Setting Up OpenClaw on Windows: A Practical Guide

So you want to run OpenClaw on your Windows laptop for automation, blog generation, or playing around with AI agents? Here's how I'd recommend doing it - and trust me, this approach will save you a lot of headaches down the road.

Why Not Just Install It Directly on Windows?

Of course you dont want to give entire laptop data access to OpenClaw right? That's the simplest explanation.

Instead, let's use WSL2 with Docker. It sounds more complicated, but it's actually cleaner and way more secure.

What You're Building

Each layer adds isolation. OpenClaw can't randomly access your Windows files, nothing gets exposed to your home network by accident, and if something breaks, you can just nuke the container and start over.

I've run this on an old ThinkPad X250 with 8GB of RAM, so you don't need a beast of a machine.

Getting Everything Set Up

Step 1: Install WSL2 and Ubuntu

First, get WSL2 running with Ubuntu 24.04. Its very simple if you are on Windows 11. Just go to Windows app store and download from there. That's it.

Now to Keep all your OpenClaw stuff inside Ubuntu, in folders like ~/.openclaw.

Here's the key thing: don't work out of /mnt/c. That's your Windows drive mounted in Linux. If you work from there, you're defeating the whole purpose of isolation. Keep everything in your Ubuntu home directory.

Step 2: Install Docker

Once you're in Ubuntu, install Docker:

sudo apt install docker.io docker-compose-v2        

Check it worked:

docker --version
docker compose version        

Step 3: Get OpenClaw

Clone the official repo:

git clone https://github.com/openclaw/openclaw.git
cd openclaw        

Step 4: Run the Setup

This is where the magic happens:

./docker-setup.sh        

This script handles the boring stuff - builds containers, walks you through initial setup, creates your config files, and gets everything running.

The Critical Security Bit (Don't Skip This!)

Out of the box, Docker might expose OpenClaw to your entire local network. That's... not great. Anyone on your WiFi could potentially access it.

Open up docker-compose.yml and find the ports section. Change this:

ports:
  - "18789:18789"        

To this:

ports:
  - "127.0.0.1:18789:18789"        

That little 127.0.0.1 means "only accessible from this machine." You can still open it in your Windows browser, but your nosy neighbor can't.

Double-check it worked:

docker compose port openclaw-gateway 18789        

You should see 127.0.0.1:18789, not 0.0.0.0:18789.

What Happens After You Reboot?

Good news: pretty much nothing you need to do manually. The container is set to restart automatically, so when you boot Windows, just open Ubuntu once, and OpenClaw should come back up on its own.

Then just navigate to http://127.0.0.1:18789 in your browser and you're back in business.

Why Go Through All This Trouble?

I get it - this seems like a lot of layers. But here's what you're getting:

Security: OpenClaw runs in a sandbox. It can't peek at your Windows documents, can't be accessed from outside your machine, and all the secrets stay contained in WSL.

Clean Environment: No dependency hell, no conflicts with other tools, no Windows permission weirdness.

Easy Recovery: If something goes sideways, you can just delete the container and start fresh. Try doing that with a native install.

Real-World Setup: This is closer to how you'd actually run this stuff in production. Good practice.

Even on an older laptop with limited RAM, this runs smoothly. I've tested it, and the overhead from Docker and WSL is surprisingly minimal.

Happy tinkering!