OpenClaw Config Generator for openclaw.json

Generate a safer openclaw.json for OpenClaw without hand-editing JSON. Start from a preset, tighten sandbox and gateway auth defaults, and export a config that is easier to review before first deployment.

Runs fully client-side. No tokens are sent to CoClaw.
OpenClaw ref: main @ baa1e95
Pick a preset, generate a config that matches your workflow, then tweak only what you need.

Choose your starting point

Start with the preset that best matches the OpenClaw experience you want.

Personal Assistant - A chat-first everyday assistant with web, browser, and PDF help ready to use.

AI API Provider

Choose how OpenClaw connects to your model: use OpenClaw sign-in, or connect your own provider.

This preset uses the recommended model defaults for context window and output size.
thinking depth
Primary model id will be: my-provider/gpt-5.2

Channels

Pick the messaging channels you want to enable. If you're not sure, skip this for now—start OpenClaw first, then ask it to walk you through installing and configuring the channel you need.

Generated Config

Generated openclaw.json

Required environment variables
MY_PROVIDER_API_KEY__AUTO_GATEWAY_TOKEN__

Any uppercase environment variable name you entered is rendered as ${ENV_VAR} in the exported config. Set these values before you start OpenClaw.

{
  "agents": {
    "defaults": {
      "model": {
        "primary": "my-provider/gpt-5.2"
      },
      "thinkingDefault": "low",
      "sandbox": {
        "mode": "non-main"
      }
    }
  },
  "gateway": {
    "mode": "local",
    "port": 18789,
    "bind": "loopback",
    "auth": {
      "mode": "token",
      "token": "${__AUTO_GATEWAY_TOKEN__}"
    }
  },
  "tools": {
    "profile": "coding",
    "allow": [
      "group:web",
      "browser",
      "pdf"
    ],
    "deny": [
      "cron"
    ],
    "sandbox": {
      "tools": {
        "allow": [
          "bash",
          "process",
          "read",
          "write",
          "edit",
          "sessions_list",
          "sessions_history",
          "sessions_send",
          "sessions_spawn"
        ],
        "deny": [
          "browser",
          "canvas",
          "nodes",
          "cron",
          "discord",
          "gateway"
        ]
      }
    }
  },
  "models": {
    "mode": "merge",
    "providers": {
      "my-provider": {
        "baseUrl": "https://api.example.com/v1",
        "apiKey": "${MY_PROVIDER_API_KEY}",
        "api": "openai-responses",
        "models": [
          {
            "id": "gpt-5.2",
            "name": "GPT-5.2",
            "reasoning": true,
            "input": [
              "text",
              "image"
            ],
            "cost": {
              "input": 0,
              "output": 0,
              "cacheRead": 0,
              "cacheWrite": 0
            },
            "contextWindow": 400000,
            "maxTokens": 128000
          }
        ]
      }
    }
  }
}

Generate a secure openclaw.json without hand-editing JSON

This page is not just an OpenClaw JSON builder. It is an OpenClaw config generator for the parts of openclaw.json that usually cause the most trouble on first setup: gateway exposure, auth, model wiring, and message trust boundaries.

If you want a safe starting point without memorizing the schema, generate the file here, then use the OpenClaw configuration guide for deeper edits and long-term maintenance.

What the OpenClaw config generator changes in openclaw.json

The exported openclaw.json covers the highest-impact configuration surfaces that shape how OpenClaw behaves in production.

Sandbox mode, approvals, and tool access

The generator helps you choose a safer execution posture before you enable powerful tools. This matters because the wrong default is rarely a cosmetic mistake. It changes what the agent can do when prompts, plugins, or remote inputs go wrong.

Gateway bind mode and gateway auth token

A large share of OpenClaw setup failures are really gateway exposure mistakes. The generator lets you choose whether the gateway stays local, binds to a LAN address, or uses a tailnet, and it pushes you toward an authenticated configuration instead of an accidentally open one.

Models, providers, and environment variable placeholders

You can configure provider details and export placeholders instead of hard-coding secrets in openclaw.json. That keeps API keys out of your file history and makes it easier to move the same config between local machines, Docker, and hosted deployments.

Channel allowlists, pairing, and group policy

The generator also covers the trust boundary that most operators underestimate: who is allowed to message the bot. Use pairing or allowlists for the first rollout, especially if you are connecting Telegram, WhatsApp, Discord, or Slack. If you need the full mental model, read OpenClaw pairing explained.

How to generate a safer OpenClaw configuration for first deployment

  1. Start with the most restrictive preset that still matches your workflow. A narrow config is easier to expand than a broad config is to roll back.
  2. Keep gateway auth enabled and avoid public exposure unless you have a clear deployment reason to do otherwise.
  3. Prefer environment variable placeholders for API keys, tokens, and other secrets instead of writing plaintext values into openclaw.json.
  4. Use pairing or allowlists for inbound messaging until you have verified how each channel behaves in the real runtime environment.
  5. If this is your first week with OpenClaw, follow the broader operator checklist in New User Checklist.

How to apply the generated openclaw.json and validate it

  1. Download or copy the generated openclaw.json.
  2. Place it in your active OpenClaw config location, or inject it through the deployment path your gateway actually uses.
  3. If you exported environment variable placeholders, set those values before launch.
  4. Start OpenClaw and verify the gateway, model provider, and channel behavior in the runtime you will actually keep.

If OpenClaw rejects the file, do not debug blindly. Use the config validation failed guide and the OpenClaw configuration guide to isolate whether the problem is syntax, schema, provider settings, or the wrong config path.

Best next docs after using the OpenClaw config generator

OpenClaw Config Generator FAQ

How do I generate openclaw.json for OpenClaw?

Pick a preset, adjust gateway, model, and channel settings, then copy or download the generated openclaw.json. The generator is designed to help you create a safe first-pass OpenClaw configuration before you start making hand edits.

Does the OpenClaw config generator send my API keys or config data to CoClaw?

No. The generator runs fully client-side in your browser. Prefer environment variable placeholders so secrets are not stored inside openclaw.json.

What is openclaw.json used for in OpenClaw?

It is the primary configuration file that controls gateway auth, network binding, models, tools, and channel policies. The generator helps you start from safer defaults quickly.

Which OpenClaw config preset should I start with?

Start with the most restrictive preset that still supports your use case. That usually means local or authenticated gateway access, environment variable placeholders for secrets, and pairing or allowlist rules instead of open inbound messaging.

How do I apply the generated openclaw.json config?

Download the generated file, place it in your active config location, set required environment variables, then start OpenClaw and verify status in the CLI or dashboard.

What should I do if OpenClaw rejects my openclaw.json config?

Review validation errors, compare against the configuration guide, and follow the troubleshooting guide for config validation failures. The generator reduces common mistakes, but final validation still happens in your real runtime environment.