My account profile
Log out
Reset password
The authoritative log source is
C:\tmp\openclaw\openclaw-YYYY-MM-DD.log (today's date)
Sense-making
| Tool | Description |
|
|
This report looks at OpenClaw's multi-color console log looking for errors and indicators of problems. It identifies problems and patterns, finds root causes, recommends fixes, and, in many cases, offers to fix them. |
| View history of console-log diagnostic runs | View the full log of all console-log diagnostic reports with status and reports of findings. |
| Analyze selected console-log diagnostic run reports | Query the history of diagnostic runs for a date range and ask a language model to synthesize key findings, root causes, and recommended fixes. |
openclaw doctor --fix --yes --non-interactiveOpenClaw recommends running this non-destructive self-repair algorithm: https://docs.openclaw.ai/gateway/doctor |
Do I need to pair any devices?
If OpenClaw is installed on this computer and you only ever access it from this computer, you're already connected. No pairing is needed.If OpenClaw is hosted remotely (e.g., on an Azure Container App or any cloud server), pairing is essential for access and security. It's the mechanism that links your browser, phone, or tablet to your remote OpenClaw instance so you can interact with it from anywhere.
Pairing for remote deployments — a recommended step for every device you intend to use with OpenClaw
When your deploy OpenClaw to an Azure Container App (or any cloud server), your OpenClaw instance lives in the cloud, not on any single computer.
Any device from which you want to manage it or interact with it (laptop, phone, tablet) — from anywhere — must be paired first.
Think of pairing as the onboarding step that grants a device access to your remote OpenClaw instance.
We recommend pairing all of your intended devices as part of the initial deployment checklist.
How does pairing work?
By clicking [ Pair a new device ], you generate an 8-character, one-time code.
ClawNanny writes it to your OpenClaw configuration's .env (secrets) file.
The connected device contacts OpenClaw and presents its unique pairing code.
OpenClaw reads its .env secrets file to validate the presented pairing code and establishes a permanent, trusted link with the presenting device.
(An unused pairing code expires in 10 minutes.
It can be used only once.)
CONNECTOR_PAIRING_CODE=
to Azure Container App
This will create a new Azure resource group, Container Apps Environment, Container App, and Storage Account for the client.
~/.openclaw/ workspace configuration files (workspace/ SOUL.md, IDENTITY.md, memory/, etc.) are stored
away from the CLI "runtime" code and are not affected by updating the OpenClaw runtime. After updating, use bot_manager?tab=local (the green [ Restart OpenClaw ] button) to restart the local OpenClaw instance to use the new version.
2) Under Diagnostic analysis of the OpenClaw console log entries, select the mode to use for diagnostic analysis.
3) Select the language model you want to perform the analysis. The more intelligent the better — worth the token cost (under $1.00)!
3) Click [ Diagnose OpenClaw implementation issues ]
4) After about 5 minutes, review the report.
5) To ask questions about the report or to implement solutions, click [ Follow up with solutions in chat ↗ ] (appears just above the report).
6) For easier reading, view the report in a pop-out window by clicking [ ↗ ] below the report.
MoltGuard scans agent messages and tool results, looking for occurrences of prompt injection, credential leakage, and behavioral anomalies
via the OpenGuardrails cloud API.
OpenGuardrails' free tier accepts 500 scans/day (resets at UTC midnight).
The OpenGuardrails service is recommended for clients with agents handling untrusted external content — web browsing, user-uploaded files, third-party APIs.
The Cisco AI Defense skill scanner
runs automatically after every skill install or update, analyzing the skill directory for
data exfiltration, command injection, prompt injection, obfuscated code, and supply chain attacks.
The free tier (static analysis + bytecode integrity + behavioral AST) requires no API key and runs on every install.
Enhanced tiers below are optional and require additional API keys.
Adds semantic intent analysis: understands code purpose, not just patterns.
Catches subtle data exfiltration, social engineering in SKILL.md descriptions, and complex multi-step attacks.
A Meta pass filters false positives and groups related findings.
Estimated cost: $0.03–$0.08 per scan using Claude Sonnet.
If your agent already uses Anthropic, no new key is needed — paste the same key below.
Keys are stored in your browser only and sent directly to the scan endpoint on your local machine. They are not transmitted to ClawNanny.com.
Checks binary files bundled with skills (images, executables, archives, documents) against the VirusTotal hash database.
Only relevant if a skill bundles binary files — pure Python/JS skills produce no VirusTotal findings.
Free tier: 4 requests/minute, 500/day. Register at virustotal.com.
Keys are stored in your browser only.
Enterprise cloud scanning: prompt injection, harassment, hate speech, violence, and social engineering detection
via Cisco's AI Defense API. Requires an enterprise Cisco AI Defense subscription.
Contact Cisco: cisco.com/go/ai-defense
Tool policies let ClawNanny block or rate-limit specific tool calls before OpenClaw executes them.
Policies are evaluated by the clawnanny_hook.py PreToolUse hook registered in
OpenClaw’s settings. See the
Config tab to register the hook.
| Name | Tool | Type | Description | On | Actions |
|---|---|---|---|---|---|
| Loading… | |||||
Are these just "nodes" — that is, authorized devices — in the OpenClaw Control dashboard?
Or are "remote agents" something else? Like collaborator instances of OpenClaw?
Remote Agents are separate OpenClaw installations on other machines — laptops, phones running the OpenClaw mobile app, cloud-based virtual machines — that connect to this local OpenClaw instance and can run tools on the OpenClaw agent's behalf. They appear here when connected.
Sends a test e-mail from the outgoing sender inbox
(tamecloud486@agentmail.to)
to the monitored inbox
(clawnanny_admin@agentmail.to).
A genuine message.received WebSocket event will be fired on the listener,
which will fetch the message body and forward it to the local OpenClaw instance.
This exercises the full three-leg pipeline.
Clicking "Connect Outlook account" opens a Microsoft login page in a new tab.
After you grant consent, this page will reflect the updated status.
You only need to do this once — the token is saved and refreshed automatically.
| Mail notifications sent | — |
| Messages moved by rules | — |
| Calendar reminders sent | — |
| Last mail poll | — |
| Last calendar poll | — |
When a new Outlook message arrives from one of these addresses, a Telegram message is sent to
the chat ID configured in OUTLOOK_TELEGRAM_CHAT_ID (.env).
One e-mail address per line.
A Telegram notification is sent for any event whose title contains one of these strings (one per line, case-insensitive). A notification is also sent for any event that has a non-empty Location field, regardless of the title.
A Telegram notification is sent this many minutes before a scheduled calendar event starts.
When a new message matches a rule, it is automatically moved to the specified Outlook folder.
Rules are evaluated in order; the first match wins.
Use well-known folder names (inbox, drafts, deleteditems,
junkemail, archive) or any custom folder display name.
| Match type | Value | Move to folder |
|---|
