#How to know token openclaw?

1 messages · Page 1 of 1 (latest)

upbeat echoBOT
#

If you mean the Gateway token, run:

openclaw config get gateway.auth.token

If that returns nothing, generate one with:

openclaw doctor --generate-gateway-token

Then paste it into the dashboard at Overview -> Gateway Access.

A couple gotchas:

  • Some setups use OPENCLAW_GATEWAY_TOKEN from the environment instead.
  • Some setups use a password instead of a token.
#

Yep, that’s the token, OpenClaw redacted it here on my side.

If you pasted the real token into this public thread, treat it as exposed and rotate it now:

openclaw config set gateway.auth.token "$(openssl rand -hex 32)"
openclaw gateway restart
openclaw config get gateway.auth.token

Then use the new token in Overview -> Gateway Access.

If you only checked it locally and didn’t expose it, you’re fine, just use:

openclaw config get gateway.auth.token
coarse mauve
#

[gateway] signal SIGTERM received

upbeat echoBOT
#

That line just means the gateway got a SIGTERM, so it was asked to shut down cleanly.

Usually that is normal if you just:

  • restarted OpenClaw
  • stopped the service
  • updated/redeployed
  • closed a container/process manager

Check whether it came back up:

openclaw gateway status
openclaw status

If it stayed down, inspect logs:

coarse mauve
#

[gateway] signal SIGTERM received, how to keep the proccess alive

#

bro is dead, [gateway] signal SIGTERM received, how to keep the proccess alive

upbeat echoBOT
#

Yeah, that means something outside OpenClaw killed the gateway. SIGTERM is basically “please shut down now.”

Best fix depends on how you’re running it:

1. Local machine, recommended

openclaw gateway install
openclaw gateway start
openclaw gateway status

2. Docker / panel / VPS host

  • run openclaw gateway run as the main foreground process
  • enable the platform’s restart policy
  • do not start it inside a shell that exits

3. Temporary quick fix

#
  • run it inside tmux/screen
  • then start:
openclaw gateway run

If it dies immediately after start, check:

openclaw logs --follow
openclaw gateway status

If you want, tell me what environment you’re on:

  • Linux/macOS/Windows
  • Docker
  • Pterodactyl/panel/VPS
coarse mauve
#

I was changing the "secrets" and setting up openrouter api and then there is something secrets undefined → [redacted - click reveal to view]

upbeat echoBOT
#

Yep, that part is normal.

undefined
→
[redacted - click reveal to view]

means:

  • undefined = there was no previous value
  • [redacted - click reveal to view] = you set a new secret value, and the UI is hiding it on purpose

So if you were adding your OpenRouter API key, that diff is expected đź‘Ť

After saving, verify it loaded with:

coarse mauve
#

But im clicking "save" and "apply" in Web interface and nothing has happened theres still this "View 1 pending change"

upbeat echoBOT
#

If “View 1 pending change” stays there, the change is still only in the browser and did not get committed.

Given your earlier SIGTERM, my first guess is the web UI is disconnected from the gateway. In that state, clicking Save/Apply can look like it did nothing.

Try this:

openclaw gateway start
openclaw gateway status

Then in the web UI:

  1. go to Overview
  2. make sure it says connected
  3. reconnect in Gateway Access if needed
  4. reload the page
  5. try Apply again
# 
openclaw --version
openclaw gateway status
coarse mauve
# 
[gateway] received SIGTERM; shutting down
upbeat echoBOT
#

That confirms it: OpenClaw is not crashing on its own, something else is sending SIGTERM and stopping it.

So the fix is about how you launch it:

If this is your own Linux/macOS/Windows machine

openclaw gateway install
openclaw gateway start
openclaw gateway status

If this is Docker / Pterodactyl / a hosting panel

  • make the startup command the foreground process:
openclaw gateway run
  • enable the platform’s auto-restart / restart policy
#
  • do not run it inside a shell that exits

Right now I need one detail to give the exact fix:

What are you running OpenClaw on?

  • normal Linux/macOS/Windows
  • Docker
  • Pterodactyl/panel
  • VPS host like Render/Railway/etc.

Also paste:

openclaw --version
openclaw gateway status
coarse mauve
#

TypeError: Cannot read properties of undefined (reading 'trim')

openclaw onboard after setting up connection with telegram bot

coarse mauve
#

TypeError: Cannot read properties of undefined (reading 'trim')

upbeat echoBOT
#

Yep, same error, so I’d do the session-store reset next.

If you’re on the default path, try this exact sequence:

openclaw --version
openclaw gateway stop
mv ~/.openclaw/agents/main/sessions/sessions.json ~/.openclaw/agents/main/sessions/sessions.json.bak.$(date +%s)
openclaw gateway start
openclaw onboard

If that mv path doesn’t exist, first find the real store path with:

openclaw sessions --all-agents --json
#

and rename the sessions.json it shows.

This is a backup/rename, not a delete.

Then paste the outputs of:

openclaw --version
openclaw gateway status

If that fixes it, please right-click the solution message → Apps → ✅ Mark Solution so Answer Overflow can index it.

coarse mauve
#

"agent couldnt generate response. please try again" whats this

upbeat echoBOT
#

That message is just the generic fallback error, not the real cause.

It usually means one of these:

  • model/provider auth is broken
  • the gateway restarted/disconnected
  • the upstream API failed
  • the session/onboarding flow hit an internal error

The real clue will be in status/logs. Please paste:

openclaw --version
openclaw status --all
openclaw models status

and if you can, watch the live log while reproducing it:

coarse mauve
#

stopReason=stop payloads=0 — surfacing error to user

upbeat echoBOT
#

That log means:

  • the run ended with stopReason=stop
  • but it produced payloads=0, so no visible reply
  • OpenClaw then showed the fallback error to the user

So in plain English: the model/provider stopped without giving OpenClaw any usable answer.

Common causes:

  • upstream provider returned an empty response
  • auth/profile issue
  • model/tool-calling incompatibility
  • session/bootstrap bug from the earlier errors

Please paste these next:

coarse mauve
#

can you share with me detailed info how to configure openrouter in config

upbeat echoBOT
#

Yep. The cleanest OpenRouter setup is:

Recommended

openclaw onboard --auth-choice openrouter-api-key

That is the documented path for OpenRouter.

Manual config, safer version

Put the key in ~/.openclaw/.env:

OPENROUTER_API_KEY=sk-or-...

Then in ~/.openclaw/openclaw.json:

# 
{
  agents: {
    defaults: {
      model: { primary: "openrouter/auto" },
    },
  },
}

Manual config, all in one file

This also works, but it stores the key directly in config:

{
  env: {
# 
    OPENROUTER_API_KEY: "sk-or-...",
  },
  agents: {
    defaults: {
      model: { primary: "openrouter/auto" },
    },
  },
}

After that

Verify it with:

openclaw models status
# 
openclaw status

If needed, you can switch later from openrouter/auto to a specific OpenRouter route with:

openclaw models set openrouter/<provider>/<model>

My recommendation for you

Since your web UI has been flaky, I’d use either:

  1. openclaw onboard --auth-choice openrouter-api-key, or
  2. .env + openclaw.json

Docs:
https://docs.openclaw.ai/providers/openrouter

coarse mauve
#

yes gimme a copy-paste standard config after onboard but with openrouter, Telegram, twillo

upbeat echoBOT
#

Yep. I’m assuming Twilio = the Voice Call plugin, not Twilio WhatsApp.

First, install the plugin:

openclaw plugins install @openclaw/voice-call

Then use something like this in ~/.openclaw/openclaw.json:

{
  env: {
    OPENROUTER_API_KEY: "sk-or-...",
    TELEGRAM_BOT_TOKEN: "123456789:AA...",
  },
# 

  agents: {
    defaults: {
      model: { primary: "openrouter/auto" },
    },
  },

  channels: {
    telegram: {
      enabled: true,
      dmPolicy: "pairing",
      groups: {
        "*": { requireMention: true },
      },
    },
# 
  },

  plugins: {
    entries: {
      "voice-call": {
        enabled: true,
        config: {
          provider: "twilio",

          fromNumber: "+15550001234",
          toNumber: "+15550005678",

          twilio: {
            accountSid: "ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
            authToken: "your-twilio-auth-token",
# 
          },

          serve: {
            port: 3334,
            path: "/voice/webhook",
          },

          publicUrl: "https://your-public-domain.example.com/voice/webhook",

          outbound: {
            defaultMode: "notify",
          },

          // Optional, only if you also want Twilio media streaming + realtime STT.
          // OpenRouter does NOT replace this part.
# 
          // streaming: {
          //   enabled: true,
          //   provider: "openai",
          //   streamPath: "/voice/stream",
          //   providers: {
          //     openai: {
          //       apiKey: "sk-...",
          //       model: "gpt-4o-transcribe",
          //       silenceDurationMs: 800,
          //       vadThreshold: 0.5,
          //     },
          //   },
          // },
        },
      },
# 
    },
  },
}

Then restart and verify:

openclaw gateway restart
openclaw models status
openclaw status

Important notes:

  • Telegram can use TELEGRAM_BOT_TOKEN from env, so no need to set channels.telegram.botToken separately.
  • OpenRouter is your main model provider here.
coarse mauve
# 
Also not a valid hook pack: Error: package.json missing openclaw.hooks```
upbeat echoBOT
#

Yep, the important part is the scanner block, not the “not a valid hook pack” bit.

What happened:

  • plugins install checked the package
  • the built-in dangerous-code scanner flagged it
  • the installer also checked whether it was a hook pack, it isn’t, so you got that extra message too

If you are installing the official package from the docs, and you trust it, the documented break-glass override is:

openclaw plugins install @openclaw/voice-call --dangerously-force-unsafe-install

Then restart:

coarse mauve
#

fetch failed | Connect Timeout Error (attempted address: clawhub.ai:443, timeout: 10000ms)

upbeat echoBOT
#

That one is just a network timeout, not a config error.

OpenClaw tried to reach clawhub.ai:443 and couldn’t connect within 10s.

So the likely causes are:

  • your server/VPS can’t reach ClawHub right now
  • DNS/firewall/proxy is blocking it
  • ClawHub was temporarily slow or unreachable

Try these:

curl -I https://clawhub.ai
curl -I https://registry.npmjs.org
openclaw gateway status
#

If clawhub.ai times out there too, it’s a network/connectivity problem on that machine.

Also, plugin installs for bare packages check ClawHub first, then npm, so a ClawHub timeout can get in the way.

Docs:
https://docs.openclaw.ai/cli/plugins
https://clawhub.ai

If you paste the output of those curl checks, I can tell you whether it’s DNS, firewall, or just a temporary outage.

coarse mauve
# 
curl -I https://registry.npmjs.org
openclaw gateway status``` its all alright
upbeat echoBOT
#

Nice, then that timeout was probably transient, not a permanent network problem.

I’d just retry the install now.

For the official voice-call plugin:

openclaw plugins install @openclaw/voice-call --dangerously-force-unsafe-install
openclaw gateway restart

Why that command:

  • @openclaw/voice-call is the documented package
  • your earlier block was the scanner, not invalid config
  • --dangerously-force-unsafe-install is the documented override for scanner false positives, only use it for a plugin you trust

If it still times out even though curl works, paste:

coarse mauve
#

fetch failed | Connect Timeout Error (attempted address: clawhub.ai:443, timeout: 10000ms)

upbeat echoBOT
#

If curl works but plugins install still times out on clawhub.ai, then this is starting to look like a ClawHub lookup/install-path issue, not basic network reachability.

Fastest workaround

Bypass the registry lookup and install from a trusted local plugin path instead.

If you have an OpenClaw source checkout, use the voice-call plugin folder from that repo, for example:

PLUGIN_SRC=./extensions/voice-call
openclaw plugins install "$PLUGIN_SRC" --dangerously-force-unsafe-install
cd "$PLUGIN_SRC" && pnpm install
openclaw gateway restart

That follows the local-folder install path from the docs and skips the ClawHub fetch.

If you do not have a source checkout

coarse mauve
#

can i install with npm and auto setting up voice call?

upbeat echoBOT
#

Short version: install, yes. Auto-setup, not really.

There is not a one-command “auto configure Twilio voice-call” flow right now, because you still need to provide things like:

  • Twilio accountSid
  • Twilio authToken
  • fromNumber
  • webhook publicUrl

Also, in #help I’d use pnpm / OpenClaw’s plugin installer, not raw npm.

The supported flow is:

openclaw plugins install @openclaw/voice-call

then configure:

# 
plugins: {
  entries: {
    "voice-call": {
      enabled: true,
      config: {
        provider: "twilio",
        fromNumber: "+15550001234",
        twilio: {
          accountSid: "ACxxxxxxxx",
          authToken: "...",
        },
        publicUrl: "https://your-domain.example.com/voice/webhook",
      },
    },
  },
coarse mauve
#

can i set up telnyx instead of twillo?

upbeat echoBOT
#

Yep, Telnyx is supported in the same voice-call plugin.

You’d switch the provider from twilio to telnyx and use Telnyx creds instead:

{
  plugins: {
    entries: {
      "voice-call": {
        enabled: true,
        config: {
          provider: "telnyx",
          fromNumber: "+15550001234",
          toNumber: "+15550005678",

          telnyx: {
# 
            apiKey: "...",
            connectionId: "...",
            publicKey: "...",
          },

          serve: {
            port: 3334,
            path: "/voice/webhook",
          },

          publicUrl: "https://your-public-domain.example.com/voice/webhook",

          outbound: {
            defaultMode: "notify",
          },
# 
        },
      },
    },
  },
}

Important:

  • Telnyx needs a publicly reachable webhook URL
  • telnyx.publicKey is required unless you intentionally disable signature verification for testing

Docs:
https://docs.openclaw.ai/plugins/voice-call

If you want, I can give you the smallest Telnyx-only config with OpenRouter + Telegram + Telnyx together in one paste.

coarse mauve
#

how to save the open router key in "secrets" in web interface of openclaw if i clicked "save" but its still "View 1 pending change"

upbeat echoBOT
#

If it still says “View 1 pending change”, then the secret is not actually saved yet. It’s still only in the browser form.

There is no extra hidden “secret save” step.
If Save or Apply worked, that pending change would disappear.

Usually it means one of these:

  • the Control UI is not connected
  • the config write failed
  • the page got stale and needs reload

Try this:

  1. Go to Overview and make sure the gateway says connected
  2. Go back to Config
  3. Click Reload or refresh the page
  4. Re-enter the OpenRouter key
  5. Click Apply
#

If it still stays stuck, I would stop using the web form for this key and use the reliable path instead:

~/.openclaw/.env

OPENROUTER_API_KEY=sk-or-...

~/.openclaw/openclaw.json

{
  agents: {
    defaults: {
      model: { primary: "openrouter/auto" },
    },
  },
}
coarse mauve
#

GatewayRequestError: Sentinel value "__OPENCLAW_REDACTED__" in key env.OPENROUTER_API_KEY is not valid as real data

upbeat echoBOT
#

Yep, that’s the root cause.

__OPENCLAW_REDACTED__ is just a safety placeholder, not your real key.
OpenClaw is telling you that the config currently contains the redacted fake value, not the real OpenRouter API key.

Fix

Remove the bad value:

openclaw config unset env.OPENROUTER_API_KEY

Then set the real key again, preferably in:

~/.openclaw/.env

# 
OPENROUTER_API_KEY=sk-or-...

Keep your model config as:

{
  agents: {
    defaults: {
      model: { primary: "openrouter/auto" },
    },
  },
}

Then restart and verify:

coarse mauve
#

Config path not found: env.OPENROUTER_API_KEY

upbeat echoBOT
#

That’s actually a good sign.

It means env.OPENROUTER_API_KEY is not currently saved in openclaw.json.
So the bad redacted value was probably only sitting in the web UI pending change, not in the real config.

Do this now

  1. In the web UI, click Reload on the Config page, or refresh the page entirely
    This should discard the bad pending change.

  2. Do not paste __OPENCLAW_REDACTED__ again.

  3. Put the real OpenRouter key in:

~/.openclaw/.env

# 
OPENROUTER_API_KEY=sk-or-...
  1. Keep your config like this:
{
  agents: {
    defaults: {
      model: { primary: "openrouter/auto" },
    },
  },
}
  1. Restart and verify:
coarse mauve
#

ive saved it in ~/openclaw/.env

upbeat echoBOT
#

Ah, that is probably the wrong path.

For OpenClaw, the reliable global fallback is:

~/.openclaw/.env

Not:

~/openclaw/.env

~/openclaw/.env only helps if you are running OpenClaw from that exact repo folder as the current working directory.
If you’re using the normal gateway/daemon setup, use:

# 
~/.openclaw/.env

Then restart:

openclaw gateway restart
openclaw models status

So I’d move/copy the key into:

~/.openclaw/.env
coarse mauve
#

yeah i saved it in ~/.openclaw/.env but nothing happened, still "couldnt generate a response"

upbeat echoBOT
#

Got it. Saving the key in ~/.openclaw/.env by itself won’t fix the reply path unless these are also true:

Check these 3 things

1. The key line is exact
In ~/.openclaw/.env:

OPENROUTER_API_KEY=sk-or-...

No redacted placeholder, no extra quotes, no spaces around =.

2. Your model is actually set to OpenRouter
In ~/.openclaw/openclaw.json:

# 
{
  agents: {
    defaults: {
      model: { primary: "openrouter/auto" },
    },
  },
}

3. Restart the gateway

openclaw gateway restart

Then verify

upbeat echoBOT
#

This is actually helpful.

Good news

Your OpenRouter key is loading correctly.

This line confirms it:

- openrouter ... source=env: OPENROUTER_API_KEY

So the problem is not “my key isn’t being read”.

What looks suspicious

Two things stand out:

  1. Your default model is a very specific OpenRouter route
#
  1. Configured models (2): openrouter/auto, openrouter/

That second one, openrouter/, looks wrong. It’s an incomplete model ref.

What I’d do next

Temporarily switch back to the documented safe default:

openclaw models set openrouter/auto
openclaw gateway restart

Then test again.

Also

Please check your config for any stray broken model entry like:

# 
openrouter/

and remove it if you find it.

Bottom line

  • âś… key is being read
  • ❌ something in the model config/path still looks broken

If it still fails after switching to openrouter/auto, paste:

openclaw logs --follow

and trigger one failed reply, then send the log lines right around the failure.

coarse mauve
# 
    "defaults": {
      "workspace": "/root/.openclaw/workspace",
      "models": {
        "openrouter/auto": {
          "alias": "OpenRouter"
        },
        "openrouter/": {}
      },
      "model": {
        "primary": "openrouter/qwen/qwen3-next-80b-a3b-instruct:free"
      }
    }
  },```
upbeat echoBOT
#

Yep, there it is, the broken bit is:

"openrouter/": {}

That should not be there.

Fix it like this

Use:

"agents": {
  "defaults": {
    "workspace": "/root/.openclaw/workspace",
# 
    "models": {
      "openrouter/auto": {
        "alias": "OpenRouter"
      }
    },
    "model": {
      "primary": "openrouter/auto"
    }
  }
}

What I changed

  • removed the invalid entry:
# 
  "openrouter/": {}
  • switched primary to the documented safe default:
    "openrouter/auto"

Then restart

openclaw gateway restart
openclaw models status

After it works, you can switch back to a more specific OpenRouter route if you want.
But first I’d get it working with openrouter/auto.

coarse mauve
#

no it didnt fix it

upbeat echoBOT
#

Got it. Then we’re past config guessing, we need the runtime error now.

Please do exactly this:

1. Confirm the model change actually applied

openclaw models status

I want to see whether it really switched to openrouter/auto.

2. Watch logs live

openclaw logs --follow

3. Trigger one failed reply

#

Send one test message to your bot, wait for the “couldn’t generate a response” failure, then copy the 10-20 log lines right around the failure.

That will tell us whether the issue is:

  • OpenRouter returning empty output
  • a provider error
  • a gateway/session error
  • something else entirely

Right now, the next useful thing is logs, not more config edits.

coarse mauve
#

00 error telegram/native-approvals {"subsystem":"telegram/native-approvals"} connect error: pairing required
22:09:32+00:00 error gateway connect failed: GatewayClientRequestError: pairing required
22:09:33+00:00 error gateway connect failed: GatewayClientRequestError: pairing required
22:09:33+00:00 error gateway connect failed: GatewayClientRequestError: pairing required
gateway connect failed: GatewayClientRequestError: pairing required

upbeat echoBOT
#

There we go, this is the real problem.

This is not an OpenRouter key issue.
Your Telegram side is failing with:

pairing required

So the Telegram/native-approvals client is trying to connect to the gateway, but the device/session is not approved yet.

Fix

Run:

# 
openclaw devices list

Find the pending request, then approve it:

openclaw devices approve <requestId>

Why this matters

Your log says:

telegram/native-approvals ... connect error: pairing required
#

That means the Telegram integration is blocked on device pairing/approval, so replies can fail even if the model key is fine.

If you already paired before

This can also be a scope upgrade request, so still check devices list and approve the new pending request.

Docs:
https://docs.openclaw.ai/cli/devices
https://docs.openclaw.ai/gateway/troubleshooting

If you paste the output of:

openclaw devices list

I can tell you exactly which request to approve.

coarse mauve
#

gateway connect failed: GatewayClientRequestError: pairing required

upbeat echoBOT
#

Yep, same issue, the device is still not paired/approved.

Do this exact flow:

openclaw devices list

Look for a pending request, then approve it:

openclaw devices approve <requestId>

Then try again.

If devices list shows nothing

#
  1. send one fresh message from Telegram to the bot
  2. immediately run:
    openclaw devices list
  3. approve the new pending request

Until that pairing is approved, the gateway will keep throwing:

GatewayClientRequestError: pairing required

Docs:
https://docs.openclaw.ai/cli/devices

If you paste the openclaw devices list output, I’ll point to the exact request.

coarse mauve
#

when im trying to approve pairing with gateway connect failed: GatewayClientRequestError: pairing required
i always get this gateway connect failed: GatewayClientRequestError: pairing required mesage

upbeat echoBOT
#

I think the confusion here is that there are two different pairing flows.

1. Telegram chat/user pairing

Use this if you’re approving a Telegram bot DM/chat:

openclaw pairing list telegram
openclaw pairing approve telegram <CODE>

2. Gateway device/native-approvals pairing

Use this if the log says:

telegram/native-approvals
GatewayClientRequestError: pairing required
#

Then start with:

openclaw devices list
openclaw devices approve <requestId>

Important

Run those commands on the terminal of the machine running the gateway.
Do not try to approve from the already-unpaired Telegram client itself.

Your log looks more like device/native-approvals pairing, so I would start with:

openclaw devices list
#

If even that command fails on the gateway host, paste:

openclaw gateway status

and I’ll tell you the next step.

coarse mauve
#

so basically when im trying to openclaw devices approve [requestId] I get this gateway connect failed: GatewayClientRequestError: pairing required â—‡ Direct scope access failed; using local fallback. unknown requestId

upbeat echoBOT
#

That message usually means the requestId you’re approving is not the right live one anymore.

What the error means

Direct scope access failed; using local fallback.
unknown requestId

So:

  • the gateway/device path could not use the direct scope
  • it fell back to local state
  • that requestId does not exist there

In practice, that usually means:

  • you used an old/stale requestId
  • or you’re using the wrong pairing flow
#

Do this fresh

A. Check device-pairing requests

openclaw devices list

If you see a pending request, approve that exact current ID:

openclaw devices approve <exact-current-requestId>

B. Also check Telegram chat pairing

openclaw pairing list telegram
#

If that shows a pending code, approve it with:

openclaw pairing approve telegram <CODE>

Important

  • do not use brackets literally, use the real ID/code
  • do not reuse an old requestId from earlier logs
  • requestIds can change, so always re-run devices list first

At this point, please paste these two outputs:

openclaw devices list
openclaw pairing list telegram
#

Then I can tell you exactly which command to run next.

coarse mauve
#

It shows not a code but a Request Roles Scopes Tokens IP

but not a code in there

upbeat echoBOT
#

Yep, that means you’re looking at openclaw devices list, not the Telegram pairing-code flow.

In that table:

  • Request = the requestId
  • Roles / Scopes / Tokens / IP are just details about that pending device request

So the command is:

openclaw devices approve <value-from-Request-column>

Use the exact Request value, no brackets.

Example

If the table shows:

# 
Request      Roles      Scopes      Tokens   IP
abc123xyz    operator   ...         ...      ...

run:

openclaw devices approve abc123xyz

If it still says unknown requestId

Then the request likely rotated/expired. In that case:

  1. run openclaw devices list again
  2. copy the fresh Request value
  3. approve that one immediately
#

So yes, in your case the Request column is the thing you want.

coarse mauve
#

still says gateway connect failed: GatewayClientRequestError: pairing required

upbeat echoBOT
#

Okay, at this point I need the full actual outputs, not just the error summary, because there are two different failure paths that both look like “pairing required”.

Please paste these exactly:

openclaw gateway status
openclaw devices list

If possible, also:

openclaw pairing list telegram

A very important check too:

#
  • Are you running these commands on the same machine that runs the gateway?
  • Or are you running them from another machine / panel / SSH session that is talking to the gateway remotely?

Because if you are not on the gateway host, you can keep getting:

GatewayClientRequestError: pairing required

even while trying to approve.

So next step: paste the raw outputs of those commands, and I’ll tell you exactly which path is broken.

coarse mauve
#

can i pair it myself in config or web interface instead?

upbeat echoBOT
#

Not really, not in config.

Pairing is an approval flow, not a static config key, so editing openclaw.json will not bypass it.

Web interface

Also no, the web UI does not bypass pairing checks.

The supported ways are:

1. CLI on the gateway host

openclaw devices list
openclaw devices approve <requestId>

2. Telegram /pair commands, if the device-pair plugin is installed

Then you can do it inside Telegram:

# 
/pair pending
/pair approve <requestId>

or if there is only one pending request:

/pair approve

So the short answer

  • Config: no
  • Web UI: no
  • CLI: yes
  • Telegram /pair flow: yes, if device-pair is installed
coarse mauve
#

i wrote /pair in telegram, it says Error: Gateway is only bound to loopback. Set gateway.bind=lan, enable tailscale serve, or configure plugins.entries.device-pair.config.publicUrl.

upbeat echoBOT
#

Yep, that error makes sense.

/pair needs a reachable gateway URL to hand the device a setup link/token.
Right now your gateway is loopback-only, so Telegram can’t use /pair remotely.

Your options

1. Easiest right now, recommended

Do the approval locally on the gateway host with the CLI, instead of trying to make /pair work remotely.

2. If you specifically want /pair in Telegram

You need to expose the gateway in one of these supported ways:

A. Tailscale Serve, recommended

openclaw gateway --tailscale serve
#

B. LAN bind
Set:

gateway: {
  bind: "lan"
}

C. Explicit public URL for the device-pair plugin
Configure:

plugins: {
  entries: {
    "device-pair": {
      config: {
        publicUrl: "wss://your-public-url"
coarse mauve
#

give me recommended way

upbeat echoBOT
#

Recommended way: Tailscale Serve.

Why I recommend it:

  • safer than gateway.bind=lan
  • lets you keep the gateway on loopback
  • makes remote pairing flows like /pair work properly
  • no need to expose the gateway broadly

Do this

On the machine running the gateway:

openclaw gateway --tailscale serve

Or in config:

# 
{
  gateway: {
    bind: "loopback",
    tailscale: { mode: "serve" },
  },
}

Then restart if you changed config:

openclaw gateway restart

After that, try /pair again in Telegram.

#

My ranking for your case

1. Recommended: Tailscale Serve
2. Fastest if you just want unstuck right now: approve locally with CLI
3. Least recommended: gateway.bind=lan

Docs:
https://docs.openclaw.ai/gateway/tailscale

If you want, I can give you the exact step-by-step Tailscale Serve setup next.

coarse mauve
#

i have like that

"gateway": {
    "mode": "local",
    "auth": {
      "mode": "token",
      "token": "[token]"```
upbeat echoBOT
#

Yep, that part is fine. You can keep token auth.

For the recommended Tailscale Serve setup, make your gateway section look more like this:

{
  gateway: {
    mode: "local",
    bind: "loopback",
    auth: {
      mode: "token",
      token: "your-token",
      // optional, lets Control UI / WS use Tailscale identity headers
      allowTailscale: true,
    },
    tailscale: {
# 
      mode: "serve",
    },
  },
}

Then

openclaw gateway restart

Or just run:

openclaw gateway --tailscale serve
#

Important

  • keep your token, that’s okay
  • add bind: "loopback"
  • add tailscale: { mode: "serve" }
  • don’t post the real token in chat

After that, try /pair again.

Docs:
https://docs.openclaw.ai/gateway/tailscale

If you want, I can give you the exact full gateway block ready to paste into your current config.

coarse mauve
# 
    "mode": "local",
    "auth": {
      "mode": "token",
      "token": "
"
    },
    "port": 18789,
    "bind": "loopback",
    "tailscale": {
      "mode": "off",
      "resetOnExit": false
    },```
upbeat echoBOT
#

Two things:

1. Your Tailscale setting is still off

Right now you have:

"tailscale": {
  "mode": "off",
  "resetOnExit": false
}

Change it to:

"gateway": {
# 
  "mode": "local",
  "auth": {
    "mode": "token",
    "token": "your-token",
    "allowTailscale": true
  },
  "port": 18789,
  "bind": "loopback",
  "tailscale": {
    "mode": "serve",
    "resetOnExit": false
  }
}

Then restart:

# 
openclaw gateway restart

and try /pair again.

2. Important: you posted your real gateway token publicly

That token is now compromised. Please rotate it.

openclaw config set gateway.auth.token "$(openssl rand -hex 32)"
openclaw gateway restart

Then use the new token going forward.

Docs:

coarse mauve
#

Error: Tailscale Serve is enabled, but MagicDNS could not be resolved.

upbeat echoBOT
#

That one means Tailscale Serve needs MagicDNS, and your tailnet doesn’t have it available/resolvable yet.

Recommended fix

Enable MagicDNS in the Tailscale admin console, then run again:

openclaw gateway --tailscale serve

After that, retry /pair.

If you don’t want to touch Tailscale admin settings

Then I’d stop trying to use /pair remotely for now and use the local CLI approval path instead.

So my recommendation now

Best path: enable MagicDNS, keep using Tailscale Serve
Fallback path: local CLI pairing approval on the gateway host

covert tangleBOT
coarse mauve
#

how to see a real time openclaw logs?

upbeat echoBOT
#

Yep, for real-time logs use:

openclaw logs --follow

If the gateway RPC is down, fall back to the latest file log:

tail -f "$(ls -t /tmp/openclaw/openclaw-*.log | head -1)"

Useful companions:

openclaw status --all
coarse mauve
#

Ive tried many skills, pptx, powerpoint, ive even tried to create skill myself about creating powerpoint presentations, but heres the thing my agent keep sending me message that it created presentation and did send, but he didnt, wheres the problem?

upbeat echoBOT
#

Most likely, the problem is not the chat text, it’s the actual tool execution.

What usually happens in cases like this:

  1. the model claims it created/sent the presentation
  2. but no real file-creation or send tool actually succeeded
  3. so you get a “done” message with no PPTX delivered

A skill by itself is not magic. It still depends on the agent having a real way to:

  • generate a .pptx file
  • attach/send that file through the channel

So the likely failure is one of these:

  • the model hallucinated success
  • the PPTX file was never really created
  • the file was created, but the send step failed
  • the model/tool combo you’re using is weak at tool calling
#

Please paste these next

openclaw --version
openclaw logs --follow

Then trigger one presentation request and copy the log lines around:

  • file creation
  • tool call
  • message send / attachment send

Quick rule of thumb

If the logs show no real tool call, then the agent is bluffing, not executing.

Docs:
https://docs.openclaw.ai/concepts/models

#

https://docs.openclaw.ai/help/faq

If you want, paste the skill prompt/instructions too, and I can tell you whether the skill is asking for something OpenClaw can’t actually do.

coarse mauve
#

it keep sends me that file was not created

upbeat echoBOT
#

Then that’s the problem right there, the send step is not the problem.

The problem is: no real PPTX file is being generated.

A skill can tell the agent what to do, but it does not automatically give it PowerPoint creation powers.
If the file doesn’t exist, OpenClaw has nothing to attach/send.

So the real issue is likely one of these

  • the skill is only prompting, not actually generating a .pptx
  • there is no real script/plugin/tool behind it that writes the file
  • the model is claiming success without a real file being created

Short version

Skills are instructions, not file generators.

For a presentation workflow to work, you need a real step that:

  1. creates something.pptx
#
  1. saves it to disk
  2. then sends that file

If step 1 fails, everything after it fails too.

If you want, paste the skill you made, and I’ll tell you very quickly whether it can actually create a PowerPoint file or if it’s just describing one.