Skip to main content
Blaxel provides an agent template that packages the OpenClaw agent for near-instant deployment on Blaxel’s infrastructure, giving you a fully managed OpenClaw instance accessible via a public URL.
A key benefit of using this template is that it comes with built-in skills to work with Blaxel sandboxes, including starting and stopping them, writing and running code in them, and creating preview URLs. This makes it easy to explore OpenClaw’s capabilities safely, as all operations (such as arbitrary code generation and execution) can be performed in a secure, isolated Blaxel sandbox with zero additional configuration.
This tutorial explains how to deploy and run the OpenClaw agent on Blaxel.

Prerequisites

Before starting, ensure you have:

Configure the OpenClaw agent template

  1. Download and install the Blaxel CLI and log in to your Blaxel account: 
    bl login
  2. Clone the agent template: 
    bl new agent -t template-openclaw my-openclaw
cd my-openclaw
  3. Copy the .env.example file to .env: 
    cp .env.example .env
  4. Update the .env file with the following configuration values:
    • OPENCLAW_GATEWAY_TOKEN: Set the token to authenticate with the OpenClaw Gateway. Use a random hard-to-guess value.
    • OPENCLAW_MODEL: Set the model to use, such as anthropic/claude-opus-4-6.
    • ANTHROPIC_API_KEY, GEMINI_API_KEY or OPENAI_API_KEY: Set the model API key.
    You can add other variables that your OpenClaw agent may need. These variables will be automatically stored in Blaxel’s secret manager on deployment.

Deploy the agent

The template exposes the OpenClaw Gateway at a publicly accessible endpoint with no authentication or access controls enabled by default. If you require restricted access, you must deploy the agent behind an authentication/authorization layer (for example, API gateway, reverse proxy, or custom authentication middleware) before exposing the URL.Although the OpenClaw Gateway endpoint is publicly accessible by default, agent access still requires the correct OpenClaw Gateway token. You can configure the token after accessing the OpenClaw Gateway, using the value set in the .env file in the previous step.For additional protection, you may configure the OpenClaw Gateway as private in the agent’s deployment manifest. However, if you do this, you will not be able to access the user interface directly. In this case, you have two options:
  • Use a browser extension to automatically attach the required authentication headers to your requests when accessing OpenClaw on Blaxel’s domain.
  • Configure your own domain to proxy requests to Blaxel’s domain and inject the required authentication header at the proxy layer, eliminating the need for a browser extension.
  1. Deploy the agent: 
    bl deploy
  2. Browse to the “Curl” URL shown at the end of the deployment output. overview This displays the OpenClaw Control UI.
  3. Navigate to the Overview page of the OpenClaw Control UI. Enter the dashboard token configured earlier in the Gateway Token field. Click Connect. overview
The Control UI should now be fully functional and ready to accept requests, verified by the health check in the top right corner. paired

Test OpenClaw

Navigate to the Chat page, enter a prompt, and wait for a reply to confirm that the OpenClaw agent is working. You will be asked a few setup questions to provision the agent. chat Use the built-in Blaxel skills to give the agent tasks to perform in a sandboxed environment, as with the example below: chat With the Blaxel skill, OpenClaw will create a new sandbox, generate the required code, and return a URL which you can use to preview the result. The agent’s actions will take place within the boundaries of the Blaxel sandbox, ensuring complete isolation of the agent-generated code and commands.

Configure OpenClaw channels

OpenClaw supports multiple channels. To enable them, set the relevant environment variable and redeploy. For example, for Telegram:
  • Add the token to the .env file: TELEGRAM_BOT_TOKEN=123456:ABC-DEF...
  • Redeploy: bl deploy
For other channels, configure them through the Control UI after connecting, or add them to the openclaw.json config in entrypoint.sh.