Your Gateway, Your Rules: Mastering OpenClaw Configuration
OpenClaw is designed to be a "set it and forget it" gateway to your AI agents, but under the hood, it offers a powerful configuration system that lets you control exactly who can talk to your agent and how it behaves in different contexts.
In this post, we'll explore the openclaw.json configuration file, focusing on security, channel-specific settings, and group chat etiquette.
The Heart of the Gateway: openclaw.json
Your OpenClaw configuration lives in ~/.openclaw/openclaw.json. This file is the source of truth for your Gateway. It controls which channels are active, who is allowed to use them, and how the Gateway routes messages to your agents.
You can view your current configuration at any time using the CLI:
openclaw gateway config.get
Security First: The allowFrom List
When you expose an AI agent to the world via a messaging platform like Telegram or WhatsApp, security is paramount. You don't want random internet strangers using up your API credits or injecting malicious prompts.
OpenClaw solves this with the allowFrom property. This can be set per-channel to restrict access to specific user IDs or phone numbers.
Example: Locking Down WhatsApp
{
"channels": {
"whatsapp": {
"enabled": true,
"allowFrom": ["+15550123456", "+15550198765"]
}
}
}
In this configuration, only messages from the specified phone numbers will be processed. Everyone else is silently ignored. This is the single most important setting for a personal AI assistant.
Group Chat Etiquette: To Reply or Not to Reply?
Bringing your AI agent into a group chat can be incredibly useful for collaborative coding or quick fact-checking. However, a bot that replies to every message is annoying.
OpenClaw offers granular control over when your agent speaks using requireMention and mentionPatterns.
The Polite Bot Configuration
{
"channels": {
"discord": {
"enabled": true,
"groups": {
"*": {
"requireMention": true
}
}
}
},
"messages": {
"groupChat": {
"mentionPatterns": ["@OpenClaw", "Hey Claw", "Clawbot"]
}
}
}
With requireMention: true, the agent will only trigger when it detects one of the strings in mentionPatterns. This allows you to have your agent present in a busy Discord server or WhatsApp group without it interrupting the flow of human conversation unless specifically called upon.
Channel-Specific Customization
Different platforms have different norms. You might want your Telegram bot to be a "power user" tool with access to shell commands, while your Discord bot is restricted to read-only information retrieval.
While the core agent logic is often shared, you can configure capabilities at the channel level.
{
"channels": {
"telegram": {
"capabilities": ["shell", "fs", "browser"]
},
"slack": {
"capabilities": ["read-only", "search"]
}
}
}
(Note: Capability configuration depends on the specific agent implementation and plugins installed.)
Dynamic Updates
One of the best features of the OpenClaw Gateway is that you don't always need to restart the process to apply changes. You can use the config.patch command to update specific keys on the fly, or edit the file and trigger a reload.
openclaw gateway config.patch --json '{"channels": {"whatsapp": {"enabled": false}}}'
This command would instantly disable the WhatsApp channel without bringing down the rest of the Gateway.
Conclusion
Your OpenClaw instance is yours to command. By mastering openclaw.json, you ensure that your agent is secure, polite, and optimized for your specific workflow.
Take a few minutes today to review your config. Are your allowFrom lists up to date? Is your group chat behavior optimized? A little configuration goes a long way.