Back to blog

April 3, 2026

Configuration Deep Dive

Best OpenClaw Configuration: The Complete Settings Guide (2026)

Most OpenClaw setups leave performance and money on the table. The difference between a default install and a properly configured one is 40-60% lower costs, faster responses, and an agent that actually stays reliable. Here is every setting that matters.

What Is the Best OpenClaw Configuration?

The best OpenClaw configuration combines five things: a secured gateway bound to localhost with a strong auth token, model routing that sends simple tasks to cheap models and complex reasoning to premium ones, lean workspace files that keep total bootstrap under 12KB, properly configured chat channels, and automation via heartbeats and cron jobs with token budgets. This combination typically reduces costs by 40-60% compared to a default install while improving response speed and reliability.

OpenClaw configuration lives in two places: the openclaw.json file in ~/.openclaw/ (gateway, models, channels, plugins) and the workspace markdown files (AGENTS.md, SOUL.md, USER.md, MEMORY.md). Both need attention. Optimizing one without the other leaves half the performance gains on the table.

Gateway Configuration: Security First

The OpenClaw gateway is the process that connects your AI agent to chat channels, tools, and the outside world. An exposed gateway leaks your conversations, API keys, and gives attackers shell access to your machine. According to OpenClaw's security documentation, the default port (18789) is actively scanned by automated tools.

1. Bind to localhost only

Set gateway.bind to 127.0.0.1 in openclaw.json. Never use 0.0.0.0 unless you understand exactly what you are doing. Binding to all interfaces exposes your agent to anyone on your network.

2. Set a strong auth token

Generate a random token: openssl rand -hex 32 and set it in gateway.auth.token. Without this, anyone who finds your gateway port has full control of your agent.

3. Change the default port

Port 18789 is the first thing scanners check. Pick a random high port (e.g., 39421) and set it in gateway.port. This is security through obscurity, not a real defense, but it filters out automated scans.

4. Use tunnels for remote access

Need to reach your agent from outside your network? Use Tailscale, Cloudflare Tunnel, or SSH reverse tunnels. Never forward the gateway port directly through your router. Tailscale is the most popular option in the OpenClaw community because it requires zero port configuration and encrypts all traffic.

// openclaw.json -- gateway security essentials
{
  "gateway": {
    "bind": "127.0.0.1",
    "port": 39421,
    "auth": {
      "token": "your-64-char-random-hex-token"
    }
  }
}

Model Configuration: Stop Paying Premium for Simple Tasks

The single biggest cost mistake in OpenClaw is running every task through one expensive model. A properly configured setup uses model routing: cheap models for simple tasks, premium models for complex reasoning. According to community benchmarks, this strategy cuts monthly API costs by 40-50% with no noticeable drop in quality for routine work.

Daily driver model (80% of tasks)

If you want one clean default instead of model routing gymnastics, use GPT-5.4 with xhigh thinking for conversation, file operations, tool use, and routine automation. It costs more than mini-tier models, but the consistency is worth it when you want the same brain handling everything.

Thinking level (complex reasoning)

For code reviews, multi-step planning, research synthesis, and creative writing, keep the same GPT-5.4 model and raise thinking to xhigh. That gives you premium-quality reasoning without bouncing between multiple cloud-model tiers.

Local models (zero marginal cost)

If you have a Mac with 24GB+ RAM or an NVIDIA GPU with 16GB+ VRAM, local models via Ollama handle simple tasks with zero per-token cost. According to hardware benchmarks, a Mac Mini M4 with 24GB RAM runs 13B-34B parameter models comfortably. Use local for quick lookups and file operations, cloud for everything else.

// openclaw.json -- simple GPT-5.4 setup
{
  "agents": {
    "defaults": {
      "model": "openai-codex/gpt-5.4",
      "thinkingDefault": "xhigh"
    }
  },
  "models": {
    "aliases": {
      "fast": "openai-codex/gpt-5.4",
      "smart": "openai-codex/gpt-5.4",
      "cheap": "ollama/llama3.3:34b",
      "code": "openai-codex/gpt-5.4"
    },
    "providers": {
      "openai": {
        "apiKey": "sk-your-key-here"
      },
      "ollama": {
        "baseUrl": "http://localhost:11434"
      }
    }
  }
}

With this setup, your agent defaults to GPT-5.4 with xhigh thinking across chat, coding, and automation. If you still want a cost valve, point a cheap alias at a local Ollama model for low-stakes background work.

Full chapter available

The complete guide includes every configuration file, model routing templates, security checklists, and the full performance tuning walkthrough.

This post covers the highlights. The guide gives you copy-paste configs, cost calculators, and the reasoning behind every setting.

Get the KaiShips Guide to OpenClaw -- $29

Workspace File Configuration: Keep the Bootstrap Lean

OpenClaw injects your workspace files (AGENTS.md, SOUL.md, USER.md, IDENTITY.md, TOOLS.md) into every single API call. A bloated bootstrap of 21KB means roughly 5,250 tokens of overhead on every message. Reducing that to 12KB saves about 2,250 tokens per message -- over 112,000 tokens saved across a 50-message session.

AGENTS.mdUnder 4KB -- startup rules, boundaries, routing
SOUL.mdUnder 1KB -- personality, voice, core values
USER.mdUnder 1KB -- your name, timezone, preferences
IDENTITY.mdUnder 0.5KB -- name, emoji, avatar
TOOLS.mdUnder 2KB -- environment-specific tool notes
MEMORY.mdUnder 3KB -- pointer index (main session only)

The key principle: AGENTS.md is a router, not storage. Project details, API configs, content calendars, and historical decisions belong in reference/ files. The agent finds them via memory_search when the conversation needs them. Reference files have zero per-message cost because they only load on demand.

For a deep dive on writing a production AGENTS.md, see our AGENTS.md template guide. For the full memory architecture, check the 3-layer memory system explained.

Thinking Levels: Match Reasoning Depth to Task Complexity

OpenClaw supports adjustable reasoning depth that controls how many tokens the model spends on chain-of-thought before responding. Higher thinking levels produce better results for complex problems but cost more. The trick is matching the level to the task.

off

No visible reasoning

Fastest and cheapest. Good for simple file reads, quick lookups, and status checks.

low

Light reasoning

Good default for daily conversation and routine tasks. Balances speed with quality.

medium

Moderate reasoning

Best for research, planning, and multi-step workflows. Recommended default for proactive tasks.

high

Deep reasoning

For hard problems: code architecture, complex debugging, strategic analysis. Uses significantly more tokens.

// Set the global default in openclaw.json
{
  "agents": {
    "defaults": {
      "thinkingDefault": "medium"
    }
  }
}

// Override per-session with slash commands:
// /think low    -- quick tasks
// /think high   -- hard problems
// /reasoning    -- check current level

Start with "medium" as your global default. Switch to "high" only when you hit a problem that needs it. For cron jobs and heartbeats, consider setting thinking to "low" since most background tasks are routine.

Channel Configuration: Discord, Telegram, and WhatsApp

OpenClaw connects to chat platforms via channel plugins. Each channel needs proper configuration to work reliably and securely. The most popular channels are Discord, Telegram, and WhatsApp, each with different setup requirements.

Discord

Create a bot via the Discord Developer Portal, add it to your server with message and slash command permissions, and paste the bot token into your OpenClaw channel config. Set requireMention: true for group channels so the bot only responds when @mentioned. For details, see our Discord bot setup guide.

Telegram

Create a bot via @BotFather, get your token, and configure it in OpenClaw. Set up user ID allowlists so only authorized users can interact with your agent. Telegram is popular for mobile access since it works well on phones and supports streaming replies that edit in real time.

WhatsApp

WhatsApp integration uses the WhatsApp Business API or a bridge service. It is more complex to set up but gives you the most natural mobile experience. Remember to add WhatsApp-specific formatting rules in AGENTS.md: no markdown tables, no headers, use bold or caps instead.

Pro tip: formatting rules in AGENTS.md

Add platform-specific formatting rules to your AGENTS.md so the agent adapts its output. Two lines is all it takes: "Discord/WhatsApp: no markdown tables, use bullet lists" and "Wrap Discord links in <> to suppress embeds." This prevents broken formatting across channels.

Automation: Heartbeats, Cron Jobs, and Token Budgets

OpenClaw becomes truly powerful when it works proactively -- not just reactively. Heartbeats give your agent periodic awareness of what is happening. Cron jobs let it perform scheduled tasks automatically. But without token budgets, these features can silently drain your API credits.

Heartbeats

Heartbeats fire periodically (typically every 15-60 minutes) to let the agent check for new messages, review tasks, or do proactive work. Configure quiet hours (23:00-08:00) so it does not message you at 3 AM. A well-tuned heartbeat catches things you would miss without being annoying. For setup details, see our heartbeat configuration guide.

Cron jobs

Scheduled tasks that run at specific times or intervals. Common uses: daily blog posts, email checks, social media monitoring, git pulls, and memory consolidation. Each cron job runs in an isolated session with its own model and thinking level. For a complete walkthrough, check our cron jobs guide.

Token budgets

Set explicit token limits on cron jobs and automated tasks. Without budgets, a stuck agent can spiral into endless tool calls and burn through your monthly API allocation in hours. Production setups typically cap routine cron jobs at 3,000 tokens and complex tasks at 8,000 tokens.

Performance Tuning: Reduce Latency and Cost

Beyond model routing and lean workspace files, several configuration tweaks reduce latency and cost. These optimizations compound -- individually each saves a small amount, but together they make a noticeable difference in how fast and cheap your agent runs.

Prompt caching

OpenClaw preserves context between messages to maximize prompt cache hits. Cache invalidation adds latency, so the system waits 5 minutes of idle time before pruning context. Keep your bootstrap files stable (do not change AGENTS.md mid-session) to maintain cache effectiveness.

Skill management

Each enabled skill adds to the context the agent evaluates. Only enable skills you actively use. If you have not used a skill in the past week, disable it. You can re-enable it when needed. Fewer skills mean faster decision-making and lower token usage per message.

Exec approvals

Configure exec approvals to auto-approve safe commands (file reads, git status, ls) while requiring confirmation for risky ones (rm, network requests, package installs). This balances security with speed -- the agent does not pause for every harmless command.

A Complete openclaw.json Example

Here is a production-ready openclaw.json that combines all the recommendations above. Copy it as a starting point and customize for your setup. Replace API keys and tokens with your own values.

{
  "gateway": {
    "bind": "127.0.0.1",
    "port": 39421,
    "auth": {
      "token": "generate-with-openssl-rand-hex-32"
    }
  },
  "agents": {
    "defaults": {
      "model": "openai-codex/gpt-5.4",
      "thinkingDefault": "xhigh"
    }
  },
  "models": {
    "aliases": {
      "fast": "openai-codex/gpt-5.4",
      "smart": "openai-codex/gpt-5.4",
      "cheap": "ollama/llama3.3:34b"
    },
    "providers": {
      "openai": {
        "apiKey": "sk-your-key-here"
      },
      "ollama": {
        "baseUrl": "http://localhost:11434"
      }
    }
  },
  "channels": {
    "discord": {
      "botToken": "your-discord-bot-token",
      "requireMention": true
    },
    "telegram": {
      "botToken": "your-telegram-bot-token",
      "allowedUsers": [123456789]
    }
  }
}

Security reminder

Never commit openclaw.json to a public git repository. It contains API keys, auth tokens, and bot credentials. Add it to your .gitignore and use environment variables or a .env file for sensitive values when possible.

Configuration Checklist: 10 Settings to Change Right Now

If you do nothing else, change these ten settings. Each one either saves money, improves security, or prevents a common failure mode. In order of impact:

1

Bind gateway to 127.0.0.1 (security)

2

Set a strong auth token with openssl rand -hex 32 (security)

3

Change the default port from 18789 (security)

4

Set a daily driver model that is not your most expensive one (cost)

5

Keep AGENTS.md under 4KB -- move details to reference/ files (cost + speed)

6

Add platform-specific formatting rules to AGENTS.md (quality)

7

Configure thinking level to 'medium' as default (cost + quality)

8

Set quiet hours for heartbeats: 23:00-08:00 (sanity)

9

Add token budgets to all cron jobs (cost protection)

10

Disable unused skills and tools (speed + security)

Frequently Asked Questions

What is the best model for OpenClaw in 2026?

If you want the simplest high-quality setup in 2026, use GPT-5.4 with thinking set to xhigh as your default. That gives you one consistent model for chat, tools, coding, and background automation without juggling multi-tier routing. You can still add a cheaper local alias later if cost becomes the bottleneck.

How do I configure openclaw.json correctly?

The openclaw.json file lives in ~/.openclaw/ and controls gateway settings, model providers, channel connections, and agent defaults. Start with the gateway section (bind to 127.0.0.1, set a strong auth token, change the default port), then configure your model provider API keys, and finally set up your preferred chat channels like Discord or Telegram.

Should I use local models or cloud APIs with OpenClaw?

It depends on your hardware. If you have a Mac with 24GB+ RAM or an NVIDIA GPU with 16GB+ VRAM, local models via Ollama handle simple tasks well and cost nothing per token. Cloud APIs are better for complex reasoning. The best configuration uses both -- local for quick tasks, cloud for deep thinking -- via model routing in openclaw.json.

How do I reduce OpenClaw API costs?

Three strategies work: keep bootstrap files lean (AGENTS.md under 4KB, total bootstrap under 12KB) to reduce per-message token overhead, use model routing to send simple tasks to cheaper models, and set token budgets on cron jobs and heartbeats. A well-configured setup typically costs 40-60% less than an unoptimized one running the same workload.

What security settings should I change in OpenClaw?

Five critical changes: bind the gateway to 127.0.0.1 (never 0.0.0.0), set a strong random auth token, change the default port from 18789, use Tailscale or SSH tunnels for remote access instead of direct port forwarding, and enable exec approvals for high-risk shell commands. These five settings prevent the most common OpenClaw security incidents.

How many workspace files should OpenClaw load on startup?

OpenClaw loads AGENTS.md, SOUL.md, USER.md, IDENTITY.md, and TOOLS.md on every session, plus today's and yesterday's daily memory files. Keep the combined size under 12KB (roughly 3,000 tokens). MEMORY.md loads only in main sessions. Reference files load on demand via memory_search. This architecture minimizes per-message token cost while keeping all information accessible.

Stop leaving performance on the table

Get every configuration file, template, and optimization technique

The full guide includes production openclaw.json templates, model routing strategies with cost comparisons, the complete workspace file architecture, security hardening checklists, and automation recipes. Every config is annotated with the reasoning behind each setting. Copy, customize, ship.

Get the KaiShips Guide to OpenClaw -- $29