Local Mac Mini Setup Guide

Introduction: What Is OpenClaw?

OpenClaw is a free, open-source personal AI assistant that runs locally on your own hardware. Created by Austrian developer Peter Steinberger (founder of PSPDFKit), it began as a weekend project called Clawd in November 2025 and has since grown to over 240,000 GitHub stars.

Unlike cloud-based assistants, OpenClaw runs on your machine, connects to the messaging apps you already use (WhatsApp, Telegram, Slack, Discord, Signal, iMessage), and can autonomously execute tasks: running shell commands, managing files, controlling smart home devices, browsing the web, and interacting with APIs.

The Mac Mini has become the community's de facto reference hardware for OpenClaw. Its compact size, Apple Silicon efficiency (3–7 watts at idle), and unified memory architecture make it an ideal always-on server at a fraction of cloud hosting costs. This guide walks you through every step from unboxing to a production-hardened deployment.

Part 1: Hardware & Prerequisites

Recommended Hardware

The base M4 Mac Mini at $599 is more than sufficient. OpenClaw itself uses 2–3 GB of RAM; the rest is headroom for local models if you choose to run them via Ollama. At roughly $1–2/month in electricity, it pays for itself within months versus equivalent cloud hosting.

What You'll Need Before Starting

• An Anthropic API key (recommended) or keys for OpenAI, DeepSeek, or another provider
• A Telegram bot token (from @BotFather on Telegram) or tokens for your messaging platform of choice
• A Tailscale account (free tier) for secure remote access
• Approximately 2 hours of dedicated setup time

Part 2: Initial macOS Configuration

Fresh Install or Factory Reset

If you're repurposing an existing Mac Mini, perform a full factory reset: System Settings → General → Transfer or Reset → Erase All Content and Settings. Starting clean eliminates leftover software and credentials that OpenClaw could inadvertently access.

Create Two Accounts: Separation of Privilege

Before touching OpenClaw, create a separation of privilege on the Mac Mini itself. This is one of the most effective containment strategies you can implement, and most guides skip it entirely.

Admin Account (for installs only): Used exclusively for installing software (npm, Homebrew packages, macOS updates). It does not run OpenClaw.

Standard (Non-Admin) Account (for running OpenClaw): This is where OpenClaw lives and runs. A standard account cannot install system software, modify system files, or escalate privileges. If the agent gets tricked by a prompt injection attack or a malicious skill, the blast radius is contained.

macOS Setup Wizard Decisions

Configure for 24/7 Operation

Prevent the Mac Mini from sleeping and ensure it auto-restarts after power failures:

sudo pmset -a sleep 0 disksleep 0 displaysleep 0
sudo pmset -a hibernatemode 0 powernap 0
sudo pmset -a standby 0 autopoweroff 0
sudo pmset -a autorestart 1

Verify with: pmset -g — all sleep-related values should be 0. Enable wake for network access so Tailscale stays connected: System Settings → Battery → Options → Wake for network access: ON.

Enable the macOS Firewall

The built-in firewall is off by default. Turn it on:

1. System Settings → Network → Firewall → Toggle ON
2. Click Options: Block all incoming connections: ON
3. If you later need Tailscale or SSH, add exceptions specifically for those apps

Disable SSH Password Authentication

If Remote Login (SSH) is enabled, disable password-based authentication and allow only key-based auth:

sudo nano /etc/ssh/sshd_config
# Set these values:
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

# Restart SSH:
sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist
sudo launchctl load /System/Library/LaunchDaemons/ssh.plist

Part 3: Install Prerequisites

Install Homebrew

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

Follow the on-screen instructions to add Homebrew to your PATH.

Install Node.js 22+

OpenClaw requires Node.js 22.12.0 or later. This version includes critical security patches.

brew install node@22
node --version  # Must be v22.12.0 or later

Install pnpm

brew install pnpm

Install Tailscale

Tailscale provides secure, zero-configuration VPN access to your Mac Mini from anywhere:

brew install tailscale
# Also install the Tailscale app from the Mac App Store for GUI management

Plug In the HDMI Dummy Plug

On macOS Sequoia, headless mode causes issues with Screen Recording permissions and screen capture functionality. Plug an HDMI dummy dongle ($8–10) into one of the HDMI ports before proceeding. This tricks macOS into thinking a display is connected.

Part 4: Install OpenClaw

Install the CLI

npm install -g openclaw@latest
openclaw --version

Run the Onboarding Wizard

openclaw onboard --install-daemon

The onboarding wizard walks you through every configuration step. Here are the key decisions:

Gateway Type: Local. Choose “Local” since you're running directly on the Mac Mini.

LLM Provider & Model. The project creator explicitly recommends Anthropic models (Claude) for stronger prompt-injection resistance. Weaker or older models are more easily manipulated, and when your agent has shell access, that matters.

Bind Address: 127.0.0.1 (Critical). This is the single most important security decision in the entire setup. Setting the bind address to 127.0.0.1 means the gateway is only accessible from the Mac Mini itself. The Shodan exposure incident in January 2026 happened because people left this on 0.0.0.0.

Tailscale: Off (for now). You'll configure Tailscale Serve manually in Part 6 for a more secure setup.

Messaging Channels. Configure your preferred channel and enter the bot token. Lock the channel allowlist to your user ID only:

"channels": {
  "telegram": {
    "allowFrom": ["YOUR_TELEGRAM_USER_ID"]
  }
}

DM Policy: Pairing. Select “pairing” mode. Unknown senders receive a pairing code and the bot won't process their message until you approve it.

Skills: Minimal to Start. Decline most skills during initial setup. You can always add them later after vetting.

Daemon Installation. Accept the daemon installation. This creates a LaunchAgent so OpenClaw starts on boot and auto-restarts on crash. Use Node.js as the runtime (not Bun — compatibility issues exist).

Set the Agent's Identity

After the wizard finishes, the agent wakes up for the first time and asks who it is and who you are. Be deliberate about this — it shapes behavior going forward:

Your name is [Agent Name]. I'm [Your Name].
Be direct, concise, and honest.
If I ask you to do something risky, push back and tell me why.
Don't sugarcoat or over-explain.
Core rules:
- Never delete files, send messages, or run commands with side
  effects without confirming with me first.
- Ask before acting on anything destructive or irreversible.
- Keep responses short unless I ask for detail.
- Flag security concerns proactively.

Verify the Installation

openclaw --version
openclaw health
openclaw security audit
openclaw gateway status
openclaw channels status --probe

Send a test message to your bot on Telegram (or your chosen channel). You should get a response within seconds.

Part 5: Security Hardening

This is the most important section of this guide. OpenClaw's power comes from its access to your system — and that same access makes it a high-value target.

Known Vulnerabilities to Patch Against

Keep OpenClaw updated to v2026.2.15 or later at all times:

openclaw update --channel stable
openclaw doctor --fix

Lock Down the Configuration File

chmod 700 ~/.openclaw
chmod 600 ~/.openclaw/openclaw.json
find ~/.openclaw/credentials -type f -exec chmod 600 {} \;
find ~/.openclaw/agents -name "auth-profiles.json" -exec chmod 600 {} \;
find ~/.openclaw/agents -name "sessions.json" -exec chmod 600 {} \;

Verify Critical Security Settings

# Bind address must be 127.0.0.1 — NEVER 0.0.0.0
grep '"bind"' ~/.openclaw/openclaw.json

# DM policy should be "pairing" — never "open"
grep '"dmPolicy"' ~/.openclaw/openclaw.json

# These should return NO results (dangerous flags):
grep "allowInsecureAuth" ~/.openclaw/openclaw.json
grep "dangerouslyDisableDeviceAuth" ~/.openclaw/openclaw.json

Run the Built-in Security Audit

openclaw security audit --deep
openclaw security audit --fix

The --deep flag performs a comprehensive scan. The --fix flag auto-tightens any misconfigurations it can safely correct.

Enable Log Redaction

Enable log redaction to prevent sensitive information from appearing in log files:

// In openclaw.json:
"logging": {
  "redaction": true
}

Set API Spending Limits

An out-of-control agent or a prompt injection attack could rack up enormous API bills. Set spending limits directly with your LLM provider as a safety net. Anthropic: set monthly usage limits in the Anthropic Console under Billing. OpenAI: set hard monthly caps in the OpenAI dashboard.

Enable Sandbox Mode

// In openclaw.json:
"sandbox": {
  "enabled": true,
  "mode": "non-main",
  "scope": "session",
  "workspaceAccess": "none"
}

With sandboxing enabled, the agent in non-main sessions cannot access your file system, run shell commands, or use privileged tools.

API Key Management

Never scatter API keys across .env files or shell history. Two recommended approaches:

Option A: Bitwarden CLI (Recommended). Install the Bitwarden CLI, log in, and unlock your vault. OpenClaw can pull secrets on demand.

Option B: macOS Keychain. Store API keys in the local Keychain (encrypted via the Secure Enclave). Credentials never leave the device if iCloud Keychain is disabled.

Network Security Checklist

• ✓Bind address is 127.0.0.1 (never 0.0.0.0)
• ✓macOS firewall is ON with incoming connections blocked
• ✓Port 18789 is NOT exposed to the internet via your router
• ✓Remote access is exclusively via Tailscale or SSH tunnel
• ✓Your home router's admin password has been changed from the default
• ✓UPnP is disabled on your router

Part 6: Secure Remote Access with Tailscale

You'll want to access your OpenClaw instance from your phone, laptop, or other devices. Never expose port 18789 directly to the internet. Use Tailscale Serve instead.

Set Up Tailscale

1. Install Tailscale (done in Part 3) and sign in
2. On your Mac Mini, authenticate: tailscale up
3. Install Tailscale on your phone/laptop and sign in with the same account
4. Verify connectivity: tailscale status

Configure Tailscale Serve

tailscale serve http://127.0.0.1:18789
# Access from any device on your tailnet:
# https://[mac-mini-hostname].tail[xxxxx].ts.net

Alternative: SSH Tunnel

ssh -N -L 18789:127.0.0.1:18789 user@your-mac-mini.local
# Then access the dashboard at http://localhost:18789

Part 7: Skill Security & ClawHub Safety

Skills are plugins that extend OpenClaw's capabilities. However, the ClawHub skill marketplace has significant security problems.

Golden Rules for Skills

1. Read the source code before installing anything. Treat ClawHub skills with the same skepticism as random npm packages from an unknown author.
2. Start with zero third-party skills. Use only the built-in skills initially. Add third-party skills one at a time after thorough review.
3. Check the author and star count. High stars alone don't guarantee safety, but zero-star skills from new accounts are especially risky.
4. Look for credential access. If a skill requests API keys or file system access disproportionate to its stated purpose, do not install it.
5. Use sandboxed sessions for untrusted skills.

Part 8: Ongoing Maintenance & Monitoring

Update Schedule

Monitoring Commands

openclaw status --all          # Full debug report
openclaw health                # Quick health check
openclaw gateway status        # Gateway running?
openclaw channels status --probe  # Channels connected?
openclaw system heartbeat last # Last heartbeat time
openclaw cron list             # Scheduled tasks
openclaw dashboard             # Open Control UI

Backups

Time Machine will back up your entire ~/.openclaw directory. Additionally, consider manual periodic exports of your config to an encrypted external drive, backing up API keys separately in your password manager, and documenting your skill configuration so you can rebuild quickly if needed.

What to Do If Compromised

1. Stop the service immediately: openclaw gateway stop
2. Disconnect from the network (Wi-Fi and Ethernet)
3. Review audit logs in ~/.openclaw/logs/ for suspicious activity
4. Rotate ALL credentials: API keys, bot tokens, and any accounts the agent accessed
5. Check for unauthorized pairing approvals: openclaw pairing list <channel>
6. Rebuild in an isolated environment with proper security controls before restarting

Part 9: Optional Enhancements

Local AI Models with Ollama

Run AI models entirely on your Mac Mini with no cloud API costs. Apple Silicon's Metal GPU acceleration makes local inference surprisingly fast.

brew install ollama
ollama pull llama3.1

Docker Isolation

For an extra layer of isolation, run OpenClaw inside a Docker container using Docker Desktop or OrbStack. The official Docker image runs as a non-root user for a reduced attack surface, container isolation limits blast radius, and you can restrict filesystem mounts to only the directories OpenClaw needs.

Cron Jobs for Automated Tasks

openclaw cron add \
  --name "Morning Briefing" \
  --cron "0 8 * * *" \
  --tz "America/Los_Angeles" \
  --session isolated \
  --message "Give me a morning briefing: weather, calendar, top news"

Part 10: Quick Reference

Essential Commands

Security Checklist

• ✓Dedicated non-admin macOS user for OpenClaw
• ✓FileVault encryption: ON
• ✓macOS firewall: ON
• ✓Bind address: 127.0.0.1
• ✓Token auth on gateway: ON
• ✓DM policy: pairing
• ✓Channel allowlists locked to your IDs only
• ✓Sandbox mode: ENABLED
• ✓Log redaction: ON
• ✓SOTA model (Claude Opus 4.6 or equivalent)
• ✓API spending limits set with provider
• ✓Port 18789: NOT exposed to internet
• ✓Remote access: Tailscale Serve or SSH tunnel only
• ✓OpenClaw version: v2026.2.15 or later
• ✓Node.js version: v22.12.0 or later
• ✓File permissions: 700 on ~/.openclaw, 600 on config files
• ✓Third-party skills: Source code reviewed before installation
• ✓API keys: Stored in password manager, not .env files
• ✓Router UPnP: Disabled

Final Word

OpenClaw is genuinely useful. It's also genuinely risky if you're careless. Security researchers at Bitdefender, Kaspersky, Cisco, and DepthFirst have all flagged real vulnerabilities — malicious ClawHub skills, prompt injection attacks, and exposed instances leaking everything.

Every configuration decision in this guide was filtered through one question: what's the worst that could happen? Set it up right the first time. Start locked down. Open things up only when you understand exactly what you're exposing.