OpenClaw: A Practitioner's Field Guide
OpenClaw is Anthropic Claude running as an autonomous agent in the terminal. It is at its best on writing, planning, research, and scheduled work — and at its riskiest on file edits without explicit boundaries. The safest way to start is read-only: ask it to summarize a project, propose changes, and let you decide what to apply.
The first time you let OpenClaw edit a project, the risk is not that it fails. The risk is that it succeeds in the wrong direction.
OpenClaw puts Anthropic's Claude inside your terminal — the command-line window on your computer — and lets it act like an autonomous operator. It can read and edit files, run commands, search the web, and operate browsers on your behalf. Unlike a chat interface, it can make changes on its own, which is exactly why the safety floor matters.
After using it for planning, drafting, and project cleanup, the pattern is clear: OpenClaw is useful once you give it rails. Without them, it is too easy to give the agent permission you did not mean to give.
OpenClaw fits operators who can work with a command line
| If you are | OpenClaw earns its place |
|---|---|
| Drafting articles or long documents regularly | Text quality is consistently strong on long-form work |
| Planning projects or thinking through trade-offs | The reasoning style surfaces assumptions before acting |
| Running long, ongoing work that needs continuity | The Memory feature carries context across sessions |
| Comfortable in a terminal | The CLI is where it lives — embrace it or pick a different tool |
| Wanting recurring tasks to run on a schedule | Native scheduled-task support is a real differentiator |
The people OpenClaw does not fit cleanly are those who want a polished GUI, prefer point-and-click workflows, or work primarily on visual artifacts. For those, Antigravity is the better default.
The boundary: what OpenClaw should and should not touch
The safety floor starts with knowing which operations are safe and which ones can damage your work.
| Operation | Risk level | Notes |
|---|---|---|
| Reading files | Low | Reads code or documents in the project to understand context |
| Creating or editing files | Medium | Will do exactly what you allow — and what you did not explicitly forbid |
| Deleting files | High | Can be told to delete, sometimes without an explicit confirmation step |
| Running terminal commands | Medium | npm install, git, build commands all available |
| Web search and page reading | Low | Pulls information from public web pages |
| Browser control | Medium | Can navigate, click, type, take screenshots via Chrome DevTools Protocol |
| Whole-project analysis | Low | Maps the structure and proposes improvements without changing anything |
What OpenClaw cannot do:
- Generate images. There is no built-in image generation. Antigravity has this.
- Operate desktop applications outside the browser. Native GUI apps are out of scope.
The practical implication: start with the low-risk operations until you have a feel for the agent's behavior on your work. Move to medium-risk operations only after you have rollback habits and standing instructions in place. Treat high-risk operations as deliberate decisions every time.
The three native features that change how you use it
Most agents read files, run commands, and operate browsers. OpenClaw differentiates on three native features that shape how it gets used in practice.
SOUL.md — standing instructions
SOUL.md is OpenClaw's persistent rules file. Anything you put there is loaded into every session, so you do not need to repeat the same setup in every prompt.
A starting SOUL.md worth copying:
- Confirm before deleting any file.
- Match the existing code or writing style of the project.
- Surface unexpected changes for review before applying.
- Cap individual sessions at two hours of continuous work.
The cleaner your SOUL.md, the shorter your session prompts can be. We cover the broader pattern in How to Instruct an AI Agent.
Memory — persistence across sessions
OpenClaw stores selected decisions and context in a memory/ directory. The next session reads it before starting, so you do not lose the thread when you close the terminal at the end of the day.
Memory is most valuable for long-running projects with reusable context — site builds, recurring research, ongoing newsletters. It is less useful for one-off tasks, where the overhead of remembering more than the task is wasted.
Cron — scheduled tasks
OpenClaw supports recurring tasks through a built-in scheduling system. A morning run that pulls overnight metrics, a weekly run that drafts a roundup, a monthly run that audits a project — all of it can be configured to run without you starting the session manually.
This is the feature that has no clean equivalent in Antigravity. If your workflow has any meaningful "this should happen on Monday at 8 a.m." pattern, OpenClaw is the only one of the two with native support.
How OpenClaw is billed, and the cost-runaway trap
| Billing model | How it works | Suitable for |
|---|---|---|
| Metered API (direct) | Pay per token consumed. No spend cap unless you set one. | Operators who understand their usage |
| Subscription plan | Fixed monthly cost. Predictable, with built-in rate limits. | Newcomers, anyone who prefers a known ceiling |
The exact billing model varies by environment and changes often enough that you should confirm it in Anthropic's official documentation before committing. The risk pattern below holds regardless of the billing details.
The cost-runaway trap
Per-token API billing is where the stories of unexpected bills come from. The pattern is consistent: an agent hits an error, retries the same operation hundreds of times, and every retry is billed. Without a spend cap, the bill arrives the next morning.
The required precautions:
- Set a monthly spend cap in the Anthropic console. Do this before the first session, not after the first incident.
- Watch the usage dashboard for the first week or two until you have a feel for normal load.
- Cap session length at two to three hours. Long sessions are where small retry loops turn into expensive ones.
We cover the broader cost, data-loss, and runaway-loop failure modes in Three Ways AI Agents Break Your Work.
Setup checklist
Setup does not take long. The trap is doing it in the wrong order — installing without a spend cap, running without standing instructions, or skipping the read-only test phase.
Step 1: confirm Node.js
node --version # v18 or above
npm --version
If those commands fail or report a version below 18, install Node.js LTS from the official site first.
Step 2: install
npm install -g @anthropic-ai/claude-code
Step 3: configure the API key
Create an account at the Anthropic console, generate an API key, and provide it on first run. Set the monthly spend cap on the same screen — do not skip this.
Step 4: verify with a read-only task
In the project directory, run claude and ask:
Summarize the structure and purpose of this project.
This is read-only. Nothing can break. If you get a useful summary back, the install works.
Step 5: write your standing instructions
Create SOUL.md in the project root with the safety rules above before the first edit task.
Common installation snags
| Error | Cause | Fix |
|---|---|---|
claude: command not found |
PATH not updated | Restart the terminal, or add the npm global bin to PATH |
Permission denied during install |
Global install needs elevated rights | Use sudo, or install via npx instead |
Invalid API Key |
Key copy error or expired credential | Regenerate in the Anthropic console and re-enter |
The first three tasks to run, in order
The biggest mistake new users make is treating an agent as a search bar that also does things. The safer pattern is to use it as a contractor: ask it to look, ask it to think, then ask it to act.
Task 1: read and summarize
Read this project and produce a one-page summary:
- What it does
- How it is structured
- Three observations about how it is built
Do not modify any files.
This is the safest first task. The agent reads, you read what it produced, you decide whether the summary matches your understanding.
Task 2: propose without applying
Suggest three improvements to this project, ordered by impact.
For each, describe what would change and what would be touched.
Do not apply any changes.
You learn how the agent reasons about your project without putting any files at risk. If the suggestions are off-base, the prompt or the project context needs adjustment before you trust it with edits.
Task 3: apply one approved change
Pick the proposal you most agree with. Run a fresh session with a focused instruction:
Goal: [the specific change you approved]
Target: [the exact file or section]
Off-limits: anything outside the named target
Procedure: show the diff before applying, apply only after approval
This is the pattern from How to Instruct an AI Agent. Use it from the first edit, not after the first incident.
Two real examples
Where OpenClaw earned its keep
A request for an article structure: "Plan an editorial piece on AI instruction design. I want three different framings, with headings and a TL;DR for each."
OpenClaw produced three distinct structures. One framing — focused on "instructions are contracts" — became the spine of an article. The headings needed light editing, but the structure was already right.
This is where OpenClaw earns its keep: structured thinking with a clear deliverable, where you can choose from several usable options.
Where OpenClaw bit back
A loose request: "Optimize the package.json."
The agent rewrote dependency versions, removed entries it considered redundant, and broke the build. Recovery took one command because the file was already committed in Git. Without that commit, the recovery would have taken hours of remembering which versions had been pinned and why.
The lesson keeps coming back: "optimize" is not an instruction. It is permission. The fix was to scope the task: "Update only the engines field to require Node 20 or above. Do not touch any other key." That works. "Optimize" never does.
Put the rails in before you give it autonomy
| Phase | Action |
|---|---|
| Install | Node.js, then npm install -g @anthropic-ai/claude-code, then the spend cap |
| Configure | SOUL.md with safety rules before the first edit |
| Start | Read-only tasks until the agent's reasoning feels predictable |
| Build trust | Move to scoped edits with explicit off-limits |
| Run at scale | Use Memory for ongoing context, Cron for recurring work |
OpenClaw rewards operators who put the structure in place before they need it. The cost cap, the standing instructions, the read-only first tasks — none of them feel necessary until the day they are. Set them up first, and most of the failures other people write about will not happen to you.
Related reading
- OpenClaw vs Antigravity: When to Use Each — the head-to-head comparison and decision flow
- How to Instruct an AI Agent So It Does What You Asked — the goal-constraint-procedure pattern that works in OpenClaw
- Three Ways AI Agents Break Your Work — the cost, data-loss, and runaway failure modes that OpenClaw is not immune to
- The AI Task Delegation Checklist — the pre-flight check before any agent run