Building an OSINT Research Platform with OpenClaw

OpenClaw is an autonomous AI agent framework that runs on your local machine with full system access. While that description alone should make any security professional’s eye twitch, when properly configured and isolated, it becomes a powerful force multiplier for OSINT research and security workflows.

This post walks through deploying OpenClaw on Kali Linux, starting with a general-purpose orchestration agent that handles task coordination and decision-making. Later, we’ll configure a specialised red team agent with direct access to Kali tools that the orchestrator can delegate to for security-specific tasks. We’ll also cover Discord integration for remote access and the process of safely vetting and installing third-party skills—all while maintaining a security-first approach.

Prerequisites

This guide assumes you’re comfortable with:

• Linux system administration and the command line
• Basic networking concepts (firewall rules, network segmentation)
• SSH configuration and key-based authentication
• Discord bot creation and OAuth workflows

The focus here is on the OpenClaw-specific configuration and workflows, not foundational Linux administration. If you need a refresher on those topics, the Kali Linux documentation is an excellent starting point.

Architecture Overview

Before diving into configuration, here’s how my setup is structured:

Infrastructure:

• Host: Dedicated Kali Linux VM running OpenClaw
• Network: Isolated network segment with strict firewall rules
• Access Control: Firewall blocks all traffic except from my desktop PC
• Authentication: SSH key-based authentication only (password auth disabled)
• Privilege Escalation: Passwordless sudo configured for the OpenClaw user

Security Posture: This setup prioritizes convenience within a controlled blast radius. The key principle: no remote access from the internet. OpenClaw runs with full system access, but the attack surface is constrained through multiple layers:

1. Network Isolation: Dedicated isolated network segment—if compromised, damage is contained
2. Firewall Rules: All traffic to the OpenClaw host is blocked except from my desktop PC (single trusted device)
3. Local Access Only: No exposure to the internet. It is only accessible by me, from my network, from a single trused device.

This defense-in-depth approach allows me to loosen some of OpenClaw’s built-in security controls (like dashboard authentication) without significantly increasing risk. If an agent goes rogue, the worst-case scenario is contained to an isolated VM that cannot impact anything else on my network.

Your mileage may vary. If you’re running OpenClaw on a cloud VPS or a less-isolated environment, maintain the default security controls and use SSH port forwarding for remote access.

For reference, my basic hardening steps included:

• Disabling SSH password authentication (PasswordAuthentication no in /etc/ssh/sshd_config)
• Configuring passwordless sudo (%sudo ALL=(ALL:ALL) NOPASSWD:ALL via visudo)
• Network segmentation with firewall rules restricting access to the OpenClaw host

Installing OpenClaw

The official OpenClaw installation docs provide detailed setup instructions. Here’s the streamlined version:

1

curl -fsSL https://openclaw.ai/install.sh | bash

When prompted during installation, select Manual for the onboarding mode. This gives you granular control over the configuration.

Gateway Configuration

For the gateway binding, select local gateway. This restricts web interface access to localhost so only you can access the dashboard via SSH port forwarding or modify this later for LAN access (covered in the next section).

Use the default workspace location unless you have specific requirements.

Model Configuration

OpenClaw requires a language model to function. This is the “brain” that determines which actions to take. I’m using OpenRouter, which provides access to multiple frontier models through a single API key.

Create a new API key in OpenRouter:

Select OpenRouter from the provider list in OpenClaw:

When prompted for a model, choose Claude Opus 4.6 (or the latest high-capability model available):

Authentication & Remote Access

For authentication, select Token. This is more secure than password-based authentication:

Since this setup doesn’t involve remote access over the internet, skip the Tailscale configuration:

Complete the installation wizard. You should see confirmation screens as OpenClaw finalizes the setup:

Initialize Your First Agent

Access the Terminal User Interface (TUI) to interact with OpenClaw:

1

openclaw tui

The first message you send will wake up the default agent. On initialization, it reads BOOTSTRAP.md and prompts you with questions about how the agent should be configured. Your responses populate the AGENT.md, USER.md, and SOUL.md files that define the agent’s behavior.

Here’s an example response to the bootstrap questions:

Your first agent is now up and running.

Dashboard Remote Access (Optional)

OpenClaw’s default configuration binds the dashboard to the loopback interface (127.0.0.1), making it accessible only from the host itself. For remote access, the intended workflow is SSH local port forwarding:

1

ssh -N -L 6969:127.0.0.1:6969 [email protected]

This works perfectly for cloud VPS deployments, but for a local network setup, I prefer persistent dashboard access without maintaining an SSH tunnel.

Configuring LAN Access

During installation, we selected Loopback for the gateway bind. To expose the dashboard on the LAN, we need to modify the configuration to bind to all interfaces (0.0.0.0).

If you access the dashboard now, you’ll encounter errors:

To resolve this, modify the following settings in ~/.openclaw/openclaw.json:

1
2
3
4

openclaw config set gateway.controlUi.allowedOrigins[2] "http://<LAN_IP>:6969"
openclaw config set gateway.controlUi.allowInsecureAuth true
openclaw config set gateway.controlUi.dangerouslyDisableDeviceAuth true
openclaw gateway restart

These commands:

1. Add your LAN IP to the allowed origins
2. Enable HTTP authentication (instead of requiring HTTPS)
3. Disable device authentication checks

After restarting the gateway, browse to your LAN IP. You’ll be prompted for a device identity:

Retrieve the gateway token from ~/.openclaw/openclaw.json:

In the dashboard, click Overview, enter the gateway token, and click Connect:

You can now interact with your agent through the web interface:

For additional details, see the Remote Access documentation.

Discord Integration

With OpenClaw running and the first agent configured, you have a solid foundation for local agentic workflows. But what about accessing your agent remotely—checking task status or assigning new work while away from your desk?

This is where communication channels come in. OpenClaw supports integration with platforms like Discord, Telegram, and WhatsApp. I’m configuring Discord since it’s an application I already use regularly. See the full list of supported channels for other options.

Create a Private Discord Server

Create a dedicated Discord server for just you and your agents. Do not invite other users. Anyone in the server can potentially interact with your agents.

Click the Add Server button at the bottom of the server list and follow the creation wizard:

Create a Discord Application

A Discord Application authenticates OpenClaw with your Discord server.

Navigate to the Discord Developer Portal and click New Application.

Configure your application with an icon, name, and description:

Configure OAuth Scopes and Permissions

Click the OAuth2 menu to configure bot permissions. Start conservatively—you can expand permissions later as needed.

I’m granting minimal permissions: read and send messages, create threads, embed links, attach files, and add reactions. I’m explicitly avoiding Administrator permissions.

OAuth Scopes:

• bot
• application.commands

Bot Permissions:

• View Channels
• Send Messages
• Create Public Threads
• Send Messages in Threads
• Embed Links
• Attach Files
• Read Message History
• Add Reactions

Copy the Generated URL at the bottom of the page:

Paste it into a browser and follow the prompts to add the bot to your server:

If successful, you’ll see your bot listed as Offline in your server:

Configure the Bot Token

In the Discord Developer Portal, click the Bot menu. Scroll to Privileged Gateway Intents and enable:

• Server Members Intent
• Message Content Intent

Click Save Changes.

Scroll to the top and click Reset Token to generate an authentication token. Copy the token to your clipboard:

Connect OpenClaw to Discord

On the OpenClaw host, run the configuration wizard:

1

openclaw config

Select Channels to configure communication channels:

Select Discord:

Paste the bot token and select Yes to configure channel access:

Configure Channel Access

Channel access controls which Discord channels your agent can read and respond to. You can use an allowlist for channel-specific agents, or select Open to allow access to all channels.

I’m restricting my agent to the #general channel, so I’ll select Allowlist and specify the channel name:

Configure DM Access Policies

DM access policies restrict which Discord users can send direct messages to the agent. I’m using an allowlist to ensure only my Discord account can interact with the agent.

Enable Developer Mode in Discord (Settings → Advanced → Developer Mode) to retrieve your user ID:

Provide your user ID to OpenClaw:

Complete the configuration and restart the gateway:

1

openclaw gateway restart

Your agent is now accessible via Discord:

Ref: Discord - OpenClaw

Execution Approvals (Strongly Recommended)

Before allowing your agent to execute commands autonomously, consider implementing execution approvals. This requires the agent to request permission before running system commands which acts as a safeguard against unintended actions.

Remember: even Meta’s AI alignment director had OpenClaw go rogue and delete her email.

I’m using Discord as the approval mechanism. Edit ~/.openclaw/openclaw.json and add the execApprovals configuration to the Discord channel:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

   "channels": {
     "discord": {
       ...
       "execApprovals": {
         "enabled": true,
         "approvers": ["MY_DISCORD_USER_ID"],
         "target": "channel"
       }
     }
   }

Configure the agent’s approval policy in ~/.openclaw/exec-approvals.json:

1
2
3
4
5
6
7

   "agents": {
     "myagentname": {
       "security": "allowlist",
       "ask": "on-miss",
       "askFallback": "deny"
     }
   }

Restart the gateway:

1

openclaw gateway restart

Multi-Agent Configuration: Red Team Agent

OpenClaw supports multiple agents, each with its own workspace, configuration, and instruction set. This is useful for creating specialised agents tailored to specific workflows.

I’m creating a second agent focused on offensive security research—a red team agent with access to Kali Linux tools.

Create the Kali Agent

Create a new agent:

1

openclaw agents add kali

When prompted:

1. Set workspace directory (default: /home/claw/.openclaw/workspace-kali)
2. Copy auth profiles from “main”: Yes
3. Configure model auth: No
4. Configure chat channels: No

The agent is now created with its own workspace and configuration:

Define Agent Behavior

Agent behavior is defined in AGENT.md. Here’s a basic configuration for a security-focused agent:

1
2
3

# AGENTS.md - KaliClaw

You are an advanced offensive cyber security red team specialist named KaliClaw, operating in a lab environment on Kali Linux. Your focus is to fully leverage all of the tools available on Kali Linux to perform offensive research within the scope provided to you.

Restart the gateway to load the new instructions:

1

openclaw gateway restart

Test the Agent

Launch the TUI and switch to the new agent:

1

openclaw tui

Type /agent to select the Kali agent:

Test the agent to confirm it’s operational:

The agent is now running and capable of using Kali tools.

Configure Discord Access for the Kali Agent

Create a second Discord bot using the same process outlined earlier:

1. Visit the Discord Developer Portal
2. Create a new application (name it “Kali” or “Recon”)
3. Navigate to Bot → click Reset Token → copy the token
4. Enable Server Members Intent and Message Content Intent under Privileged Gateway Intents
5. Navigate to OAuth2 → select bot and applications.commands scopes
6. Select the same permissions used for the first bot
7. Use the generated URL to invite the bot to your server

Configure Agent Bindings

Bindings route messages from specific Discord channels to the appropriate OpenClaw agent.

Edit ~/.openclaw/openclaw.json and locate the bindings section. Add a binding for the Kali agent:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

...
  "bindings": [
    {
      "agentId": "main",
      "match": {
        "channel": "discord",
        "accountId": "default"
      }
    },
    {
      "agentId": "kali",
      "match": {
        "channel": "discord",
        "accountId": "kali"
      }
    }
  ],

Configure Discord Account

Still in openclaw.json, locate the accounts section and define the new Discord account. This links the OpenClaw agent with the Discord bot:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

...
      "accounts": {
          "default": {
          "token": "REDACTED_DEFAULT_AGENT_TOKEN",
          "groupPolicy": "allowlist",
          "dmPolicy": "allowlist",
          "allowFrom": [
            "REDACTED_DISCORD_USER_ID"
          ],
          "streaming": "off"
        },
        "kali": {
          "enabled": true,
          "token": "REDACTED_KALI_AGENT_TOKEN",
          "groupPolicy": "allowlist",
          "streaming": "off",
          "allowFrom": [
            "REDACTED_DISCORD_USER_ID"
          ],
          "guilds": {
            "REDACTED_DISCORD_SERVER_ID": {
              "channels": {
                "REDACTED_DISCORD_CHANNEL_ID": {
                  "allow": true,
                  "requireMention": false
                }
              }
            }
          }
        }
      }

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

# EXAMPLE ONLY - UPDATE VALUES TO MATCH YOUR USE CASE

# Create binding to route channel messages to the Kali agent
openclaw config set bindings[1] '{"agentId":"kali","match":{"channel":"discord","accountId":"kali"}}' 

# Add Discord channel configuration
openclaw channels add --channel discord --account kali --token BOT_TOKEN

# Configure Discord server and channel access
openclaw config set channels.discord.accounts.kali.guilds '{"DISCORD_SERVER_ID": {"channels": {"DISCORD_CHANNEL_ID": {"allow": true, "requireMention": false}}}}'

# Allow Discord slash commands from your user
openclaw config set channels.discord.accounts.kali.allowFrom '["DISCORD_USER_ID"]'

Restart the gateway:

1

openclaw gateway restart

The Kali agent now responds to messages in the designated Discord channel:

Agent Skills

As covered in my previous post on agent skills, skills extend agent capabilities by providing modular, reusable workflows and supporting scripts.

For OSINT research, I want my agents to browse the web with advanced capabilities such as bypassing CAPTCHAs, Cloudflare protection, and bot detection systems commonly encountered during reconnaissance.

Install ClawHub CLI

ClawHub is the package manager for OpenClaw skills. Install it globally:

1

npm i -g clawhub

Inspecting the stealth-browser skill

Navigate to ClawHub and search for Stealth Browser:

Notice the warning banner indicating suspicious patterns were detected:

Click view report to see why VirusTotal flagged this as suspicious:

Code Review Process

Download the skill package and inspect its contents:

The archive contains:

• SKILL.md — describes the skill’s purpose and usage instructions for the agent
• scripts/ — Python scripts the skill executes to perform its actions

I reviewed every script to understand exactly what actions it performs. Apart from some Python style issues, nothing raised red flags.

One concern: several scripts contained Chinese strings. While they were just print statements, I preferred to understand their meaning, so I used Copilot to translate them:

Only after fully understanding the scripts, what they do, and how they do it, am I comfortable installing this skill. Even if I’m wrong, my environment’s configuration (isolated network, dedicated host, restricted access), makes the risk acceptable.

Install the Skill

Install using the skill slug from the URL:

1

clawhub install stealth-browser

Skills are loaded from three locations:

1. Bundled skills: Shipped with OpenClaw
2. Managed skills: ~/.openclaw/skills
3. Workspace skills: <workspace>/skills

By default, clawhub install places skills in the default workspace (my Clawdius agent). Since I want this skill available only to the KaliClaw agent, I’ll move it to the Kali workspace:

Activate the Skill

OpenClaw loads skills at the start of each session. Reset the session in Discord:

1

/reset

Verify the skill is available:

Installing tavily-search

Tavily Web Search is another useful skill for OSINT workflows. Tavily is a search API built specifically for LLM agents, providing clean, structured search results instead of requiring the agent to scrape and interpret raw HTML.

This reduces hallucinations and provides real-time information in a format optimised for AI reasoning.

I want this skill accessible to all agents, so I’ll install it in the global skills directory:

1

clawhub install tavily-search --dir ~/.openclaw/skills/

Configure API Key

Tavily requires an API key. Create a free account at Tavily and generate a key:

Add the key as an environment variable in ~/.openclaw/.env:

1

echo "TAVILY_API_KEY=tvly-dev-REDACTED" > ~/.openclaw/.env

Alternatively, ask OpenClaw to do it for you:

Ref: FAQ - OpenClaw

Advanced Agent Configuration

Now that skills are installed, update the Kali agent’s instructions to leverage them effectively. Edit the AGENT.md file in the Kali workspace:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

# AGENTS.md - KaliClaw Workspace

## Identity

You are KaliClaw — a **command-runner tool agent** on Kali Linux.

## Every Session

1. Read `SOUL.md`.
2. Execute requests with **output-first minimal replies**.

## Global Directives

Apply the following rules to every task and propagate to all subagents:

1. **Tool Awareness**: Assume full access to Kali Linux tools and the ability to install additional tools from official Kali and Debian repositories. Before acting, deliberately assess which tools best achieve the objective.

2. **Search Strategy**:
   - Use the Tavily search skill as the primary research method.
   - If Tavily fails or is insufficient, switch to the stealth-browser skill and operate with the mindset of an experienced practitioner in security research, OSINT, bug bounty hunting, and ethical hacking.

3. **API Constraints**:
   - If an API requires a key you do not possess, evaluate whether accessing the associated web interface achieves the same result.
   - If feasible, use the stealth-browser skill instead of attempting direct API access.

4. **Execution Safety**:
   - Do not execute code sourced from the internet without explicit user approval.
   - If execution is essential to achieve the objective, request confirmation first.

5. **Tool Installation Policy**:
   - You may proactively install tools from official Kali or Debian repositories without asking.
   - Do not install tools from any other source without explicit approval.

6. **Persistence**:
   - Actively pursue the objective using structured reasoning, adaptive tool selection, and iterative refinement until completion or user instruction to stop.

7. **Command Authority**:
   - User instructions take precedence. Follow them precisely and prioritize achieving the stated goal.

## Operating Rules

- Run commands immediately when requested
- Ask questions only when execution is blocked (ambiguity, sudo/credentials, or non-local target authorization)
- No explanations unless asked
- Use code blocks for stdout/stderr

## Safety

- Default to **localhost-only** unless explicitly authorised otherwise
- Prefer non-destructive actions unless explicitly requested
- `trash` > `rm` for file operations

The Grand Finale

Restart the gateway and test the agent. Here’s what a fully configured OSINT research assistant looks like in action:

In this screenshot, I asked KaliClaw for a full OSINT report on myself — requesting connections, social media presence, phone numbers, leaked or breached accounts, and physical addresses. The agent responded with a comprehensive profile that includes all the requested information and links to all sources.

Here’s what we built:

• Orchestration Agent — the primary agent handling task coordination, decision-making, and delegation
• Red Team Agent (KaliClaw) — a specialised agent with direct access to Kali Linux tools
• Discord Integration — remote access to both agents via a communication platform
• Execution Approvals — human-in-the-loop controls for command execution
• Third-Party Skills — vetted web browsing and search capabilities

Everything comes together in a working OSINT research assistant. The orchestrator agent can now delegate security-specific tasks to KaliClaw, which has access to the full Kali toolkit and can perform web research using either the stealth browser or Tavily search—whichever is most appropriate for the task at hand.

Need to investigate a target? Assign the task through Discord and watch the agent coordinate the research, pulling in OSINT tools and search capabilities as needed. Want to run a scan? The agent has access to the tools and can execute within approved parameters. All of this is accessible from your phone while you’re on the go.

This is the power of a well-configured multi-agent AI system: the flexibility of specialized agents working together under human oversight, accessible from anywhere, yet secured with layered controls.

Conclusion

OpenClaw represents a powerful evolution in AI-assisted workflows, but its capabilities come with significant security responsibilities. By deploying it in an isolated environment, implementing execution approvals, and carefully vetting third-party skills, you can harness its potential while maintaining control over what runs on your system.

The combination of specialised agents, Discord integration, and curated skills creates a force multiplier for OSINT research and security workflows—accessible from anywhere, yet secured with layered controls.

As always, security is about trade-offs. Understand the risks, implement controls appropriate to your environment, and remain vigilant about what you’re allowing to execute on your systems.

Stay curious, stay cautious, and happy hunting.