OpenClaw Windows 11 setup guide

Environment prerequisites

Windows 11 enforces strict sandboxing and virtualization requirements that affect how background services like OpenClaw interact with the file system and network stack. Before installing, run winver to confirm you are on build 22621 or later. Older builds have known compatibility issues with the OpenClaw relay driver.

The OpenClaw relay component uses a lightweight kernel-mode filter on Windows to intercept browser automation commands. This requires that Virtual Machine Platform and Windows Hypervisor Platform features are enabled in Windows Features. If these are disabled, the relay falls back to a user-mode implementation that has reduced capabilities and higher latency.

Disable Windows Defender antivirus scanning for the OpenClaw installation directory to prevent it from quarantining skill scripts during execution. OpenClaw skills use disk I/O patterns that antivirus software sometimes flags as suspicious behavior. Add C:\Program Files\ClawMesh to the Windows Security exclusions list.

• Windows 11 22H2 or later with all cumulative updates applied
• 8 GB RAM minimum, 16 GB recommended for multi-agent workloads
• AMD Ryzen 5000 series or Intel 11th Gen Core or later
• 40 GB free space on an SSD for runtime, dependencies, and task artifacts
• Windows Defender disabled for the OpenClaw install directory, or add exclusion
• PowerShell 5.1 or later (PowerShell 7 recommended)

Installation

The Windows installer packages the runtime, relay service, and a graphical dashboard launcher. Run the downloaded .exe file as Administrator because the relay driver installation requires elevated privileges. The installer will prompt for UAC consent before proceeding.

After installation, open PowerShell and run clawmesh doctor to verify the environment is correctly configured. This command checks the Windows version, Hyper-V feature status, antivirus exclusions, and network connectivity to the ClawMesh cloud backend. Address any failures before creating your first agent.

The OpenClaw dashboard runs as a system tray application on Windows. After installation, you will see the ClawMesh icon in the system tray. Right-click it to access the dashboard, settings, and service management options.

• Download the Windows installer (.exe) from the ClawMesh dashboard
• Run the installer as Administrator to install the relay driver
• OpenClaw installs to C:\Program Files\ClawMesh by default
• Launch from the Start menu or run clawmesh doctor to verify

First run and validation

The sign-in flow opens a browser window for OAuth authentication. After authenticating, your workspace token is stored in the Windows Credential Manager under the ClawMesh target. This token is scoped to your workspace and has no administrative system privileges.

Create your first agent using the dashboard New Agent button. Accept all defaults for the first run, including the default skill set. Once the agent is active, submit a simple verifiable task such as list the environment variables to confirm the execution pipeline is functional end-to-end.

Agent logs are stored at C:\ProgramData\ClawMesh\logs. Check this directory if a task fails or produces unexpected output. Each log file is rotated daily and named by date, making it straightforward to correlate failures with specific task submissions.

• Sign in with your ClawMesh workspace credentials
• Create one agent with default settings and no additional skills
• Submit a simple test task and verify structured output
• Inspect agent logs for any warnings or permission errors

Windows-specific configuration

OpenClaw ships skill scripts as PowerShell modules. By default, Windows restricts script execution to signed modules. Set the execution policy to RemoteSigned for the local machine to allow OpenClaw skills to run without requiring full code signing: Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine.

Add the OpenClaw CLI to your system PATH by running: setx PATH "$env:PATH;C:\Program Files\ClawMesh\bin" /M. This makes the clawmesh command available in any new PowerShell or Command Prompt window.

If your Windows 11 machine uses strict firewall profiles, create an outbound rule allowing TCP traffic on ports 443 and 22 to all ClawMesh cloud endpoints. Agent tasks that call external APIs or SSH into remote servers need these ports open.

• Configure PowerShell execution policy to allow local script execution
• Set the system PATH to include the OpenClaw CLI binary directory
• Configure Windows Firewall rules if agents need to make outbound connections
• Enable Long Path Support via Group Policy if handling deeply nested directory structures

Stabilization and maintenance

Windows Defender and other antivirus software periodically update their threat signatures and may begin flagging OpenClaw skill scripts that were previously allowed. Monitor the C:\ProgramData\ClawMesh\logs\watchdog.log file for antivirus interference events. If scripts are being quarantined, re-add the exclusion and file a support request so the skill scripts can be code-signed in a future release.

The OpenClaw relay on Windows maintains a persistent WebSocket connection to the ClawMesh cloud backend. If your network uses a proxy or VPN, configure the proxy settings in the dashboard under Settings > Network. The relay does not respect system proxy settings automatically because it runs as a service.

• Pin the runtime version after first successful run
• Review logs weekly for any recurring warning patterns
• Update skills one at a time after pinning the runtime
• Use the built-in health dashboard to monitor relay uptime