The Philosophy of "File as Truth"
The foundation of OpenClaw is the Markdown-First Philosophy. Unlike traditional black-box AI systems, OpenClaw treats configuration as documentation. Every aspect of an agent’s existence—its personality, its capabilities, and its operational workflows—is stored in human-readable Markdown files. This ensures that the "Source of Truth" is transparent, version-controlled, and easily editable by both humans and LLMs.
- SOUL.md: The core identity and moral compass.
- SKILL.md: The manifest defining what the agent can actually do.
- AGENTS.md: The engineering blueprint for multi-agent orchestration.
The Core Infrastructure Stack
To move from static files to a living agent, OpenClaw utilizes a robust backend architecture designed for stability and flexibility:
- Agent Runtime: The engine room that manages the Lane Queue. It ensures that asynchronous tasks are processed without causing State Corruption, maintaining Session Isolation through every interaction.
- Gateway: The control plane that handles network identity and model routing. It acts as a security shield, mitigating risks like Remote Code Execution (RCE) on the WebSocket API.
- Tools Layer: A modular interface where the agent connects to external functions, APIs, and local scripts defined in the skill manifest.
- Model-Agnostic Engine: The system is not locked to a single provider. It can swap between Claude, GPT, or local models via the openclaw.json router.
- Surfaces & Channels: These are the interaction points (web UI, terminal, or mobile) where the agent manifests to the user.
Config: openclaw.json
{
"network_identity": "agent-01-alpha",
"model_routing": {
"primary": "anthropic/claude-3-opus",
"fallback": "local/llama-3-8b"
},
"env_injection": {
"secure_pass": true,
"policy": "prevent_leakage"
}
}
Type a command...
Question 1
Why does OpenClaw prioritize a Markdown-First Philosophy?
Question 2
Which component is responsible for preventing State Corruption during multi-agent tasks?
Challenge: Security Breach
Mitigating RCE risks on public channels.
Scenario: You are deploying an agent to a public-facing Discord channel. You notice that the agent is trying to execute unverified shell commands, creating an RCE (Remote Code Execution) risk.
Secure
How do you use the Gateway and SKILL.md to secure the infrastructure?
Solution:
1. Gateway Level: Restrict the WebSocket API port (18789) to local traffic only or implement strict authentication tokens.
2. SKILL.md Level: Define strict "Permissions" in the YAML metadata for the Tools Layer.
3. Instruction Level: Update the Six-Layer Filtering Funnel within the skill manifest to reject any command string that contains sensitive shell operators.
1. Gateway Level: Restrict the WebSocket API port (18789) to local traffic only or implement strict authentication tokens.
2. SKILL.md Level: Define strict "Permissions" in the YAML metadata for the Tools Layer.
3. Instruction Level: Update the Six-Layer Filtering Funnel within the skill manifest to reject any command string that contains sensitive shell operators.