, and booking meetings.
• Work with the screen and action history, preserving context for the next steps.
• Download, install, and configure applications for the current task.
• Write and immediately test simple scripts without constant manual involvement.

The author tested the integration with the Qwen 2.5 model via Hugging Face and connected internet search to the agent. In practice, OpenClaw is already capable of closing medium-complexity tasks: compile a comparative map of neural networks, select options within budget, or help with research on a topic. This is not yet magic or a full autopilot, but already a working tool for those willing to tolerate rough edges for the sake of saving time.

How the Launch Works

The deployment scenario turned out to be quite straightforward. According to the documentation, you need Node.js 22+, any desktop OS or Linux, and for Windows the developers recommend WSL2. There are no hard requirements for hardware in the documentation, but the author estimates the minimum threshold at 2 vCPU, 4 GB RAM, and 40 GB SSD. For testing, he chose Ubuntu 24.04, a server with 4 vCPU and 8 GB RAM, added 100 GB SSD, public network, and several IPv4 addresses so that services could be separated if needed and isolation strengthened.

"This token is the key to the place where your bot lives".

Then everything proceeds through an initialization wizard: official install script, choice of Hugging Face provider, adding an API key, choosing a model and communication channel. As the interface, the author chose Telegram, created a bot via BotFather, inserted the HTTP API token, and completed pairing through the approve command with a one-time code. In his assessment, the installation itself went smoothly and took noticeably less time than usually goes into manual assembly of similar open-source tools.

Where the Weak Points Are

The most important part of the article is not about convenience, but about limitations. OpenClaw directly warns that the project is still in beta and is better suited for hobby scenarios. By default, the agent is designed for a single owner: if multiple people write to the same bot with tools enabled, they effectively share one history, one context, and one set of capabilities.

This is already a problem for both privacy and access control, especially if the agent gets the right to work with files, browser, or system commands. A separate risk is prompt injection and dangerous tools like exec, browser, and fs. If such an agent is running without proper isolation, an attacker can push it toward real actions in the system.

Therefore, the author advises against turning OpenClaw into a public bot without serious security improvements. Based on the test results, the conclusion is measured: for a pie recipe or a one-time conference list the agent is too heavy, but for research and technical tasks it is already useful. Sensitive data, finances, and procurement should not be entrusted to it yet.

What This Means

Self-hosted AI agents are ceasing to be toys for GitHub demos and are beginning to take shape as a practical class of software. But the current state of the market still requires infrastructure, discipline, and understanding of information security, so the average user will likely wait for simpler and safer formats, while early adopters will be technical teams.