Skip to main content
Back to Blog
Cloud ComputingSystem AdministrationDevOps
5 April 20264 min readUpdated 5 April 2026

Navigating OpenClaw on DigitalOcean: Your Next Steps

So, you've set up on a DigitalOcean Droplet using the one click installation option. That's a great start! But what comes next? How do you add skills, configure environment vari...

Navigating OpenClaw on DigitalOcean: Your Next Steps

So, you've set up OpenClaw on a DigitalOcean Droplet using the one-click installation option. That's a great start! But what comes next? How do you add skills, configure environment variables, and understand execution policies? This guide aims to help you get everything running smoothly after installation.

User Accounts: root vs openclaw

First, it's crucial to understand the user structure on your server. OpenClaw operates under a non-root system user called openclaw, which was created during installation to enhance security by restricting root-level access.

Here's how user roles are divided:

  • root: Handles system configurations, including environment variables and execution policies.
  • openclaw: Executes tools and skills. Use this account for installing or testing skills.
  • Note: The openclaw user cannot edit the /opt/openclaw.env file.

You'll need to switch between these users, and the guide will specify when to do so.

Installing Skills

Skills enable OpenClaw to utilize various tools. Some skills, like humanizer, are self-contained, while others, such as gog (Google Workspace), require additional binaries.

To begin, SSH into your droplet and switch to the openclaw user:

ssh root@DROPLET_IP
su - openclaw

Install a skill from ClawHub:

npx clawhub@latest install humanizer

For skills needing binaries, use Homebrew:

npx clawhub@latest install gog  # skill file from ClawHub
/home/openclaw/homebrew/bin/brew install steipete/tap/gogcli  # binary via Homebrew

Setting Environment Variables

Many skills require environment variables for API keys or credentials. These are stored in /opt/openclaw.env, which can only be edited by the root user for security reasons.

To edit:

  1. Exit to return to the root user: 
    exit
  2. Open the environment file: 
    nano /opt/openclaw.env
  3. Add necessary variables: 
    TWITTER_AUTH_TOKEN=your_key_here
TWITTER_CT0=value
  4. Save and exit the editor.

Restart the service to apply changes:

systemctl restart openclaw

Adjusting Execution Policies

If a skill isn't functioning, execution policies might be the issue. These settings control how OpenClaw operates on the system.

Run these commands as root:

/opt/openclaw-cli.sh config set tools.exec.host gateway
/opt/openclaw-cli.sh config set tools.exec.ask off
/opt/openclaw-cli.sh config set tools.exec.security full

Explanation of Execution Policies

  • tools.exec.host gateway: Routes execution through a gateway process, essential for VPS environments without interactive shells.
  • tools.exec.ask off: Disables approval prompts, necessary for automation.
  • tools.exec.security full: Grants maximum permissions within OpenClaw's sandbox, allowing most skills to function.

Security Implications

These settings facilitate automated operation while maintaining root control over system-critical files.

Checking Execution Policies

Verify the current settings:

/opt/openclaw-cli.sh config get tools.exec.host
/opt/openclaw-cli.sh config get tools.exec.ask
/opt/openclaw-cli.sh config get tools.exec.security

To view all execution-related settings:

/opt/openclaw-cli.sh config get tools

Restarting OpenClaw

Always restart OpenClaw after changing environment variables or execution policies:

systemctl restart openclaw

Permission Model Overview

  • root: Manages configuration and service control.
  • openclaw: Executes tasks without altering critical configurations.
  • Configuration File: /opt/openclaw.env is read-only for openclaw.

Viewing Sandbox Files

OpenClaw runs in a Docker container. To explore its environment:

  1. Switch to the openclaw user: 
    su - openclaw
  2. Find the container ID: 
    docker ps -a
  3. Connect to the container: 
    docker exec -it <CONTAINER_ID> /bin/bash

The sandbox root is located at /workspace.

Troubleshooting

  • Skill not functioning: Verify environment variables, execution policies, and service restarts.
  • Permission denied on /opt/openclaw.env: Edit as root.
  • Silent failures: Check tools.exec.security settings.
  • Commands hanging: Ensure correct tools.exec.host and tools.exec.ask settings.

For best results, ensure skills are installed as openclaw and configurations are managed by root.