Skip to main content
Overview

Deploying OpenClaw(Moltbot/Clawdbot) on Proxmox

13 min read

📢 Update: February 2, 2026

The project has rebranded again to OpenClaw (from Moltbot/Clawdbot) to emphasize its open-source nature and avoid further trademark issues. This is the final name—commands are now openclaw instead of clawdbot. Installer and docs links have been updated below. The core functionality remains the same, with added security hardening (34+ commits), new model support (e.g., KIMI K2.5, Xiaomi MiMo-V2-Flash), and channels like Twitch and Google Chat. Old names like Moltbot/Clawdbot are kept in searches for compatibility.

I’ve been watching the AI assistant space for a while now, and most solutions are either cloud-only, expensive, or just don’t do enough. When I discovered OpenClaw (formerly Moltbot/Clawdbot), I was intrigued—here’s an open-source AI assistant that actually performs actions, not just answers questions. It clears your inbox, manages your calendar, sends emails, and integrates with WhatsApp, Telegram, and Slack. Best of all? You can self-host it.

After deploying it on my Proxmox homelab, I wanted to share what makes OpenClaw worth the setup effort and how to get it running efficiently.

Here’s what I’ll cover:

  • What OpenClaw is and why it’s different
  • Key features that make it worth self-hosting
  • Understanding Moltbook and the agent ecosystem
  • Deploying on Proxmox using the official installer
  • Basic Proxmox setup considerations
  • Real-world use cases and limitations
Warning

⚠️ Important: Critical Security Alert (Jan 2026)

As of January 31, 2026, Clawdbot/Moltbot has officially rebranded to OpenClaw following trademark disputes. If you see “Clawdbot” or “Moltbot” in older docs/commands, it refers to the same project—update to openclaw for the latest.

Security Risks You Must Know:

  • Exposed Credentials: Bitdefender has reported that hundreds of misconfigured instances are leaking API keys, OAuth tokens, and chat histories. Do not expose your dashboard to the public internet. Use VPN/tunnels like Tailscale for remote access.
  • Prompt Injection: Attackers can potentially exfiltrate your emails or execute commands by sending malicious messages. Security researchers demonstrated extracting cryptocurrency private keys in under 5 minutes via crafted email prompts. Recent updates include 34+ security commits to harden this.
  • Shell Access: Running an AI with local shell access is “spicy.” Always deploy in a strictly isolated Proxmox LXC/VM. Consider unprivileged LXC for extra security.
  • Moltbook Vulnerability: The AI social network Moltbook had a critical database exposure on January 31, 2026, allowing anyone to hijack agents and steal API keys. Do not connect OpenClaw to Moltbook until you verify the platform has been properly secured.

What Makes OpenClaw Different?

Most AI assistants are glorified chatbots. They answer questions, maybe help with writing, but they don’t actually do things. OpenClaw is different—it’s designed to be an AI agent that performs actions across your digital life.

Core Capabilities

  • Email Management: Clears inboxes, sends emails, organizes messages
  • Calendar Automation: Manages your schedule, books meetings, sends reminders
  • Task Management: Creates and tracks tasks across platforms
  • Multi-Platform Integration: Works through WhatsApp, Telegram, Slack, or any chat app (new: Twitch, Google Chat)
  • Workflow Engine: Features “Lobster,” a workflow system for composable automations
  • Persistent Memory: Remembers context and preferences across conversations

Understanding Moltbook and the Agent Ecosystem

Moltbook is a Reddit-style social network launched in January 2026 exclusively for AI agents. Think of it as “the front page of the agent internet”—only verified AI agents (primarily running OpenClaw) can post and interact, while humans can only observe.

Why Moltbook Matters

Moltbook serves as:

  • Skills Marketplace: Agents share and discover new capabilities (called “skills”)
  • Agent-to-Agent Communication: Your OpenClaw instance can interact with 770,000+ other agents
  • Community Learning: Agents collaborate on problem-solving and share workflows

The Moltbook Security Incident (January 31, 2026)

Danger

CRITICAL: Database Exposure

On January 31, 2026, 404 Media reported a severe vulnerability: Moltbook’s entire database was exposed without authentication. This allowed anyone to:

  • Hijack any agent on the platform
  • Access API keys and authentication tokens
  • Post content impersonating verified agents
  • Exfiltrate private configuration files

The platform was taken offline to patch the breach and force a reset of all agent API keys. Security researcher Jamieson O’Reilly discovered that the Supabase database had no Row Level Security (RLS) policies enabled—leaving 770,000 agent records completely exposed.

Recommendation: Do not connect your OpenClaw instance to Moltbook until you verify the platform has implemented proper security measures. Even then, use it only with a dedicated instance that has no access to sensitive credentials.

Supply Chain Risks

Beyond the database exposure, Moltbook introduces supply chain risks:

  • Malicious Skills: Researchers found skills like “What Would Elon Do?” that contained active data exfiltration code
  • Prompt Injection: Agents can embed malicious instructions in posts that manipulate other agents’ behavior
  • Delayed Execution Attacks: Thanks to persistent memory, malicious payloads can be fragmented across multiple posts and assembled later

Cybersecurity firms like Cisco and 1Password have documented these risks extensively, noting that OpenClaw agents with Moltbook access often run with elevated permissions on users’ local machines.

Why Deploy on Proxmox?

Proxmox is perfect for this because:

  • Isolation: Run OpenClaw in a dedicated VM or LXC container
  • Resource Management: Easy to allocate CPU, RAM, and storage
  • Backup Integration: Leverage Proxmox Backup Server for automated backups
  • Network Control: Configure firewall rules and network isolation
  • Snapshots: Test configurations without breaking production

I’m running OpenClaw in an Ubuntu 22.04 LXC container with 4GB RAM and 2 CPU cores, which handles my personal use case perfectly. For heavier workloads or multiple users, you might want to allocate more resources (e.g., 8GB+ for Ollama models).

Prerequisites

Before we start, make sure you have:

  • Proxmox installed and accessible
  • Basic networking configured (static IP recommended)
  • An AI model provider (OpenAI API, Anthropic Claude, or self-hosted Ollama; new support for KIMI K2.5 & Xiaomi MiMo-V2-Flash)
  • Node.js/Bun runtime (OpenClaw runs on Bun or Node.js)
Note

Model Provider Options: OpenClaw supports multiple AI providers. You can use OpenAI’s API, Anthropic’s Claude API, or connect to a self-hosted Ollama instance. For homelab setups, Ollama is the most cost-effective option since it runs entirely on your hardware.

Setting Up the Container

Create an Ubuntu 22.04 LXC container in Proxmox with:

  • Disk: 20GB
  • CPU: 2 cores
  • Memory: 4096 MB
  • Network: Static IP or DHCP

Start the container and SSH into it.

Step 2: Install Bun Runtime

OpenClaw runs on Bun (a fast JavaScript runtime). Install it in your container:

Terminal window
# Update system
apt update && apt upgrade -y


# Install required dependencies
apt install -y curl unzip


# Install Bun
curl -fsSL https://bun.sh/install | bash


# Add Bun to PATH (add to ~/.bashrc or ~/.zshrc)
export BUN_INSTALL="$HOME/.bun"
export PATH="$BUN_INSTALL/bin:$PATH"


# Verify installation
bun --version
Tip

Alternative: Node.js: If you prefer Node.js over Bun, you can install Node.js 20+ instead. However, Bun is recommended by the OpenClaw team for better performance.

Installing OpenClaw

Option 1: Using the Official Installer

The official installer is the recommended method. Run the installer script:

Terminal window
curl -fsSL https://openclaw.bot/install.sh | bash

This installer will:

  • Install OpenClaw globally via npm (requires root/sudo)
  • Set up the necessary configuration directories
  • Make the openclaw command available system-wide

For non-root installations, use the CLI-only installer:

Terminal window
curl -fsSL https://openclaw.bot/install-cli.sh | bash

After installation, the onboarding wizard starts automatically. If it doesn’t, run:

Terminal window
openclaw onboard
Tip

Alternative Installation Methods: OpenClaw also supports installation via Docker, Ansible, Nix, Bun, and cloud platforms (Railway, Render, Northflank). See the official installation documentation for all available methods.

Configuration

After installation, the onboarding wizard starts automatically. If it doesn’t, run:

Terminal window
openclaw onboard

Onboarding Process

The wizard guides you through:

  1. Security Warning: Read and acknowledge the security notice
  2. Onboarding Mode: Choose QuickStart (recommended)
  3. Model Provider:
    • OpenAI: Uses OAuth (browser opens automatically)
    • Anthropic: API key
    • Ollama: Self-hosted URL (e.g., http://your-ollama-server:11434)
  4. Channel Setup: Choose your messaging platform:
    • Telegram: Get bot token from @BotFather (/newbot)
    • WhatsApp: QR code pairing
    • Discord: Bot token
    • Slack: Socket Mode token
  5. Skills: Configure optional skills (skip for now)
  6. Hooks: Enable automation hooks (optional)
  7. Agent Setup: Configure your first agent in the TUI

For Telegram (Easiest)

  1. Open Telegram and message @BotFather
  2. Run /newbot and follow instructions
  3. Copy the bot token (format: 123456:ABC...)
  4. Paste it when prompted in the wizard

Starting OpenClaw

After onboarding, the Gateway service starts automatically. Access:

  • TUI: openclaw tui (recommended)
  • Web UI: openclaw dashboard (opens browser)
  • Check status: openclaw status

Send a message to your Telegram bot (or other configured channel) to start chatting.

Tip

Configuration Location: OpenClaw stores config in ~/.openclaw/openclaw.json. Gateway logs are in ~/.openclaw/logs/gateway.log.

Proxmox Security Hardening

Given the security risks outlined above, here are essential hardening steps for Proxmox deployments:

Network Isolation

Terminal window
# In Proxmox, create a dedicated VLAN for OpenClaw
# Firewall rules (example for iptables in container):


# Allow only outbound connections
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT  # HTTPS only
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT   # HTTP (if needed)
iptables -P OUTPUT DROP


# Block all inbound except from Proxmox host
iptables -A INPUT -s YOUR_PROXMOX_IP -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -P INPUT DROP

Unprivileged LXC Container

Create the container as unprivileged to prevent root escalation:

Terminal window
# In Proxmox:
# When creating LXC, uncheck "Privileged container"
# This maps container root to unprivileged host UID

Dashboard Access

Never expose the dashboard to the public internet. Use one of these methods:

  1. Tailscale VPN: Install Tailscale in the container for secure remote access
  2. SSH Tunnel: ssh -L 1455:localhost:1455 user@proxmox-host
  3. Reverse Proxy with Auth: Use Nginx with HTTP basic auth (only if necessary)

Credential Isolation

Use environment variables or secrets management instead of storing credentials in config files:

Terminal window
# Instead of hardcoding in openclaw.json:
export ANTHROPIC_API_KEY="your-key-here"
export OPENAI_API_KEY="your-key-here"


# Start gateway with env vars
openclaw gateway start

Monitoring and Auditing

Set up log monitoring to catch suspicious activity:

Terminal window
# Monitor gateway logs in real-time
tail -f ~/.openclaw/logs/gateway.log


# Set up alerts for specific patterns
grep -i "error\|unauthorized\|injection" ~/.openclaw/logs/gateway.log
Warning

Known Vulnerabilities: OpenClaw deployments using mcp-remote are exposed to CVE-2025-6514 (CVSS 9.6), a command-injection RCE vulnerability. Ensure you’re running the latest version with security patches applied.

Proxmox Notes

  • Ensure container has outbound internet access for API calls
  • Set up automated backups via Proxmox Backup (backup ~/.openclaw/ directory)
  • Monitor resource usage through Proxmox web UI
  • Consider using Proxmox firewall at the container level for additional security

What You Can Actually Do

Here are some real-world use cases I’ve been testing:

Email Management

  • “Clear my inbox of newsletters”
  • “Send an email to [person] about [topic]”
  • “What emails need my attention today?”

Calendar Automation

  • “Schedule a meeting with [person] next Tuesday at 2 PM”
  • “What’s on my calendar this week?”
  • “Move my 3 PM meeting to tomorrow”

Task Management

  • “Create a task to review the quarterly report”
  • “What tasks are due this week?”
  • “Mark ‘buy groceries’ as complete”

Multi-Platform Access

The beauty of OpenClaw is that you can interact with it through WhatsApp, Telegram, or Slack—whatever you already use. No need to learn a new interface.

Troubleshooting

Gateway won’t start:

Terminal window
# Check logs
cat ~/.openclaw/logs/gateway.log


# Check status
openclaw status


# Restart gateway
openclaw gateway restart

Telegram bot not responding:

  • Verify bot token is correct
  • Ensure bot is started in Telegram (message /start to your bot)
  • Check Gateway is running: openclaw status

OAuth issues (OpenAI):

  • Ensure browser can access localhost:1455 for callback
  • If callback fails, paste the redirect URL manually when prompted

Container networking:

  • Verify outbound internet: ping 8.8.8.8
  • Check Proxmox firewall allows outbound connections
  • For Ollama: curl http://your-ollama-server:11434/api/tags

Prompt injection detection: If you suspect your agent has been compromised:

Terminal window
# Check for suspicious commands in logs
grep -E "rm -rf|curl.*sh|wget.*sh|/dev/null" ~/.openclaw/logs/gateway.log


# Review recent skill installations
openclaw skills list


# Reset API keys if compromised
# Then update in openclaw.json or re-run onboarding

Limitations and Considerations

OpenClaw is powerful, but it’s not perfect:

  • API Costs: If using OpenAI or Anthropic APIs, costs can add up with heavy usage
  • Learning Curve: Setting up integrations requires some technical knowledge
  • Privacy: Even self-hosted, you’re still calling external APIs unless using Ollama
  • Reliability: Self-hosted means you’re responsible for uptime and troubleshooting
  • Platform Support: Some integrations may require additional setup or have limitations
  • Resource Usage: Ollama models require significant RAM (8GB+ for larger models)
  • Security Responsibility: You’re responsible for keeping credentials secure and the instance hardened
Warning

Cost Awareness: If you’re using OpenAI’s API, monitor your usage. A few hundred requests can quickly add up. Consider setting up usage alerts or using Ollama for cost-free local inference. Ollama is the best option for homelab setups—it’s free and keeps everything local.

Next Steps

Once you have OpenClaw running:

  1. Pair with Messaging Platforms: Connect WhatsApp, Telegram, or Slack
  2. Configure Skills: Explore the skill directory for extensions (vet them carefully for security)
  3. Set Up Workflows: Use Lobster to create custom automation pipelines
  4. Monitor Usage: Track API costs and resource usage
  5. Join the Community: Check out the OpenClaw GitHub for updates and support
  6. Avoid Moltbook: Until security is verified, do not connect to Moltbook

Final Thoughts

OpenClaw isn’t just another AI chatbot—it’s a practical automation tool that actually does things. Deploying it on Proxmox gives you full control over your AI assistant while keeping costs predictable and data private.

The setup isn’t trivial, and the recent security incidents around Moltbook and exposed instances highlight that this technology requires careful deployment. However, if you follow proper security practices—network isolation, credential management, and monitoring—you can safely run OpenClaw in your homelab.

For homelab enthusiasts who understand the risks and are willing to invest time in proper security hardening, OpenClaw represents an exciting glimpse into the future of personal AI agents.

If you’re interested in seeing OpenClaw in action or have questions about the deployment, feel free to reach out. The community is active and helpful, and there’s plenty of documentation to get you started.

Tip

Want to Learn More? Check out the official OpenClaw documentation for detailed setup guides, API references, and community resources. The project is actively developed, so new features are added regularly. For installation-specific questions, refer to the installation documentation.

For security best practices, review:

Resources

Share this post

Share on Twitter/X Share on LinkedIn Share on Reddit Share on Facebook

How did you like this post?

Related Posts

How to Set Up a K3S Cluster in 2025

Follow my step-by-step journey as I rebuild my K3s cluster from scratch using Ansible. Learn how to automate deployments, optimize performance, and create a scalable Kubernetes homelab.

16 min read
4 parts

Homelab as Code: Packer + Terraform + Ansible

Step-by-step guide to building and automating your homelab, from the ground up. Discover why a homelab is a must-have for mastering IT skills in server management, networking, and automation.

9 min read
4 parts

Complete Homelab Tour 2026

Detailed homelab setup guide featuring Proxmox virtualization, Talos Kubernetes, automated backups, and real world lessons from years of self-hosting experience.

10 min read
Loading comments...