Skip to content

Instantly share code, notes, and snippets.

@mkwatson

mkwatson/OpenClaw_Setup.md

Created February 21, 2026 20:46
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save mkwatson/1d0c8447260b25b01112c800294c58c6 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save mkwatson/1d0c8447260b25b01112c800294c58c6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
OpenClaw_Setup.md

Fast path: M4 Mac mini → OpenClaw → iMessage “hello world”

Goal:

  • Dedicated bot identity
  • Remote control over Tailnet
  • iMessage working
  • Minimal permissions, easy to expand later

0. Architecture (so you don’t fight it later)

  • Separate macOS user: openclaw
  • Separate Apple ID: email-only iMessage identity
  • OpenClaw Gateway bound to loopback
  • Remote access via Tailscale Serve
  • Start with messaging-only tools profile

This gives isolation now and a clean path to widen access later.

1. macOS setup (5 minutes, only what matters)

Create bot user

System Settings → Users & Groups → Add User Create Standard user: openclaw

Log into that user.

Sign into iMessage

Messages → Settings → iMessage Sign in with the bot Apple ID (email only) Set “Start new conversations from” = that email.

Done.

2. Remote access foundation (do this before OpenClaw)

Install Tailscale

Install on:

  • Mac mini
  • Your MacBook Pro

Log both into the same tailnet.

Confirm:

ping <mini-hostname>

Enable SSH

System Settings → General → Sharing → Remote Login ON Allow access for your admin account.

You can skip Screen Sharing for now.

3. Install OpenClaw (patched version only)

From Terminal inside openclaw user:

curl -fsSL https://openclaw.ai/install.sh | bash

After install:

openclaw --version

Ensure version ≥ 2026.2.21.

If not:

npm install -g openclaw@latest

4. Run onboarding (choose these options)

openclaw onboard

Choose:

  • Mode: local
  • Gateway bind: loopback
  • Auth: token
  • Tailscale exposure: Serve
  • Install daemon: yes
  • Skip skills for now

Afterward:

openclaw gateway --tailscale serve

From your MacBook, open:

https://<mini-magicdns-name>/

Approve device pairing:

openclaw devices list
openclaw devices approve <id>

You now have remote Control UI.

5. Lock it into messaging-only mode

Before adding iMessage, reduce power.

openclaw config set tools.profile messaging
openclaw config set session.dmScope per-channel-peer
openclaw config set tools.elevated.enabled false

Restart:

openclaw gateway restart

Now it cannot:

  • Touch filesystem
  • Execute commands
  • Spawn sessions

It can only chat.

6. Add iMessage (fastest path: legacy imsg)

Install imsg

brew install steipete/tap/imsg

Test:

imsg chats --limit 1

If prompted:

  • Grant Full Disk Access
  • Approve Automation (control Messages.app)

Configure iMessage channel

openclaw config set channels.imessage.enabled true
openclaw config set channels.imessage.cliPath "$(which imsg)"
openclaw config set channels.imessage.dbPath "$HOME/Library/Messages/chat.db"
openclaw config set channels.imessage.dmPolicy pairing
openclaw config set channels.imessage.groupPolicy disabled
openclaw config set channels.imessage.configWrites false

Restart:

openclaw gateway restart

7. First test

From your iPhone:

Message the bot Apple ID email: hello

Approve pairing:

openclaw pairing list imessage
openclaw pairing approve imessage <CODE>

Message again.

You now have working iMessage → OpenClaw → response.

8. Make it “always reachable”

Minimum required:

  • Keep openclaw user logged in
  • Disable sleep
  • Avoid surprise reboots

Important reality: LaunchAgent + Messages requires logged-in session. If you reboot while away, you may need to log in once.

You chose “safer/easier,” so do not enable auto-login yet.

9. Where to go next (controlled expansion ladder)

Step 1 — Read-only file access

Create a dedicated folder inside the workspace for files you want it to see. Then allow only read tool, not write.

Step 2 — AppleScript automation

Allow only /usr/bin/osascript with approval prompts. Do not globally enable exec.

Step 3 — Full ecosystem integration

Instead of signing bot into your Apple ID, share specific folders/calendars with it.

That keeps isolation intact.

Why this setup is optimal

  • Separate identity avoids catastrophic Apple ecosystem leakage.
  • Loopback + Tailscale Serve avoids LAN exposure.
  • Messaging-only profile prevents it from “fucking up your shit.”
  • imsg gets you to hello world fastest.
  • Everything expands cleanly without reinstalling.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment