什么是 OpenClaw？

OpenClaw 是一款开源 AI 执行助手，可连接您的工具（电子邮件、日历、Slack 等）并自动化工作流。它专为希望 AI 真正工作而不仅仅回答问题的团队而构建。

我需要技术知识吗？

完全不需要。这正是 SetupOpenClaw 的意义所在——我们处理每一个技术细节。您只需告诉我们您希望 AI 助手做什么。

可以远程设置吗？

可以。我们的托管设置和 Mac Mini 远程层级完全支持远程。我们可以为英国（以及全球）任何地方的团队部署。只有 Mac Mini 现场层级需要在利兹和西约克郡附近。

这与 OpenAI 的收购有关吗？

没有。OpenClaw 是一个独立的开源项目。它使用各种 AI 模型，不归 OpenAI 所有或与其有关联。

我可以自己设置 OpenClaw 吗？

当然可以——它是开源的。但大多数团队发现安全加固、集成配置和持续维护所花的时间远超预期。我们可以在几小时内以企业级安全标准完成。

如果出了问题怎么办？

在 14 天超级护理期内，我们会积极监控并修复任何问题。之后，我们提供支持套餐。此外，每次安装都包括审计跟踪和监控。

我需要什么基础设施？

托管设置：不需要——我们部署到云 VPS（约 £5-10/月）。Mac Mini 层级：一台 Mac Mini（约 £500）。我们处理所有软件配置。

可以有多个代理吗？

可以。每个额外代理 £350。团队通常为不同部门或工作流运行单独的代理。

我的数据安全吗？

安全。我们使用 Docker 沙箱、Composio 中间件、OAuth 令牌管理、审计跟踪和只读默认设置。您的数据保留在您的基础设施上——我们从不存储。

持续维护怎么样？

OpenClaw 设置后需要的维护很少。我们提供常见任务的文档。如需无忧运行，请咨询我们的维护套餐。

What is the most important file in an OpenClaw workspace?

SOUL.md is the foundational file. It defines the agent’s core identity, values, communication style, and behavioural boundaries. Every other workspace file builds on the personality and constraints established in SOUL.md. Without it, the agent has no consistent character or guardrails.

How long does it take to configure all 8 workspace files?

A complete workspace configuration typically takes 4–8 hours for a DIY setup, covering SOUL.md, IDENTITY.md, AGENTS.md, USER.md, TOOLS.md, MEMORY.md, HEARTBEAT.md, and BOOT.md. With SetupClaw’s managed service, configuration is completed during the same-day deployment as part of the setup package.

Can I configure workspace files myself without SetupClaw?

Yes — all workspace files are standard markdown that you can edit in any text editor. Our documentation covers every field across all 8 files. SetupClaw’s managed service is for teams who want expert configuration, security hardening, and 14-day hypercare included.

OpenClaw TOOLS.md Configuration: Tool Rules, Environment Config & Constraints

此文件控制什么

TOOLS.md 管理你的智能体在技术上能做什么——它可以调用哪些外部工具和 API、在什么条件下调用、以及有什么约束。没有 TOOLS.md，拥有工具访问权限的智能体会通过随机调用烧掉 API 配额、访问不应该看到的数据，或者在没有安全措施的情况下尝试可能产生现实后果的操作。

运行时在 AGENTS.md 之后加载 TOOLS.md，并用它来构建工具权限层。将其视为安全策略：AGENTS.md 定义智能体应该做什么；TOOLS.md 定义它在技术上被允许做什么。这两个文件之间的差距就是你的攻击面。

安全优先的配置原则是：从零访问权限开始，只添加 AGENTS.md 所需的权限。每个工具权限都应该由 AGENTS.md 中的特定步骤来证明其合理性。如果某个工具未在任何 AGENTS.md 步骤中引用，它就不应出现在 TOOLS.md 中。这种零访问基线可以防止随着智能体范围扩展而出现的能力蔓延。

为什么重要： Without TOOLS.md, agents burn through API quotas with random invocations.

逐字段详解

定义智能体行为的 4 个字段

toolRules必填

When and why each tool should be invoked.

toolRules: "e.g. Only call search API when user asks a factual question..."

envConfig可选

Environment variables and configuration the tools depend on.

envConfig: "e.g. API_KEY stored in .env, rate limit: 100/hour..."

toolConstraints必填

Hard limits on tool usage to prevent misuse.

toolConstraints: "e.g. Max 3 API calls per turn, no writes to production DB..."

fileConventions可选

File naming and storage conventions tools must follow.

fileConventions: "e.g. Logs go to /tmp/agent-logs/, use ISO 8601 dates..."

实际配置示例

FinleyManchester · 8 人 · 会计事务所

## toolRules
- Use GOV.UK search only for HMRC guidance and legislation lookups
- Use the client database in read-only mode for matter references
- Use Slack API for posting research summaries to #tax-queries only
- Never call any tool without a clear connection to the current research query

## envConfig
- GOV_UK_API: configured via environment variable (never hardcode)
- CLIENT_DB: read-only connection string via .env
- SLACK_BOT_TOKEN: scoped to #tax-queries channel only

## toolConstraints
- Maximum 5 GOV.UK API calls per query to prevent rate limiting
- Client database: SELECT queries only, no INSERT/UPDATE/DELETE
- Never expose raw API responses to users — always summarise
- No access to client financial records (UTRs, bank details, NI numbers)

## fileConventions
- Research outputs saved to /research/[client-ref]/[date]-[topic].md
- Use ISO 8601 dates in all filenames
- Never include client PII in filenames

常见错误

在没有 TOOLS.md 的情况下使用完整工具权限

拥有工具访问权限但没有 TOOLS.md 的智能体具有不受限制的能力。它们会随意调用每个可用工具，烧掉配额并可能访问敏感数据。务必定义明确的工具规则。

在 envConfig 中放入实际 API 密钥

envConfig 应该引用环境变量名，而不是实际的密钥。硬编码在 TOOLS.md 中的密钥会出现在版本控制、日志中，甚至可能出现在智能体的对话输出中。

toolConstraints 与 AGENTS.md 的任务要求冲突

如果 AGENTS.md 要求智能体更新客户记录，但 TOOLS.md 将数据库限制为只读，智能体会静默失败或自行发明变通方法。两个文件需要一起审计。

对写入文件的智能体未设置 fileConventions

没有约定时，智能体会创建名称不一致、位置不可预测、没有日期标记的文件。这使得输出无法查找和审计。

SetupClaw 如何处理

安全是起点。我们的部署专家会对照 AGENTS.md 的任务范围审计每项工具能力，应用最小权限默认配置。只有 AGENTS.md 特定步骤所需的工具才会被启用，约束条件根据你的数据敏感性要求进行校准。

£770

TOOLS 与 AGENTS 范围的安全审计 + 最小权限配置 + 22 项安全检查清单

£1,100

以上全部 + 分阶段能力发布的工具沙箱 + 预发布/生产环境分离

£2,200

以上全部 + 环境特定配置 + 自动化安全回归测试

全部 4 个字段已配置，采用安全优先的默认值
22 项安全审计已完成并记录在案
工具权限已对照 AGENTS.md 步骤进行论证
环境变量已记录（无硬编码密钥）
所有智能体输出的文件命名约定已建立

安全审计和配置在第 1-2 天完成。沙箱化发布在第 5 天完成（Standard+）。

进阶主题

分阶段能力发布的工具沙箱

不要一次性启用所有工具，而是使用分阶段发布模式。从只读访问开始，监控一周，然后逐步启用写入能力。TOOLS.md 支持 sandboxed 字段，该字段将工具访问限制在预发布环境中，直到明确提升到生产环境。

## toolConstraints
- PHASE 1 (week 1-2): Read-only access to Shopify, Slack monitoring only
- PHASE 2 (week 3-4): Add Slack posting to #customer-support
- PHASE 3 (month 2+): Add carrier tracking API access
- ROLLBACK: If error rate exceeds 5%, revert to previous phase

配置示例

Persona A — Meridian首席参谋

# TOOLS.md -- Tool Rules

## toolRules
- Confirm attendees before scheduling any calendar event
- Use approved templates for all external communications
- Notion: read and update project boards; never delete pages
- Gmail: draft emails for review; never send without confirmation

## envConfig
- Notion API, Slack API, Gmail API, Google Calendar API
- All keys configured via environment variables

## toolConstraints
- No external emails without draft review by the principal
- No public document creation without explicit approval
- Calendar: read all; create/modify only for the principal’s calendar

## fileConventions
- Meeting notes: /meetings/[date]-[topic].md
- Action plans: /actions/[date]-[initiative].md
- Status reports: /reports/[week]-status.md

Persona B — Axiom (增长黑客)

# TOOLS.md -- Tool Rules

## toolRules
- Date-range bounds on all analytics queries (max 90 days)
- Use Python for statistical analysis and significance testing
- Mixpanel for funnel analysis; PostgreSQL for cohort queries
- Google/Meta Ads: read-only access for campaign performance data

## envConfig
- Mixpanel API, PostgreSQL (read-only), Google Ads API, Meta Ads API
- All keys configured via environment variables

## toolConstraints
- No modifying live experiments or ad campaigns
- No production PII access — use anonymised datasets only
- Maximum 20 analytics queries per session
- No budget allocation changes without escalation

## fileConventions
- Experiment briefs: /experiments/[date]-[hypothesis].md
- Post-mortems: /experiments/[date]-[hypothesis]-results.md
- Growth playbook updates: /playbook/[topic].md

Persona C — Lumen (科研人员)

# TOOLS.md -- Tool Rules

## toolRules
- Publication date filters on all database searches (default: last 5 years)
- Cross-reference at least 2 sources before including in synthesis
- PubMed for biomedical literature; Google Scholar for broader search
- Zotero for citation management and bibliography generation

## envConfig
- PubMed API, Google Scholar API, Zotero API
- All keys configured via environment variables

## toolConstraints
- No summarising abstracts as if they were full papers
- Flag all preprints and non-peer-reviewed sources explicitly
- Maximum 25 search queries per research session
- Never cache full-text articles locally

## fileConventions
- Literature reviews: /research/[topic]/[date]-review.md
- Evidence tables: /research/[topic]/[date]-evidence.md
- Bibliographies: /research/[topic]/bibliography.bib

Persona D — Narrative (内容创作者)

# TOOLS.md -- Tool Rules

## toolRules
- SEO tools (Ahrefs) for keyword research and intent analysis only
- Match posting times to platform-specific engagement windows
- WordPress for content management; Buffer for social scheduling
- ConvertKit for email list management; GA4 for performance tracking

## envConfig
- WordPress API, Ahrefs API, Buffer API, ConvertKit API, GA4 API
- All keys configured via environment variables

## toolConstraints
- No direct publishing to any platform — always draft and queue
- No auto-send emails without human review
- No competitor names in content without legal review
- Maximum 10 SEO tool queries per content piece

## fileConventions
- Content briefs: /content/briefs/[date]-[slug].md
- Drafts: /content/drafts/[date]-[slug].md
- Performance reports: /content/reports/[month]-performance.md

Persona E — Architect (首席工程师)

# TOOLS.md -- Tool Rules

## toolRules
- Run linter before executing any code changes
- Test on staging environment before any migration
- GitHub for code review and PR management
- Datadog for monitoring and alerting; AWS EKS for deployment status

## envConfig
- GitHub API, GitHub Actions, ArgoCD, AWS EKS, Datadog API
- All keys configured via environment variables

## toolConstraints
- No direct push to main branch — all changes via pull request
- No database migrations without a documented rollback plan
- No access to production secrets or credentials
- Maximum 5 deployment actions per session

## fileConventions
- ADRs: /docs/adr/[number]-[title].md
- Incident reports: /incidents/[date]-[severity]-[title].md
- Design docs: /docs/design/[date]-[feature].md

TOOLS.md — How & when to use tools