OpenClaw God Mode — One-Command Setup

⚠️ WARNING: This Is NOT For Everyone

This project removes nearly every safety guardrail OpenClaw ships with by default. It is designed for advanced users who want maximum, unrestricted system control from their AI agent. If you do not understand the implications below, do not use this installer.

What This Installer Actually Does

OpenClaw's default install is designed to be safe, sandboxed, and limited:

Runs as a regular user
Requires device authentication to access the web UI
Prompts before running dangerous commands
Has no elevated system privileges

This installer strips all of that away:

User-level execution	User systemd service with passwordless `sudo`
Device auth required	`dangerouslyDisableDeviceAuth: true` — web UI has no login gate
Prompts for approval	Passwordless `sudo` (`NOPASSWD: *** — no human in the loop`
Limited file access	Full read/write access to entire filesystem
No package installation	Can `apt/dnf/pacman install` anything without asking
Network restricted	Unrestricted network access
Sandbox model	Root shell model — AI can modify system configs, create users, wipe drives

What This Means in Practice

The AI agent can sudo rm -rf / without any prompt
The AI agent can install malware, backdoors, or modify SSH keys
The AI agent can read any file including /etc/shadow
Anyone with bot access (even whitelisted users) can issue destructive commands
There is no audit trail or approval step

Who Should Use This

Dedicated, isolated machine or VM — not your daily driver
You fully trust everyone in the allowedUsers whitelist
You understand a compromised token = full system compromise
You have backups and a recovery plan

Who Should NOT Use This

Anyone running OpenClaw on their personal machine
Anyone who does not understand sudo, systemd, or Linux permissions
Anyone sharing the bot with people they do not absolutely trust
Anyone without isolated infrastructure

Use the official OpenClaw install instead: https://github.com/openclaw/openclaw

Features

🚀

Zero to Running

One script installs Ollama, OpenClaw, pulls a model, and configures your bots. No manual steps.

🔒

Whitelist Security

DMs enabled but restricted to whitelisted Discord IDs only. Groups open. Tokens never committed.

⚙️

System-Level Control

Passwordless sudo, systemd user service, auto-starts on boot. Full non-interactive automation.

🤖

Discord + Telegram

Configure both bots with minimal prompts. Multi-agent support via the configurator.

☁️

Cloud & Local Models

Defaults to kimi-k2.6:cloud. 229 models in catalog via the web Model Manager.

🖥️

Cross-Platform

Native scripts for Linux (apt/dnf/pacman) and Windows (PowerShell/winget).

⚡

Configurator + Model Manager

Web UIs for generating install commands and managing Ollama models without terminal.

Quick Start

💡 New: Try the ⚡ Quick Configurator to generate your install command with a few clicks. Or use the 🤖 Model Manager to pull and manage Ollama models.

Pick your platform. The script handles everything else.

bash

git clone https://github.com/jlaiii/openclaw-god-mode.git
cd openclaw-god-mode/linux
chmod +x install.sh
./install.sh

Supported: Ubuntu 20.04+, Debian 11+, Fedora 35+, Arch, Manjaro

powershell

git clone https://github.com/jlaiii/openclaw-god-mode.git
cd openclaw-god-mode\windows
.\install.ps1

Requires: Windows 10/11, PowerShell 5.1+ (Run as Administrator)

What the Script Does

Detects OS — Identifies distro and package manager
Installs dependencies — Node.js 22+, git, curl (if missing)
Configures NOPASSWD sudo — Passwordless sudo for non-interactive automation
Installs Ollama — Downloads official installer, starts service
Pulls default model — kimi-k2.6:cloud with retry logic
Installs OpenClaw — npm install -g openclaw
Configures workspace — Creates ~/.openclaw/ with multi-agent config
Prompts for tokens — Discord, Telegram, admin ID + extra whitelist users
Enables channels — Discord + Telegram (configurable per agent)
Sets up systemd service — User service, auto-starts on boot
Verifies system access — Tests shell, packages, network, file write
Prints setup guide — Discord intents, invite URL, BotFather steps

Discord Security Model

Feature	Setting	How It Works
DMs	`allowDMs: true`	✅ Enabled — only whitelisted Discord IDs can DM
Groups	`allowGroups: true`	✅ Enabled — works in all servers (or whitelisted guild)
Whitelist	Multi-user	You + any extra users added during setup
Guild lock	Optional	Restrict to specific server, or leave open
Token storage	`.env` file	Auto-.gitignored, never committed
Device auth	Disabled	`dangerouslyDisableDeviceAuth: true` for local use

Add more whitelisted users anytime by editing ~/.openclaw/config/gateway.yaml:

yaml

discord:
  allowedUsers: [123456789, 987654321, 555555555]

System-Level Setup

The Linux installer configures full non-interactive system control:

Passwordless sudo — Creates /etc/sudoers.d/99-openclaw-$USER with NOPASSWD: *** checks for duplicates, validates syntax


                systemd user service — openclaw-gateway.service auto-starts on boot
                Access verification — Tests shell execution, package manager, network, file write
                Idempotent — Won't duplicate sudoers entries or overwrite existing service configs


            Start/stop the service:
            
                bash
                
            
            systemctl --user start openclaw-gateway.service   # Start now
systemctl --user stop openclaw-gateway.service    # Stop
systemctl --user enable openclaw-gateway.service  # Enable on boot (already done)
systemctl --user status openclaw-gateway.service  # Check status



        
        
            Model Catalog
            The installer pulls kimi-k2.6:cloud by default. The Model Manager syncs 229 models from ollama.com/search. Switch models by editing ~/.openclaw/openclaw.json or via the Model Manager.

            
                yaml
                
            
            # Cloud models (no local GPU needed)
model: ollama/kimi-k2.6:cloud

# Local models (requires GPU/CPU power)
model: ollama/llama3.2
model: ollama/mistral
model: ollama/phi4

            Pull new models anytime: ollama pull <model> or use the Model Manager.
        

        
        
            After Install

            1. Set Your Bot Tokens
            Edit ~/.openclaw/.env (Linux) or %USERPROFILE%\.openclaw\.env (Windows):
            
                env
                
            
            DISCORD_TOKEN=your_discord_bot_token
TELEGRAM_TOKEN=your_telegram_bot_token
ADMIN_DISCORD_ID=your_discord_user_id

            2. Start OpenClaw
            
                bash / powershell
                
            
            # Manual start (foreground)
openclaw gateway run

# Or use systemd (background)
systemctl --user start openclaw-gateway.service

            3. Verify
            
                bash / powershell
                
            
            openclaw status                    # Gateway status
ollama list                        # Installed models
systemctl --user status openclaw-gateway.service  # Service status
        

        
        
            Roadmap
            
                Docker Compose — One-liner containerized deployment
                Windows service auto-start — Native service registration
                TUI wizard — Interactive menu with whiptail/dialog
                Auto-update — Script to refresh OpenClaw + Ollama
                Backup/restore — Config migration between machines
            
        

        
        
            Contributing
            Found a bug or want to add a feature? Open an issue or PR on GitHub.