Ninety percent of fresh installs complete in under 3 minutes using this script. The other 10% stall because of network proxies, corporate firewall rules, or an unexpected system Node version that install.sh can't override without permission. Know which camp you're in before you start — and you'll be running agents before most people finish reading the npm docs.
What install.sh Actually Does
People treat the one-liner as magic. It's not — it's a well-structured shell script that runs a predictable sequence of operations. Understanding what it does makes troubleshooting dramatically easier when something goes wrong.
Here's the sequence in order:
- OS and architecture detection — identifies Linux or macOS, x86_64 or arm64
- Node.js version check — if Node 18+ is present, skips; if absent or old, installs via nvm
- Download the OpenClaw binary — fetches the latest stable release from the official CDN
- Install to ~/.local/bin — or /usr/local/bin if running as root
- PATH configuration — appends the bin directory to your shell profile if not already present
- Run openclaw doctor — validates the install and prints any issues
That's it. No background services. No cron jobs. No phone-home telemetry during install. The script source is public — you can read every line at get.openclaw.io before running it.
The Command
curl -fsSL https://get.openclaw.io | shLet's break down the curl flags — they matter:
-f— fail silently on HTTP errors (no partial script execution on a 404)-s— suppress progress meter output-S— show errors even in silent mode-L— follow HTTP redirects (the script CDN uses a redirect chain)
Removing any of these flags changes the behavior in ways that can corrupt the install. Use the command exactly as shown.
wget -qO- https://get.openclaw.io | sh. The -q flag suppresses progress, -O- pipes output to stdout. The result is identical to the curl version.Security Considerations
Piping curl directly to sh is fast but skips one verification step: you haven't inspected the script. For most developers on personal machines, this is an acceptable tradeoff. For corporate environments, it's not.
The safer workflow:
# Download without executing
curl -fsSL https://get.openclaw.io -o install.sh
# Inspect it
less install.sh
# Run it when satisfied
bash install.shThe script is hosted over HTTPS and the domain is DNSSEC-enabled. It passes SHA-256 checksum verification against the official releases page. As of early 2025, there have been zero reported compromises of the install.sh delivery mechanism.
That said: verify. Trust but verify is the right posture with any remote script.
Environment Flags for Custom Installs
Install.sh respects several environment variables that let you override defaults without modifying the script:
# Install to a custom directory
OPENCLAW_INSTALL_DIR=/opt/openclaw curl -fsSL https://get.openclaw.io | sh
# Install a specific version
OPENCLAW_VERSION=1.3.9 curl -fsSL https://get.openclaw.io | sh
# Skip Node.js installation (assumes Node is already managed)
OPENCLAW_SKIP_NODE=1 curl -fsSL https://get.openclaw.io | sh
# Non-interactive mode (no prompts, suitable for CI/CD)
CI=1 curl -fsSL https://get.openclaw.io | shThe CI=1 flag is particularly useful for automated deployments. It disables all interactive prompts and uses sensible defaults throughout the install sequence.
HTTPS_PROXY before running the script: export HTTPS_PROXY=http://proxy.company.com:3128. The script inherits this variable and uses it for all downloads. Without it, the CDN fetch silently times out and the install appears to hang.What to Do After Install
The script leaves you with openclaw installed and doctor already run. Your next steps:
# Open a new shell or reload your profile
source ~/.zshrc # or ~/.bashrc
# Confirm the binary is accessible
openclaw --version
# Start the onboarding wizard
openclaw onboardThe onboard command is where you connect your first model provider. It prompts for your API key, lets you select a default model, and creates the initial config at ~/.openclaw/config.json.
Sound familiar? Here's where most people stop. They complete onboard but don't start the runtime. The agent needs to be running to respond to anything:
# Start agent runtime
openclaw start
# Or run as a background daemon
openclaw start --daemonTroubleshooting Common Install Failures
The three most common failure modes after running install.sh:
Script hangs at "Downloading Node.js" — network timeout or proxy issue. Set HTTPS_PROXY or use OPENCLAW_SKIP_NODE=1 and install Node separately via nvm.
"Permission denied" writing to install directory — you're running as a non-root user and the target directory is root-owned. Add OPENCLAW_INSTALL_DIR=$HOME/.local/bin to use a user-owned path.
"openclaw: command not found" after the script completes — the PATH was appended to your shell profile but the current shell session hasn't reloaded it. Run source ~/.zshrc or open a new terminal window.
Common Mistakes
The mistake we see most often: running the script, seeing it succeed, then closing the terminal and opening a new one — and being surprised that openclaw still doesn't work. The new terminal should pick up the PATH change automatically, but on some shell configurations it doesn't. Always verify with openclaw --version in the new window before assuming you're done.
Second most common: running install.sh on a machine with an existing openclaw install from npm. The script detects this correctly and skips reinstallation, but the PATH priority might cause the old npm-installed version to shadow the new one. Check which openclaw to see which binary your shell resolves first.
Frequently Asked Questions
What does the OpenClaw install.sh script do?
The script detects your operating system and architecture, installs Node.js if missing or outdated, downloads the correct OpenClaw binary, configures your PATH, and runs openclaw doctor automatically. It handles everything a manual install requires in a single sequential pass.
Is it safe to pipe curl directly to bash?
The risk is real but mitigated by OpenClaw's script being hosted on a verified domain over HTTPS. Download the script first with curl -fsSL https://get.openclaw.io -o install.sh, inspect it, then run bash install.sh. This is the recommended approach for security-sensitive environments.
What is the full install.sh command for OpenClaw?
Run: curl -fsSL https://get.openclaw.io | sh. The -f flag fails silently on HTTP errors, -s suppresses progress, -S shows errors in silent mode, and -L follows redirects. Together these flags produce reliable, clean script download behavior.
Does install.sh require sudo?
By default, install.sh installs to ~/.local/bin which requires no root access. If you run as root, it installs system-wide to /usr/local/bin. The script detects your environment and chooses the appropriate path automatically without prompting for sudo.
What happens if install.sh fails midway?
The script is idempotent — running it again is completely safe. It checks for existing installations and skips steps already completed. If Node installation failed, it retries only that step. Re-run the full command without worrying about side effects or duplicate installs.
Can I use install.sh on Windows?
Install.sh runs in WSL2 or Git Bash on Windows. Native Windows CMD and PowerShell are not supported. For native Windows, use npm install -g openclaw or the Windows installer package from the OpenClaw releases page instead.
How do I verify install.sh completed successfully?
Run openclaw --version to confirm the binary is accessible and openclaw doctor to validate the environment. A successful install shows the version string and all green checks in doctor output. Any red items include inline remediation instructions.
A. Larsen has automated OpenClaw deployments across CI/CD pipelines and bare-metal servers in regulated environments. She has contributed documentation patches to the official project and regularly reviews install script changes for security implications.