ZeroClaw — Complete Reference Skill
Comprehensive operational knowledge for ZeroClaw, the fast, small, fully autonomous AI assistant infrastructure built in Rust.
Source:
https://github.com/zeroclaw-labs/zeroclaw | Version: 0.1.0 | Last updated: 2026-02-18
What Is ZeroClaw
- Language: 100% Rust, single binary (~3.4-8.8MB release)
- Memory: <5MB RAM at runtime
- Startup: <10ms cold start
- Platforms: ARM, x86, RISC-V — runs on $10 hardware
- Architecture: Trait-driven, everything is swappable (providers, channels, tools, memory, tunnels, security)
- Config: (TOML format)
- Workspace: (SOUL.md, AGENTS.md, IDENTITY.md, USER.md, MEMORY.md, TOOLS.md, HEARTBEAT.md, BOOTSTRAP.md)
- Identity: ZeroClaw introduces itself as ZeroClaw, never as ChatGPT/Claude/etc.
Installation
bash
# Option A: Clone + build
git clone https://github.com/zeroclaw-labs/zeroclaw.git
cd zeroclaw && ./bootstrap.sh
# Option B: Remote one-liner
curl -fsSL https://raw.githubusercontent.com/zeroclaw-labs/zeroclaw/main/scripts/bootstrap.sh | bash
# Fresh machine (install Rust + system deps)
./bootstrap.sh --install-system-deps --install-rust
# Quick onboard after install
zeroclaw onboard --api-key "your-api-key" --provider openrouter
CLI Reference (All Commands)
Top-Level
| Command | Purpose |
|---|
| Initialize workspace/config (quick setup) |
zeroclaw onboard --interactive
| Full interactive wizard |
zeroclaw onboard --channels-only
| Reconfigure channels only |
| Interactive AI chat |
zeroclaw agent -m "Hello"
| Single message mode |
zeroclaw agent --provider <ID> --model <MODEL>
| Override provider/model |
zeroclaw agent --peripheral <board:path>
| Attach hardware peripheral |
zeroclaw gateway [--host H] [--port P]
| Start webhook/websocket gateway |
zeroclaw daemon [--host H] [--port P]
| Full autonomous runtime (gateway + channels + heartbeat + scheduler) |
| Show full system status |
| Run diagnostics |
| List 30 supported AI providers |
Service Management (launchd/systemd)
bash
zeroclaw service install # Install for auto-start
zeroclaw service start # Start service
zeroclaw service stop # Stop service
zeroclaw service status # Check status
zeroclaw service uninstall # Remove service
Channel Management
bash
zeroclaw channel list # List all channels + status
zeroclaw channel start # Start all configured channels
zeroclaw channel doctor # Health check channels
zeroclaw channel add <type> <json> # Add channel (type + JSON config)
zeroclaw channel remove <name> # Remove channel
zeroclaw channel bind-telegram <IDENTITY> # Add Telegram user to allowlist
Note: is not a full config mutator yet — prefer editing
directly or using
.
Cron / Scheduling
bash
zeroclaw cron list # List tasks
zeroclaw cron add "<cron-expr>" "<command>" # Add recurring task
zeroclaw cron add --tz America/New_York "..." # With timezone
zeroclaw cron add-at <rfc3339> "<command>" # One-shot at timestamp
zeroclaw cron add-every <ms> "<command>" # Fixed interval
zeroclaw cron once <delay> "<command>" # One-shot delayed (e.g. "30m", "2h")
zeroclaw cron remove <id>
zeroclaw cron pause <id>
zeroclaw cron resume <id>
Models & Providers
bash
zeroclaw providers # List all 30 providers
zeroclaw models refresh # Refresh model catalogs
zeroclaw models refresh --provider <ID> # Refresh specific provider
zeroclaw models refresh --force # Force refresh
Skills
bash
zeroclaw skills list # List installed skills
zeroclaw skills install <source> # Install from GitHub URL or local path
zeroclaw skills remove <name> # Remove skill
Integrations
bash
zeroclaw integrations info <name> # Show integration details
# Examples: Telegram, Discord, Slack, iMessage, Matrix, Signal, WhatsApp, Email, DingTalk, Ollama
Auth
bash
zeroclaw auth login --provider <ID> # OAuth login (e.g. openai-codex)
zeroclaw auth login --provider <ID> --device-code # Device code flow
zeroclaw auth paste-token # Paste auth token (Anthropic)
zeroclaw auth setup-token # Alias for paste-token
zeroclaw auth refresh # Refresh OAuth token
zeroclaw auth logout # Remove auth profile
zeroclaw auth use --provider <ID> # Set active profile
zeroclaw auth list # List profiles
zeroclaw auth status # Show token expiry info
Hardware & Peripherals
bash
zeroclaw hardware discover # Enumerate USB devices (VID/PID)
zeroclaw hardware introspect <path> # Introspect device
zeroclaw hardware info [--chip <name>] # Chip info via probe-rs
zeroclaw peripheral list # List configured boards
zeroclaw peripheral add <board> <path> # Add board (e.g. nucleo-f401re /dev/ttyACM0)
zeroclaw peripheral flash [--port <port>] # Flash Arduino firmware
zeroclaw peripheral setup-uno-q # Setup Arduino Uno Q Bridge
zeroclaw peripheral flash-nucleo # Flash Nucleo-F401RE firmware
Migration
bash
zeroclaw migrate openclaw [--source <path>] [--dry-run] # Import from OpenClaw
Supported Providers (30 total)
| ID | Description |
|---|
| OpenRouter (default) |
| Anthropic |
| OpenAI |
| OpenAI Codex (OAuth) |
| Ollama [local] |
| Google Gemini |
| Venice |
| Vercel AI Gateway |
| Cloudflare AI |
| Moonshot / Kimi |
| OpenCode Zen |
| Z.AI |
| GLM (Zhipu) |
| MiniMax |
| Amazon Bedrock |
| Qianfan (Baidu) |
| Qwen (DashScope) |
| Groq |
| Mistral |
| xAI (Grok) |
| DeepSeek |
| Together AI |
| Fireworks AI |
| Perplexity |
| Cohere |
| GitHub Copilot |
| LM Studio [local] |
| NVIDIA NIM |
| OVHcloud AI Endpoints |
| Any OpenAI-compatible endpoint |
| Any Anthropic-compatible endpoint |
Custom Provider Setup
toml
# OpenAI-compatible
default_provider = "custom:https://your-api.com"
api_key = "your-api-key"
default_model = "your-model"
# Anthropic-compatible
default_provider = "anthropic-custom:https://your-api.com"
api_key = "your-api-key"
default_model = "your-model"
Channels (14 supported)
Channel Matrix
| Channel | Config Section | Access Control Field | Setup |
|---|
| CLI | always enabled | n/a | Built-in |
| Telegram | [channels_config.telegram]
| | |
| Discord | [channels_config.discord]
| | |
| Slack | | | |
| Mattermost | [channels_config.mattermost]
| | Manual config |
| Webhook | [channels_config.webhook]
| (optional) | Manual / onboard |
| iMessage | [channels_config.imessage]
| | macOS only |
| Matrix | | | |
| Signal | | | Manual config |
| WhatsApp | [channels_config.whatsapp]
| | |
| Email | | | Manual config |
| IRC | | | |
| Lark | | | Manual config |
| DingTalk | [channels_config.dingtalk]
| | |
Deny-by-Default Allowlist Rules
- (empty) = deny all
- = allow all (not recommended for production)
["123456789", "username"]
Telegram Setup
toml
[channels_config.telegram]
bot_token = "your-bot-token"
allowed_users = []
bash
# 1. Get bot token from @BotFather on Telegram
# 2. Add config above to ~/.zeroclaw/config.toml
# 3. Bind your user:
zeroclaw channel bind-telegram <USER_ID_OR_USERNAME>
# 4. Start:
zeroclaw daemon
Important: Telegram uses long-polling — no inbound port or public IP required. Only one poller per bot token allowed (don't run multiple daemons).
Discord Setup
- Go to https://discord.com/developers/applications
- Create app, enable Bot, copy token
- Enable MESSAGE CONTENT intent
- Run
Slack Setup
- Go to https://api.slack.com/apps
- Create app, add Bot Token Scopes, install
- Run
Mattermost Setup
toml
[channels_config.mattermost]
url = "https://mm.your-domain.com"
bot_token = "your-bot-access-token"
channel_id = "your-channel-id"
allowed_users = ["user-id-1"]
thread_replies = true
mention_only = true
WhatsApp Setup
toml
[channels_config.whatsapp]
access_token = "your-access-token"
phone_number_id = "your-phone-number-id"
verify_token = "your-verify-token"
allowed_numbers = ["+1234567890"]
WhatsApp requires a public URL (webhook) — use a tunnel (Tailscale/ngrok/Cloudflare).
Signal Setup
toml
[channels_config.signal]
http_url = "http://127.0.0.1:8686"
account = "+1234567890"
allowed_from = ["+1987654321"]
ignore_attachments = true
ignore_stories = true
Lark Setup
toml
[channels_config.lark]
app_id = "your-app-id"
app_secret = "your-app-secret"
allowed_users = ["your-user-id"]
receive_mode = "websocket" # or "webhook"
In-Chat Commands (Telegram/Discord)
While channel server is running, users can execute:
- — show available providers
- — switch provider (sender-scoped)
- — show current model
- — switch model (sender-scoped)
Switching clears that sender's conversation history to avoid cross-model contamination.
Config Reference ()
Core
| Key | Default | Notes |
|---|
| | Provider ID or alias |
| anthropic/claude-sonnet-4.5
| Model routed through provider |
| | 0.0-2.0 |
Gateway
| Key | Default | Purpose |
|---|
| | Bind address |
| | Listen port |
| | Require pairing for auth |
gateway.allow_public_bind
| | Block accidental public exposure |
Memory
| Key | Default | Purpose |
|---|
| | , , , |
| | Auto-persist |
memory.embedding_provider
| | , , or custom |
| | Hybrid search vector weight |
| | Hybrid search keyword weight |
Autonomy / Security
| Key | Default | Purpose |
|---|
| | , , |
| | Restrict to workspace |
autonomy.allowed_commands
| [git, npm, cargo, ls, cat, grep, find, echo, pwd, wc, head, tail]
| Whitelisted commands |
autonomy.max_actions_per_hour
| | Rate limit |
autonomy.max_cost_per_day_cents
| | Cost cap |
Agent
| Key | Default |
|---|
agent.max_tool_iterations
| |
agent.max_history_messages
| |
| |
Browser Control
| Key | Default | Purpose |
|---|
| | Enable browser tools |
| | Domain allowlist ( for all) |
| | , , , |
| | Headless mode for rust_native backend |
browser.native_webdriver_url
| | WebDriver endpoint for rust_native |
browser.native_chrome_path
| (auto) | Optional explicit Chrome binary path |
browser.computer_use.endpoint
| http://127.0.0.1:8787/v1/actions
| Computer-use sidecar endpoint |
browser.computer_use.timeout_ms
| | Per-action timeout |
browser.computer_use.allow_remote_endpoint
| | Only allow localhost sidecar |
HTTP Requests
| Key | Default | Purpose |
|---|
| | Enable HTTP request tool |
http_request.allowed_domains
| | Domain allowlist ( for all) |
http_request.max_response_size
| | Max response bytes (0 = unlimited) |
http_request.timeout_secs
| | Request timeout (0 = unlimited) |
Other Notable Sections
- — native or docker sandbox
- — provider retries, backoff, fallback
- — task scheduling (max 64 tasks, 4 concurrent)
- — periodic check-ins (disabled by default)
- — cron scheduling
- — provider: , , ,
- — Composio integration (250+ app integrations)
- — encrypted secrets
- — DuckDuckGo by default
- — HTTP proxy support
- — daily/monthly limits, per-model pricing
- — hardware boards
Browser Control Setup
Browser Backends
| Backend | Mechanism | Runtime Requirement | Build Requirement |
|---|
| (default) | Calls Vercel's CLI as subprocess | on | None (default build) |
| In-process WebDriver via fantoccini | ChromeDriver running | cargo build --release --features browser-native
|
| HTTP POST to sidecar for OS-level mouse/keyboard/screen | Computer-use sidecar server | None |
| Auto-detects best available backend | Depends on what's installed | None |
Recommended Setup: with Visible Chrome Window
This gives you a visible Chrome window that pops up on your desktop (like OpenClaw) — you can watch the AI browse, log into sites, and the profile persists cookies/sessions.
Step 1: Install agent-browser
bash
npm install -g agent-browser
# Verify:
agent-browser --version
Step 2: Configure agent-browser for headed mode
Create
~/.agent-browser/config.json
:
json
{
"headed": true,
"profile": "~/.agent-browser/profile",
"executablePath": "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome"
}
CRITICAL: The is required for headed (visible) mode. By default, agent-browser uses Playwright's bundled Chromium (
~/Library/Caches/ms-playwright/chromium-*/
) which ignores the
flag and always runs headless. Pointing to your real Google Chrome install fixes this.
Common Chrome paths:
- macOS:
/Applications/Google Chrome.app/Contents/MacOS/Google Chrome
- Linux: or
- Windows:
C:\Program Files\Google\Chrome\Application\chrome.exe
The
path gives you persistent cookies/logins across sessions.
Step 3: Configure ZeroClaw
toml
[browser]
enabled = true
allowed_domains = ["*"]
backend = "agent_browser"
Step 4: Start daemon with headed env var (belt and suspenders)
bash
AGENT_BROWSER_HEADED=true zeroclaw daemon
Or for service install, export the env var in your shell profile first.
agent-browser CLI Reference
bash
agent-browser open <url> # Navigate to URL
agent-browser click <selector> # Click element
agent-browser type <sel> <text> # Type into element
agent-browser fill <sel> <text> # Clear and fill
agent-browser screenshot [path] # Take screenshot
agent-browser snapshot # Accessibility tree with @refs (for AI)
agent-browser eval <js> # Run JavaScript
agent-browser close # Close browser
agent-browser --headed open <url> # Force visible window
agent-browser --session <name> ... # Isolated session
agent-browser --profile <path> ... # Persistent browser profile
agent-browser Environment Variables
| Var | Purpose |
|---|
| Show browser window (not headless) |
| Session name |
AGENT_BROWSER_SESSION_NAME
| Auto-save/restore state persistence |
| Persistent browser profile path |
AGENT_BROWSER_EXECUTABLE_PATH
| Custom browser binary |
| Proxy server URL |
| Path to config file |
AGENT_BROWSER_AUTO_CONNECT
| Auto-discover running Chrome |
AGENT_BROWSER_STREAM_PORT
| WebSocket streaming port |
Browser Security Model
- All URLs pass through which enforces
- scheme is blocked (prevents local file exfiltration)
- Private/reserved IP ranges are rejected
- For : coordinate validation, endpoint must be localhost unless
allow_remote_endpoint = true
Troubleshooting Browser
| Problem | Solution |
|---|
| Browser opens but invisible (headless) | Set in ~/.agent-browser/config.json
|
| "domain not in allowed list" | Set browser.allowed_domains = ["*"]
|
| agent-browser not found | npm install -g agent-browser
|
| Browser closes immediately | Check ; ensure Chrome is installed |
| Stale session | then retry |
Full Autonomy Setup (Max Power Mode)
To unlock all capabilities and remove all restrictions:
Config ()
toml
[autonomy]
level = "full"
workspace_only = false
allowed_commands = ["*"]
forbidden_paths = []
max_actions_per_hour = 200
max_cost_per_day_cents = 5000
require_approval_for_medium_risk = false
block_high_risk_commands = false
auto_approve = [
"shell",
"file_read",
"file_write",
"memory_store",
"memory_recall",
"memory_forget",
]
always_ask = []
[agent]
compact_context = false
max_tool_iterations = 50
max_history_messages = 200
parallel_tools = true
tool_dispatcher = "auto"
[scheduler]
enabled = true
max_tasks = 128
max_concurrent = 8
[heartbeat]
enabled = true
interval_minutes = 30
[browser]
enabled = true
allowed_domains = ["*"]
backend = "agent_browser"
[http_request]
enabled = true
allowed_domains = ["*"]
max_response_size = 10485760
timeout_secs = 30
[composio]
enabled = true
entity_id = "default"
[web_search]
enabled = true
provider = "duckduckgo"
max_results = 5
timeout_secs = 15
External Dependencies for Full Power
bash
# Browser control (visible Chrome window)
npm install -g agent-browser
# agent-browser config (~/.agent-browser/config.json)
{
"headed": true,
"profile": "~/.agent-browser/profile",
"executablePath": "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome"
}
# Start daemon with headed browser
AGENT_BROWSER_HEADED=true zeroclaw daemon
What Each Setting Unlocks
| Setting | What it does |
|---|
| No approval needed for any action |
autonomy.workspace_only = false
| Can access files anywhere on system |
autonomy.allowed_commands = ["*"]
| Can run any shell command |
autonomy.forbidden_paths = []
| No path restrictions |
block_high_risk_commands = false
| Destructive commands allowed |
auto_approve = [all tools]
| All tools run without confirmation |
agent.max_tool_iterations = 50
| 5x more tool calls per task |
agent.parallel_tools = true
| Run multiple tools simultaneously |
| Browser automation active |
browser.allowed_domains = ["*"]
| Can browse any website |
http_request.enabled = true
| Can make HTTP requests to any domain |
| 250+ app integrations (Gmail, Calendar, GitHub, etc.) |
| Proactive background checks every 30 min |
scheduler.max_concurrent = 8
| 8 parallel scheduled tasks |
Security Warning
Full autonomy mode removes all guardrails. The agent can:
- Run any command on your system
- Read/write any file
- Browse any website with your Chrome profile (cookies, logins)
- Make HTTP requests to any domain
- Execute shell commands without approval
Only use this on trusted, personal machines. For shared/production use, keep
mode with explicit allowlists.
Operations Runbook
Runtime Modes
| Mode | Command | When |
|---|
| Foreground runtime | | Local debugging |
| Gateway only | | Webhook testing |
| User service | zeroclaw service install && start
| Persistent runtime |
Operator Checklist
bash
zeroclaw status # Check config
zeroclaw doctor # Run diagnostics
zeroclaw channel doctor # Check channel health
zeroclaw daemon # Start runtime
Safe Config Change Flow
- Backup
- Apply one logical change
- Run
- Restart daemon/service
- Verify with +
Logs
- macOS/Windows:
~/.zeroclaw/logs/daemon.stdout.log
- Linux systemd:
journalctl --user -u zeroclaw.service -f
Network Deployment
Telegram/Discord/Slack (No Port Needed)
These use long-polling — outbound only. Works behind NAT, on RPi, in home labs.
bash
zeroclaw daemon --host 127.0.0.1 --port 3000
Webhook Channels (WhatsApp, etc.)
Need a public URL. Options:
[tunnel] provider = "tailscale"
[tunnel] provider = "ngrok"
- Cloudflare Tunnel
LAN Access
toml
[gateway]
host = "0.0.0.0"
allow_public_bind = true
Hardware Peripherals
Supported Boards
| Board | Transport | Path |
|---|
| nucleo-f401re | serial | /dev/ttyACM0 |
| arduino-uno | serial | /dev/ttyACM0, /dev/cu.usbmodem* |
| arduino-uno-q | bridge | (IP) |
| rpi-gpio | native | native |
| esp32 | serial | /dev/ttyUSB0 |
Adding a Board
bash
zeroclaw peripheral add nucleo-f401re /dev/ttyACM0
Or in config:
toml
[peripherals]
enabled = true
datasheet_dir = "docs/datasheets"
[[peripherals.boards]]
board = "nucleo-f401re"
transport = "serial"
path = "/dev/ttyACM0"
baud = 115200
Two Operation Modes
- Edge-Native: ZeroClaw runs directly on device (ESP32, RPi) with local GPIO/I2C/SPI
- Host-Mediated: ZeroClaw on host (Mac/Linux) connects to device via USB/J-Link for development/debugging
Troubleshooting Quick Reference
| Problem | Solution |
|---|
| not found | ./bootstrap.sh --install-rust
|
| not found | export PATH="$HOME/.cargo/bin:$PATH"
|
| Gateway unreachable | Check / in config |
Telegram terminated by other getUpdates
| Stop extra daemon/channel processes — only one poller per token |
| Channel unhealthy | then verify credentials + allowlist |
| Service not running | zeroclaw service stop && zeroclaw service start
|
| Config world-readable warning | chmod 600 ~/.zeroclaw/config.toml
|
| Browser opens headless (invisible) | Set in ~/.agent-browser/config.json
|
| "domain not in allowed list" for browser | Set browser.allowed_domains = ["*"]
|
| Agent claims domain restrictions that don't exist | The LLM is hallucinating — tell it "allowed_domains is wildcard, browse it now" |
| not found | npm install -g agent-browser
|
Diagnostic Commands
bash
zeroclaw --version
zeroclaw status
zeroclaw doctor
zeroclaw channel doctor
zeroclaw channel list
Workspace Files
| File | Purpose |
|---|
| Agent personality, identity, communication style |
| Session protocol, memory system, safety rules |
| Name, creature type, vibe, emoji |
| User profile, preferences, work context |
| Long-term curated memories (auto-injected in main session) |
| Local notes — SSH hosts, device names, environment specifics |
| Periodic tasks (empty = skip heartbeat) |
| First-run onboarding (delete after initial setup) |
Memory System
- Daily notes: — raw logs (on-demand via tools)
- Long-term: — curated, auto-injected each session
- Tools: , ,
Security Model
- Deny-by-default channel allowlists
- Gateway pairing required by default
- Public bind disabled by default
- Workspace-scoped filesystem access
- Command allowlist for shell execution
- Rate limiting (actions/hour, cost/day)
- Encrypted secrets storage
- Pluggable sandboxing (Landlock, Firejail, Bubblewrap, Docker — feature-gated)
- Audit logging (proposal/roadmap — HMAC-signed tamper-evident logs)
LangGraph / Python Integration
Python package provides LangGraph-based tool calling for consistent behavior with any OpenAI-compatible provider:
bash
pip install zeroclaw-tools
python
from zeroclaw_tools import create_agent, shell, file_read, file_write
agent = create_agent(tools=[shell, file_read, file_write], model="glm-5", api_key="your-api-key", base_url="your-base-url")
Open Skills Integration
ZeroClaw integrates with Open Skills (
https://github.com/besoeasy/open-skills) — pre-built execution playbooks that reduce token usage by 95-98%.
Skills are synced to
~/.zeroclaw/workspace/skills/
and installed via:
bash
zeroclaw skills install <github-url-or-local-path>
Key Design Principles
- Zero overhead — <5MB RAM, <10ms startup, ~3.4MB binary
- Zero compromise — full security without sacrificing performance
- 100% Rust — single binary, no runtime dependencies
- 100% Agnostic — swap providers, channels, tools, memory, tunnels at will
- Trait-driven — every subsystem is a trait, making everything pluggable
- Secure by default — pairing, scoping, allowlists, encrypted secrets