Configuration

TL;DR: Sam's config is minimal — one channel (Slack), one model provider (myclaw/Claude), one plugin (Slack). Large portions of the OpenClaw config schema are unused. Several gateway settings are insecure.

The main config lives at .openclaw/openclaw.json. OpenClaw watches this file and hot-reloads most changes without a restart.

Model Provider

"models": {
  "providers": {
    "myclaw": {
      "baseUrl": "https://api.myclaw.ai/v1",
      "api": "anthropic-messages",
      "models": [{
        "id": "claude-opus-4.6",
        "name": "Auto Switch",
        "contextWindow": 200000,
        "maxTokens": 8192,
        "cost": { "input": 0, "output": 0 }
      }]
    }
  }
}

Setting	Value	Notes
Provider	myclaw	Custom proxy at api.myclaw.ai
API format	anthropic-messages	Compatible with Claude API
Model	claude-opus-4.6	200K context window
Max output	8,192 tokens	Relatively constrained for long tasks
Cost tracking	Zero	Billed through myclaw plan, not per-token

What's missing:

• No fallback model configured. If myclaw goes down, Sam stops working.
• No model-per-task routing (e.g., fast model for heartbeats, powerful for analysis).
• maxTokens: 8192 is the output cap — can cause truncation on long creative outputs.

Default Agent Settings

"agents": {
  "defaults": {
    "model": { "primary": "myclaw/claude-opus-4.6" },
    "compaction": { "mode": "safeguard" }
  }
}

Setting	Value	Implication
Primary model	myclaw/claude-opus-4.6	Applied to all sessions
Compaction mode	safeguard	Summarizes old context rather than dropping it — good, but adds latency

No agent workspace configured — the workspace path is not explicitly set in config. OpenClaw uses ~/.openclaw/workspace as default.

No heartbeat configured in config — heartbeat scheduling is handled entirely through HEARTBEAT.md file instructions, not through the agents.defaults.heartbeat config field. This means the heartbeat schedule is not enforced by the runtime, only by the agent following file instructions.

Channels

Only one channel is configured:

"channels": {
  "slack": {
    "mode": "socket",
    "enabled": true,
    "botToken": "xoxb-...",
    "appToken": "xapp-...",
    "userTokenReadOnly": true,
    "groupPolicy": "allowlist",
    "streaming": "partial",
    "nativeStreaming": true
  }
}

Setting	Value	Notes
Mode	socket	WebSocket-based Socket Mode (no public webhook URL needed)
DM Policy	Not set (defaults to pairing)	Unknown users get a pairing code
Group Policy	allowlist	Only explicitly approved Slack channels
Streaming	partial	Streams partial responses as they generate
Native streaming	true	Uses Slack's native streaming format
User token	Read-only	Can read channel history but can't post on behalf of users
Tokens in config	botToken, appToken	⚠️ Plain-text in config file — see Security Concerns

What's not configured:

• No WhatsApp, Telegram, Discord, iMessage, Signal — see Missing Features for full list
• No dmPolicy override (relies on the credentials/slack-default-allowFrom.json allowlist)
• No channel-specific model overrides

Gateway

"gateway": {
  "port": 18789,
  "mode": "local",
  "bind": "lan",
  "controlUi": {
    "allowedOrigins": ["https://myclaw.ai", "http://localhost:18789"],
    "allowInsecureAuth": true,
    "dangerouslyDisableDeviceAuth": true
  },
  "auth": { "mode": "token", "token": "dd6b9c..." },
  "trustedProxies": ["0.0.0.0/0"]
}

Setting	Value	Risk
Port	18789	Standard OpenClaw port
Mode	local	Not exposed to internet directly
Bind	lan	Available on LAN, not just localhost
allowInsecureAuth	true	⚠️ Allows non-HTTPS auth flows
dangerouslyDisableDeviceAuth	true	⚠️ Skips device pairing verification
Auth mode	token	Static bearer token
Trusted proxies	0.0.0.0/0	⚠️ Trusts ALL incoming IPs as proxies

See Security Concerns for full analysis.

Commands

"commands": {
  "native": "auto",
  "nativeSkills": "auto",
  "restart": true,
  "ownerDisplay": "raw"
}

• native: auto — enables native slash commands automatically
• nativeSkills: auto — exposes skill commands automatically
• restart: true — allows config-triggered restarts
• ownerDisplay: raw — shows raw sender info in messages

Plugins

"plugins": {
  "entries": {
    "slack": { "enabled": true }
  }
}

Only the Slack plugin is enabled. No other plugins (browser, PDF, firecrawl, diffs, voice-call, etc.) are activated.

What's Not Configured

Config Section	What It Would Enable
session	Session scoping, thread bindings, idle resets
hooks	HTTP webhooks (Gmail push, GitHub events)
cron (global)	Per-job session retention, run log pruning
sandbox	Docker isolation for agent runs
env	Env var substitution in config values
tools.browser	Managed Playwright browser
agents.list	Multiple named agents with separate workspaces
bindings	Route channels to specific agents
models.providers	Fallback providers
logging	Log level and output format
discovery	Bonjour/mDNS for local network discovery

Config Hot Reload Status

The gateway watches openclaw.json and applies safe changes automatically. Most settings (channels, agents, models) hot-reload without downtime. Gateway-level changes (port, bind, auth) require a restart.

The config audit log shows only 2 writes in 16 days of operation:

1. March 3: openclaw plugins enable slack
2. March 3: openclaw channels add --channel slack --bot-token ...

No config changes have been made since initial setup. Any adjustments Sam has needed were handled through workspace files (HEARTBEAT.md, MEMORY.md, TOOLS.md) rather than configuration changes.

---

See also: Security Concerns | Missing Features | Current State Overview