# Agentic Access
Source: https://docs.coral.inc/developers/agentic-access
Connect AI tools to Coral documentation via MCP, llms.txt, or Markdown content negotiation
Coral documentation is designed for both humans and AI agents. Every page is available as clean Markdown, and the full docs are indexed for AI consumption automatically.
## MCP Server
Coral hosts an MCP (Model Context Protocol) server that AI tools can query to search the documentation.
**Endpoint:** `https://docs.coral.inc/mcp`
```bash Claude Code theme={null}
claude mcp add --transport http coral-docs https://docs.coral.inc/mcp
```
```json Cursor (mcp.json) theme={null}
{
"mcpServers": {
"coral-docs": {
"url": "https://docs.coral.inc/mcp"
}
}
}
```
```json VS Code (.vscode/mcp.json) theme={null}
{
"servers": {
"coral-docs": {
"type": "http",
"url": "https://docs.coral.inc/mcp"
}
}
}
```
## llms.txt
Coral provides standard [llms.txt](https://llmstxt.org/) files — a structured index of documentation designed for LLM consumption.
| Endpoint | Description |
| -------------------------------------------------------- | ---------------------------------------------------- |
| [`/llms.txt`](https://docs.coral.inc/llms.txt) | Index of all pages with descriptions and links |
| [`/llms-full.txt`](https://docs.coral.inc/llms-full.txt) | Full content of every page in a single Markdown file |
Use `/llms.txt` when you need a quick overview or want to find the right page. Use `/llms-full.txt` when you need the complete documentation in one request.
## Markdown content negotiation
Any documentation page can be fetched as clean Markdown by sending an `Accept: text/markdown` header. This strips all HTML, styling, and JavaScript — reducing token usage by \~30x compared to the rendered page.
```bash theme={null}
curl -H "Accept: text/markdown" https://docs.coral.inc/features/chat
```
All page responses include discovery headers:
```
Link: ; rel="llms-txt", ; rel="llms-full-txt"
X-Llms-Txt: /llms.txt
```
# App Hosting
Source: https://docs.coral.inc/features/app-hosting
Publish and host web applications from your sandbox
Your assistant can build and publish web applications directly from your sandbox. Published apps get a public URL accessible through your Coral dashboard — no separate hosting needed.
## How it works
1. Ask your assistant to build a web app (e.g., "Build me a CRM to track my leads").
2. The assistant writes the code, starts a server, and calls the `publish_app` tool.
3. Coral registers the app and provides a public URL.
4. Access the app through the link — authenticated with your Coral session.
## What you can build
Apps run inside your sandbox with full access to its filesystem. Common examples:
* **CRM / contact trackers** — Manage leads, contacts, and sales pipelines
* **Dashboards** — Visualize data from files or APIs
* **Project management tools** — Kanban boards, task trackers
* **Internal tools** — Custom calculators, data entry forms, admin panels
* **Personal utilities** — Habit trackers, bookmark managers, note-taking apps
## Managing published apps
Published apps are managed from the **Settings** page under **Published Apps**. Each app card shows its name, port, status (running/stopped), and URL.
### Custom subdomains
Each published app can be assigned a custom subdomain, giving it a clean URL like:
```
https://my-crm.coral.inc
```
Set the subdomain from the app card in Settings. Subdomain availability is first-come, first-served.
### Visibility settings
Control who can access your published app:
* **Public** — Anyone with the link can access the app (still requires Coral authentication).
* **Invite only** — Only users you explicitly grant access can open the app.
Toggle visibility from the app card in Settings.
### Access control
For invite-only apps, manage access by email:
1. Open the app card in **Settings** > **Published Apps**.
2. Add email addresses of users you want to grant access.
3. Granted users can access the app when signed in to Coral.
Remove access at any time by clicking the remove button next to an email.
## Technical details
### Recommended stack
Your sandbox has limited resources, so lightweight frameworks work best:
* **Backend**: Express.js (\~30 MB RAM)
* **Database**: sql.js (pure WebAssembly SQLite — zero native dependencies)
* **Frontend**: Vanilla HTML/CSS/JS or Alpine.js
Avoid heavy frameworks like Next.js or React dev servers — they consume too much memory for the sandbox environment. Use vanilla HTML served by Express instead.
### Constraints
* **Maximum 5 apps** per sandbox
* **Ports 3000–9999** available for app servers (ports 18789–18799 are reserved)
* **Bind to `127.0.0.1`** only (not `0.0.0.0`)
* **Use relative paths** in HTML (`./api/data`, not `/api/data`)
* **Data persistence**: Store data in `/data/apps/{slug}/` — the workspace directory doesn't survive restarts
### How the proxy works
Published apps are served through Coral's authenticated proxy at:
```
https://app.coral.inc/api/apps/{app-id}/
```
All requests are authenticated with your Coral session cookie. The proxy forwards requests to your sandbox's local server. JavaScript in the browser can only make requests to relative URLs (enforced by Content Security Policy).
# Backups & Restore
Source: https://docs.coral.inc/features/backups
How automatic backups work and how to restore your assistant
Coral automatically backs up your sandbox so you can recover from mistakes or roll back to a previous state. You can also create manual backups at any time.
## Automatic backups
Coral runs a two-tier backup strategy for every active sandbox:
| Tier | Frequency | Retention | Purpose |
| ----------- | ------------- | ------------------------------------ | --------------------------------------- |
| **Rolling** | Every 4 hours | Latest only (overwritten each cycle) | Quick recovery from recent issues |
| **Daily** | Once per day | Kept for 3 days | Protection against longer-term problems |
Backups are encrypted with a per-user key and stored securely. They capture your full OpenClaw configuration, conversation history, and installed tools.
Automatic backups only run while your sandbox is active. If your sandbox is paused, no new backups are created, but existing backups are retained.
## Creating a manual backup
1. Go to the **Settings** page.
2. Scroll to the **Backup & Restore** section.
3. Click **"Create Backup"**.
The backup runs in the background and typically completes in under a minute. Once finished, it appears in the backup list below.
![Coral settings page showing backup section]()
## Restoring from a backup
1. Go to the **Settings** page.
2. Scroll to the **Backup & Restore** section.
3. Find the backup you want to restore and click **"Restore"**.
4. Confirm the restore action.
Restoring replaces your current sandbox state with the backup contents. Any changes made after the backup was taken will be lost. Consider creating a fresh backup before restoring if you want to preserve the current state.
The restore process takes 1-2 minutes. Your sandbox will be temporarily unavailable during the restore.
## What's included in a backup
* OpenClaw configuration (`~/.openclaw/openclaw.json`)
* Conversation history and session data
* Installed tools and skills
* Custom files and scripts in your sandbox
## What's not included
* The sandbox operating system and base packages (these are rebuilt from the standard image on restore)
* Temporary files in `/tmp`
* Running process state (your assistant restarts fresh after a restore)
# Bring Your Own Key
Source: https://docs.coral.inc/features/bring-your-own-key
Use your own API keys or ChatGPT/Codex subscription with Coral
By default, Coral provides system-managed API keys so you can start chatting immediately. If you prefer to use your own credentials, Coral supports **Bring Your Own Key (BYOK)** with several providers, including a **Codex OAuth** option for ChatGPT subscribers.
## Supported providers
| Provider | Auth method | What you need |
| ------------------ | ------------- | -------------------------------------------------------------------------------- |
| **Anthropic** | API key | An Anthropic API key from [console.anthropic.com](https://console.anthropic.com) |
| **OpenAI** | API key | An OpenAI API key from [platform.openai.com](https://platform.openai.com) |
| **OpenAI (Codex)** | OAuth sign-in | A ChatGPT Plus, Pro, or Team subscription |
| **Google** | API key | A Gemini API key from [aistudio.google.com](https://aistudio.google.com) |
| **OpenRouter** | API key | An OpenRouter API key from [openrouter.ai](https://openrouter.ai) |
## Setting up BYOK
### During onboarding
1. On the setup wizard, select **"Bring your own key"**.
2. Choose your provider.
3. Enter your API key, or click **"Sign in with Codex"** for the OAuth flow.
4. Complete the rest of the wizard and launch your sandbox.
### After onboarding
1. Go to **Settings** > **API Keys**.
2. Select a provider and enter your key (or use Codex OAuth).
3. Click **Save**. The change takes effect immediately.
## Codex OAuth (ChatGPT sign-in)
If you have a ChatGPT Plus, Pro, or Team subscription, you can sign in with your OpenAI account instead of providing an API key. This uses the same authentication that the Codex CLI uses.
**How it works:**
1. Click **"Sign in with Codex"** in the provider setup.
2. A popup opens to OpenAI's login page.
3. Authorize Coral to use your ChatGPT subscription.
4. Copy the callback URL from your browser's address bar and paste it back into Coral.
5. Coral exchanges the authorization code for access tokens using PKCE (Proof Key for Code Exchange).
Once connected, your assistant uses models available through your ChatGPT subscription (e.g., GPT-5.2 Codex, GPT-5.3 Codex) and requests are billed through your OpenAI subscription — not Coral credits.
Codex OAuth tokens refresh automatically. You don't need to re-authenticate unless you revoke access from your OpenAI account.
## Coral fallback
When using BYOK or Codex, you can enable **Coral fallback** — an automatic safety net that kicks in when your own API key fails (rate limits, quota exceeded, or provider errors).
**How it works:**
* Toggle **"Enable Coral fallback"** in **Settings** > **API Keys** after saving your credentials.
* When your primary key works, requests go directly to your provider at no Coral credit cost.
* When your primary key fails, the request automatically retries using Coral's system-managed keys.
* Only fallback requests consume Coral credits. Successful BYOK requests are free from Coral's perspective.
Coral fallback requires an active Coral subscription with remaining credits. If your credits are exhausted, fallback requests will also fail.
## How BYOK affects billing
* **BYOK requests** — Billed by your AI provider directly. No Coral credits consumed.
* **Fallback requests** — Billed against your Coral credit balance (same rates as system-managed keys).
* **Coral-managed keys** (default) — All requests consume Coral credits.
See [Billing & Credits](/getting-started/billing) for credit rates by model tier.
# Chat
Source: https://docs.coral.inc/features/chat
Send messages, attach images, and interact with your AI assistant
The chat page is the primary way to interact with your AI assistant. Open it from the **Chat** tab in the Coral dashboard.
![Coral chat page]()
## Sending messages
Type your message in the text box at the bottom and press **Enter** to send. Use **Shift+Enter** to insert a newline without sending.
Your assistant's response streams in real-time — you'll see text appear as it's generated.
## Attaching images
You can send images alongside your message for the assistant to analyze. Supported formats: JPEG, PNG, GIF, WebP, and SVG.
Three ways to attach:
1. **Paperclip icon** — Click the attachment button in the input area to open the file picker.
2. **Drag and drop** — Drag image files onto the input area. A "Drop files here" overlay appears.
3. **Clipboard paste** — Copy an image and press **Cmd+V** (Mac) or **Ctrl+V** (Windows/Linux).
Attached images appear as thumbnail chips above the input. Click the **X** on any chip to remove it before sending.
## Thinking indicator
When you send a message, a pulsing **brain icon** with "Thinking..." appears while your assistant processes your request. This indicator disappears automatically once the response starts streaming.
## Tool calls
Your assistant can invoke tools during a conversation — web search, code execution, file operations, and more. When it does, you'll see inline tool call cards in the response:
* **Spinner icon** — Tool call in progress
* **Checkmark icon** — Tool call completed
Click any tool call card to open a detail modal showing the full input and output. The modal includes a **Source / Rendered** toggle to switch between the raw JSON and a formatted view.
## Quick start prompts
When the chat is empty, four suggested prompt buttons appear below the greeting. These correspond to the pre-built [Use Cases](/features/use-cases) and give you a one-click way to start a guided workflow. Clicking one pre-fills the input — press Enter to send.
## Credit usage
Each message shows an estimated credit cost, calculated from the tokens used. This helps you monitor usage as you chat. Your overall credit balance is visible in the **Settings** page under **Usage & Billing**.
A yellow warning bar appears when you've used 80% of your plan's credits for the period. If credits are fully exhausted, a red bar appears and new messages are blocked until credits reset or you [buy more](/getting-started/billing#buying-more-credits).
## Computer Panel
The chat page includes a collapsible **Computer Panel** on the right side that gives you live access to your sandbox environment without leaving the conversation. The panel has multiple tabs:
* **Desktop** — Live VNC view of your sandbox's graphical desktop
* **Files** — Browse files in your sandbox
* **Terminal** — Command-line access
* **Control** — Quick access to the OpenClaw Control Panel
Drag the divider between chat and the Computer Panel to resize. On smaller screens, the panel overlays the chat.
The Desktop tab requires VNC to be running in your sandbox. See [Remote Desktop](/features/remote-desktop) for details.
## New session
Click the **New Session** button (or the icon in the header) to start a fresh conversation. A confirmation dialog appears since this clears your current chat history from the view. Your full message history is preserved in your sandbox and accessible via the [Control UI](/features/control-ui).
## Stopping generation
While the assistant is streaming a response, a **"Stop generating"** button appears above the input. Click it to abort the current response.
## Message history
Your conversation history loads automatically when you open the chat page. Messages persist across sessions in your sandbox — close the tab and come back later, and your history is still there.
## Offline states
If your sandbox isn't running, the chat page shows a status message instead of the input:
* **No instance set up** — Links to the onboarding page to create your sandbox.
* **Instance paused** — Links to the Integrations page to resume.
* **Setting up / Resuming** — Shows a loading animation while your sandbox starts.
# Control UI
Source: https://docs.coral.inc/features/control-ui
Access the full OpenClaw dashboard to manage your assistant
The Control UI is OpenClaw's built-in web dashboard. It gives you full control over your assistant's configuration, conversation history, tools, and more.
## Opening the Control UI
You can open the Control UI from two places:
1. **Integrations page** — Click **"Open OpenClaw Control Panel"** at the top of the page.
2. **Settings page** — Scroll to the **Control Panel** section and click the button.
The Control UI opens in a new browser tab. It connects to your sandbox over a secure WebSocket — your credentials are never exposed to the browser.
![Coral integrations page]()
## What you can do
The Control UI provides access to the full range of OpenClaw features:
* **Conversations** — Browse and search your chat history across all connected channels.
* **Tools** — View and configure the tools available to your assistant (web search, code execution, file operations, etc.).
* **Skills** — Install and manage skill packages that give your assistant domain-specific capabilities.
* **Providers** — View your configured AI providers and model settings.
* **Settings** — Adjust assistant behavior, system prompts, and advanced gateway configuration.
The Control UI connects directly to your OpenClaw gateway. Changes you make here take effect immediately — there's no separate deploy or restart step.
## Reconnection
If your browser tab loses connection (e.g., your laptop goes to sleep), the Control UI automatically reconnects. The connection ticket is valid for 30 minutes, so brief interruptions are handled seamlessly.
If the ticket expires, close the tab and re-open the Control UI from the Coral dashboard to get a fresh connection.
# Environment Variables
Source: https://docs.coral.inc/features/environment-variables
Configure key-value environment variables for your assistant and skills
Environment variables let you pass configuration values and API keys to your OpenClaw instance and its skills. They're managed from the **Settings** page.
![Coral settings page]()
## Adding a variable
1. Go to the **Settings** page.
2. Scroll to the **Environment Variables** section.
3. Click **"Add Variable"**.
4. Enter the key name in `UPPER_SNAKE_CASE` (e.g., `BRAVE_API_KEY`).
5. Enter the value in the password field.
6. Click **Save**.
Key names must contain only uppercase letters, digits, and underscores, and must start with a letter or underscore.
## Editing and deleting
* Click on an existing variable's value field to edit it.
* Click the **trash icon** on any row to remove it.
* Click **Save** to apply all changes at once.
## Redacted values
Existing secrets appear as masked placeholders (`••••••••`) for security. The actual value is stored in your sandbox config. If you need to change a value, clear the field and enter the new one. If you leave a redacted value unchanged, the original secret is preserved.
## Gateway restart
When you save environment variable changes, the OpenClaw gateway restarts automatically to pick up the new values. This is typically instant.
If you have an active chat session, the WebSocket will briefly reconnect after the restart. This is expected.
## Common environment variables
These are frequently used by skills and use case workflows:
| Variable | Used by | Purpose |
| ------------------- | ---------------------- | ------------------------------------- |
| `BRAVE_API_KEY` | Brave Search skill | Web search capability |
| `OPENAI_API_KEY` | Whisper, DALL-E skills | Audio transcription, image generation |
| `NOTION_API_KEY` | Notion skill | Read/write Notion pages and databases |
| `TODOIST_API_TOKEN` | Todoist workflows | Task management integration |
## Relationship to skills
Many [skills](/features/skills) check for specific environment variables. When a skill shows "Needs Setup" on the Integrations page, you can set the required key either:
* **Inline on the skill card** — Fastest for a single key
* **Here in Environment Variables** — Better for managing multiple keys at once
Both approaches store the key in the same place — your sandbox's OpenClaw config.
# Image Generation
Source: https://docs.coral.inc/features/image-generation
Generate and edit images with AI
Your assistant can generate images from text descriptions and edit existing images using Google's Gemini image models.
## Available models
| Model | Strength | Best for |
| ----------------------------------- | --------------------- | ------------------------------------ |
| **Gemini 3.1 Flash** (Nanobanana 2) | Fast, general-purpose | Quick drafts, iterative exploration |
| **Gemini 3 Pro** (Nanobanana Pro) | Highest quality | Final assets, detailed illustrations |
## Generating images
Ask your assistant to create an image by describing what you want:
* *"Generate a photorealistic golden retriever sitting in a park"*
* *"Create a minimalist logo for a coffee shop called 'Brew'"*
* *"Draw a technical diagram of a microservices architecture"*
You can specify aspect ratio and detail level:
* *"Generate a 16:9 banner image of a mountain landscape at sunset"*
* *"Create a square icon for a mobile app"*
### Supported aspect ratios
`1:1` · `3:4` · `4:3` · `9:16` · `16:9` · `3:2` · `2:3` · `4:5` · `5:4` · `21:9`
## Editing images
You can also ask your assistant to modify existing images:
* *"Remove the background from this image"*
* *"Change the sky to a sunset in this photo"*
* *"Add a watermark to the bottom-right corner"*
Attach the image to your message or reference one the assistant previously generated.
## Credits
Image generation uses credits from your Coral plan, same as text model requests. The cost varies by model and image size.
Start with the Flash model for quick iterations, then switch to Pro for the final version to conserve credits.
# Integrations
Source: https://docs.coral.inc/features/integrations
Connect your AI assistant to Discord, WhatsApp, and more
Coral lets you connect your OpenClaw assistant to messaging platforms and productivity tools so you can interact with it wherever you work.
## Messaging
Add your assistant as a Discord bot in your server.
Chat with your assistant through WhatsApp.
Connect your assistant to a Slack workspace.
Use your assistant via Telegram.
## App Integrations
Coral integrates with **500+ apps**, giving your assistant the ability to read and write data across your favorite tools.
Gmail, Calendar, Docs, Sheets, Slides, Drive, Tasks, Maps, Analytics, Meet.
Teams, Outlook, OneDrive, SharePoint, Excel.
GitHub, GitLab, Bitbucket, Asana, Linear, Trello, ClickUp, Confluence, Sentry.
HubSpot, Salesforce, Attio, Intercom, Zendesk.
Notion, Airtable, Zoom, Dropbox, Figma, Slack, Monday, Todoist, Calendly, Miro, Canva.
Stripe, Square, QuickBooks, Xero, FreshBooks.
## Setting up an integration
1. Go to the **Integrations** page in your Coral dashboard.
2. Find the platform you want to connect.
3. Click **"Connect"** to expand the setup panel.
4. Follow the platform-specific instructions.
![Coral integrations page with connection cards]()
Setup varies by integration type:
* **Sandbox-native** (Discord, WhatsApp, Telegram) — Create a bot on the platform, enter the API token in Coral. Credentials are stored in your sandbox and never leave your isolated environment.
* **OAuth** (Slack, Google Workspace) — Click **"Connect"**, sign in with your account, and authorize access. Tokens are managed by Coral.
* **Third-party** (App integrations) — Connect through the authorization flow to link apps like GitHub, Jira, Linear, Notion, Stripe, and more.
Sandbox-native integration credentials are stored securely in your sandbox and never leave your isolated environment. OAuth-based integrations store encrypted tokens on Coral's servers to enable proxy access.
## Managing integrations
Once connected, each integration card shows its status:
* **Connected** — The integration is active and your assistant is reachable on that platform.
* **Disconnected** — The integration was configured but is not currently active (e.g., the bot was removed from the server).
Click **"Manage"** on a connected integration to update credentials or disconnect.
## Using the Control UI for advanced setup
For integrations that require more detailed configuration (custom system prompts per channel, tool restrictions, etc.), open the **Control UI** from the Integrations page. The OpenClaw dashboard provides full control over per-channel behavior.
## Skills
The Integrations page also hosts the **Skills** section below the messaging connections. Skills extend your agent with domain-specific capabilities like web search, audio transcription, and integration with external services. See [Skills](/features/skills) for full documentation.
# App Integrations
Source: https://docs.coral.inc/features/integrations/composio
Connect 500+ apps like Gmail, GitHub, Notion, and more
Coral integrates with **500+ apps**, giving your assistant the ability to read and write data across your favorite tools.
## Overview
Coral handles the OAuth authorization and token management for third-party apps. When you connect an app, you authorize it through a secure OAuth flow — your tokens are managed securely and never stored in your sandbox.
Your assistant can then use these connections to perform actions like reading emails, creating issues, updating spreadsheets, and more.
## Available App Categories
Gmail, Calendar, Docs, Sheets, Slides, Drive, Tasks, Maps, Analytics, Meet.
Teams, Outlook, OneDrive, SharePoint, Excel.
GitHub, GitLab, Bitbucket, Asana, Linear, Trello, ClickUp, Confluence, Sentry.
HubSpot, Salesforce, Attio, Intercom, Zendesk.
Notion, Airtable, Zoom, Dropbox, Figma, Slack, Monday, Todoist, Calendly, Miro, Canva.
Stripe, Square, QuickBooks, Xero, FreshBooks.
## Connecting an App
1. Open the [Coral dashboard](https://app.coral.inc) and go to the **Integrations** page.
2. Scroll down to the **App Integrations** section.
3. Find the app you want to connect and click **"Connect"**.
4. You'll be redirected to the app's authorization page (e.g., Google's OAuth consent screen).
5. Sign in and grant the requested permissions.
6. You'll be redirected back to Coral. The app will show as **Connected**.
Your assistant's gateway automatically restarts to load the new tools for the connected app.
Some apps may require additional configuration (e.g., selecting specific repositories for GitHub, or choosing a workspace for Notion). Follow the on-screen prompts during the authorization flow.
## Using Connected Apps
Once an app is connected, your assistant automatically gains access to the app's actions. You can simply ask your assistant to perform tasks, for example:
* *"Check my Gmail for unread emails from today"*
* *"Create a new issue in my Linear project for the login bug"*
* *"Add a row to my Google Sheet with today's sales numbers"*
* *"Schedule a meeting on Google Calendar for tomorrow at 2pm"*
* *"Find the latest PR comments on my GitHub repo"*
Your assistant discovers available tools on-demand based on which apps you have connected.
## Disconnecting an App
1. Go to the **Integrations** page.
2. Find the connected app.
3. Click **"Disconnect"**.
This revokes the authorization. Your assistant will no longer be able to access that app's data.
## Troubleshooting
| Problem | Solution |
| ------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------- |
| App shows "Connected" but assistant can't use it | The gateway may need a restart. Try disconnecting and reconnecting the app. |
| OAuth page shows an error | Ensure your account has the necessary permissions for the app (e.g., admin access for some workspace-level apps). |
| Assistant says it doesn't have access to an app | Check the Integrations page to confirm the app is connected. If it says "Disconnected", reconnect it. |
| "Authorization expired" | Some apps require periodic re-authorization. Click **"Connect"** again to refresh the authorization. |
## Security
* OAuth tokens are managed securely — they are **not stored in your sandbox**.
* Coral communicates with app providers through a server-side proxy. API keys never reach your browser or sandbox.
* Each user's connections are isolated — your Coral user ID maps to a unique identity.
* Tool execution happens through Coral's authenticated proxy infrastructure.
# Discord
Source: https://docs.coral.inc/features/integrations/discord
Add your AI assistant as a Discord bot in your server
Connect your Coral assistant to Discord so you can chat with it via DMs and server channels.
## Overview
The Discord integration is **sandbox-native** — your bot token is stored securely inside your isolated sandbox environment and never leaves it. Coral connects to Discord using your own bot application, giving you full control over the bot's identity, permissions, and server access.
## Prerequisites
* A Coral account with an active sandbox
* A Discord account
* A Discord server where you have permission to add bots
## Step 1: Create a Discord Application
1. Go to the [Discord Developer Portal](https://discord.com/developers/applications).
2. Click **"New Application"** and give it a name (e.g., "My AI Assistant").
3. Optionally, add a profile picture and description for your bot.
## Step 2: Configure the Bot
1. In the left sidebar, click **"Bot"**.
2. Click **"Reset Token"** and copy the token. Save it somewhere safe — you will only see it once.
3. Under **"Privileged Gateway Intents"**, enable the following:
* **Message Content Intent** — allows the bot to read message content
* **Server Members Intent** — allows the bot to see server members
Keep your bot token private. Anyone with the token can control your bot. If you suspect it has been leaked, reset it immediately in the Developer Portal.
## Step 3: Set Bot Permissions and Invite to Server
1. In the left sidebar, go to **"OAuth2"** > **"URL Generator"**.
2. Under **Scopes**, select:
* `bot`
* `applications.commands`
3. Under **Bot Permissions**, select:
* View Channels
* Send Messages
* Read Message History
* Embed Links
* Attach Files
4. Copy the generated URL at the bottom of the page.
5. Open the URL in your browser and select the server you want to add the bot to.
6. Click **"Authorize"**.
## Step 4: Connect in Coral
1. Open the [Coral dashboard](https://app.coral.inc) and go to the **Integrations** page.
2. Click on the **Discord** card.
3. Paste your bot token into the **Bot Token** field.
4. Click **"Connect"**.
Coral validates your token against the Discord API, then applies the configuration to your sandbox.
## Step 5: Pair Your Discord Account
After the bot connects, you need to pair your Discord account so the assistant knows who you are:
1. Open Discord and go to the server where you invited the bot.
2. Click on the bot's name to open a DM, then send it any message (e.g., "Hello").
3. The bot will reply with an **8-character pairing code** (e.g., `KVM9A75Y`).
4. Go back to the Coral Integrations page and paste the code into the **Pairing Code** field.
5. Click **"Approve"**.
You can skip pairing and do it later, but the bot will not respond to your messages until pairing is completed.
## Managing Your Discord Integration
Once connected, the Discord card on the Integrations page shows your bot's status:
* **Connected** — The bot is online and responsive.
* **Configured but not connected** — The token is saved but the bot cannot connect (e.g., token was revoked). Click **"Reconfigure"** to enter a new token.
To disconnect, click **"Disconnect"** on the integration card. This removes the bot token from your sandbox.
## Troubleshooting
| Problem | Solution |
| ---------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- |
| Bot shows "configured but not connected" | Your token may be invalid or revoked. Reset the token in the Discord Developer Portal and reconfigure. |
| Bot is online but doesn't respond | Make sure you completed the pairing step. Also verify that **Message Content Intent** is enabled. |
| Bot can't see messages in a channel | Check that the bot has **View Channels** and **Read Message History** permissions in that channel. |
| "Invalid bot token" error | Ensure you copied the full token. Bot tokens look like `MTIzNDU2Nzg5MDEyMzQ1Njc4OQ...` — they are long base64 strings. |
## Security
* Your bot token is stored exclusively inside your sandbox's configuration file (`~/.openclaw/openclaw.json`).
* The token never passes through Coral's servers — it is sent directly from the Coral UI to your sandbox via an authenticated gateway RPC.
* If you back up and restore your sandbox, the Discord configuration is preserved in the backup.
# Slack
Source: https://docs.coral.inc/features/integrations/slack
Connect your AI assistant to a Slack workspace
Connect your Coral assistant to Slack to chat with it via DMs, mentions in channels, and threaded replies.
Coral offers two ways to connect Slack:
Click **"Connect with Slack"** and authorize Coral's Slack app in your workspace. No manual setup required.
Create your own Slack app for full customization of the bot identity, permissions, and access policies.
***
## Option A: One-Click Connect (Managed)
This is the fastest way to get Slack working. Coral handles the app, tokens, and event routing for you.
### Setup
1. Open the [Coral dashboard](https://app.coral.inc) and go to the **Integrations** page.
2. Click on the **Slack** card and select the **"Connect with Slack"** option.
3. You'll be redirected to Slack's authorization page.
4. Select the workspace you want to connect and click **"Allow"**.
5. You'll be redirected back to Coral with Slack connected.
### Capabilities
Once connected, Coral's Slack app provides:
* **Direct Messages** — Chat with your AI assistant in DMs.
* **Channel Mentions** — Mention the bot in any channel it's been added to.
* **Thread Replies** — All responses are threaded automatically to keep channels clean.
### Disconnect
To disconnect, click **"Disconnect"** on the Slack integration card. This revokes the OAuth token and removes the connection.
Each Slack workspace can only be connected to one Coral instance at a time.
***
## Option B: Bring Your Own App (BYOA)
Use this option if you want full control over the bot's identity, permissions, and access policies. You'll create your own Slack app and provide the tokens to Coral.
### Step 1: Create a Slack App
1. Go to the [Slack App Directory](https://api.slack.com/apps) and click **"Create New App"**.
2. Choose **"From scratch"**.
3. Enter an app name (e.g., "My AI Assistant") and select your workspace.
4. Click **"Create App"**.
### Step 2: Enable Socket Mode
Socket Mode lets the bot receive events over a WebSocket connection instead of requiring a public URL.
1. In the left sidebar, click **"Socket Mode"**.
2. Toggle **"Enable Socket Mode"** to on.
3. You'll be prompted to create an **App-Level Token**. Name it (e.g., "coral-socket") and add the scope `connections:write`.
4. Click **"Generate"** and copy the token. It starts with `xapp-`.
### Step 3: Configure Bot Permissions
1. In the left sidebar, go to **"OAuth & Permissions"**.
2. Under **Bot Token Scopes**, add the following:
* `app_mentions:read`
* `channels:history`
* `channels:read`
* `chat:write`
* `groups:history`
* `groups:read`
* `im:history`
* `im:read`
* `im:write`
* `mpim:history`
* `mpim:read`
* `users:read`
### Step 4: Enable Event Subscriptions
1. In the left sidebar, click **"Event Subscriptions"**.
2. Toggle **"Enable Events"** to on.
3. Under **"Subscribe to bot events"**, add:
* `app_mention`
* `message.channels`
* `message.groups`
* `message.im`
* `message.mpim`
### Step 5: Install the App
1. In the left sidebar, go to **"Install App"**.
2. Click **"Install to Workspace"** and authorize.
3. Copy the **Bot User OAuth Token**. It starts with `xoxb-`.
### Step 6: Connect in Coral
1. Open the [Coral dashboard](https://app.coral.inc) and go to the **Integrations** page.
2. Click on the **Slack** card and choose the **"Bring Your Own App"** option.
3. Enter both tokens:
* **Bot Token** (`xoxb-...`)
* **App Token** (`xapp-...`)
4. Click **"Connect"**.
Coral validates the tokens against the Slack API, then prompts you to configure access policies.
### Step 7: Configure Access Policies
After validation, you can configure how the bot responds:
| Setting | Options | Description |
| ------------------- | --------------------------- | ---------------------------------------------- |
| **DM Policy** | Open / Allowlist / Disabled | Who can DM the bot |
| **Channel Policy** | Open / Allowlist / Disabled | Which channels the bot responds in |
| **Require Mention** | Yes / No | Whether the bot must be @mentioned in channels |
* **Open** — The bot responds to everyone / in every channel it has access to.
* **Allowlist** — The bot only responds to specific users / in specific channels you select.
* **Disabled** — The bot ignores DMs or channel messages entirely.
After configuring, click **"Save & Connect"** to finalize.
## Managing Your Slack Integration
You can update access policies at any time by clicking **"Edit access policies"** on the connected card.
To disconnect, click **"Disconnect"**. For BYOA, this removes the tokens from your sandbox. For managed Slack, this revokes the OAuth token.
## Troubleshooting
| Problem | Solution |
| -------------------------------- | --------------------------------------------------------------------------------------------------------- |
| "Workspace already connected" | Each Slack workspace can only link to one Coral instance. Disconnect from the other instance first. |
| Bot doesn't respond in a channel | Invite the bot to the channel first (`/invite @botname`). Also check that the channel policy allows it. |
| Bot doesn't respond to DMs | Check that the DM policy is set to "Open" or that the user is in the allowlist. |
| "Invalid token" error | Make sure you're using the correct token types: `xoxb-` for Bot Token and `xapp-` for App Token. |
| Socket Mode connection drops | Ensure Socket Mode is enabled in your Slack app settings and the App Token has `connections:write` scope. |
## Security
* **BYOA**: Both tokens are stored exclusively inside your sandbox's configuration. They never pass through Coral's servers.
* **Managed**: The bot token is encrypted with AES-256-GCM and stored on Coral's servers. The encryption key is derived per-user and never stored alongside the token.
* Slack webhook signatures are verified using HMAC-SHA256 with 5-minute replay protection.
# Telegram
Source: https://docs.coral.inc/features/integrations/telegram
Use your AI assistant via Telegram
Connect your Coral assistant to Telegram so you can chat with it via DMs and group chats.
## Overview
The Telegram integration is **sandbox-native** — your bot token is stored securely inside your isolated sandbox environment and never leaves it. You create a bot through Telegram's BotFather and provide the token to Coral.
## Prerequisites
* A Coral account with an active sandbox
* A Telegram account
## Step 1: Create a Bot with BotFather
1. Open Telegram and search for [@BotFather](https://t.me/BotFather), or click the link to open it directly.
2. Send the `/newbot` command.
3. Follow the prompts:
* Enter a **display name** for your bot (e.g., "My AI Assistant").
* Enter a **username** for your bot. It must end in `bot` (e.g., `my_coral_assistant_bot`).
4. BotFather will reply with your **bot token**. It looks like `123456789:ABCdefGHIjklMNOpqrSTUvwxYZ`. Copy it.
Keep your bot token private. Anyone with the token can control your bot. If you suspect it has been leaked, use `/revoke` with BotFather to generate a new token.
## Step 2: Configure Privacy Settings (Optional)
By default, Telegram bots can only see messages that directly mention them or are replies to their messages in group chats. If you want your bot to see all messages in a group:
1. Open a chat with [@BotFather](https://t.me/BotFather).
2. Send `/setprivacy`.
3. Select your bot.
4. Choose **"Disable"** to allow the bot to read all group messages.
This is only needed for group chats. In direct messages, the bot always sees all messages.
## Step 3: Connect in Coral
1. Open the [Coral dashboard](https://app.coral.inc) and go to the **Integrations** page.
2. Click on the **Telegram** card.
3. Paste your bot token into the **Bot Token** field.
4. Click **"Connect"**.
Coral validates your token against the Telegram Bot API (`/getMe`), then applies the configuration to your sandbox.
## Step 4: Pair Your Telegram Account
After the bot connects, you need to pair your Telegram account:
1. Open Telegram and search for your bot by its username (e.g., `@my_coral_assistant_bot`).
2. Send it any message (e.g., "Hello").
3. The bot will reply with an **8-character pairing code** (e.g., `KVM9A75Y`).
4. Go back to the Coral Integrations page and paste the code into the **Pairing Code** field.
5. Click **"Approve"**.
You can skip pairing and do it later, but the bot will not respond to your messages until pairing is completed.
## Managing Your Telegram Integration
Once connected, the Telegram card on the Integrations page shows your bot's status:
* **Connected** — The bot is online and responsive.
* **Configured but not connected** — The token is saved but the bot cannot connect. Click **"Reconfigure"** to enter a new token.
To disconnect, click **"Disconnect"** on the integration card. This removes the bot token from your sandbox.
## Troubleshooting
| Problem | Solution |
| ---------------------------------------- | ------------------------------------------------------------------------------------------------------- |
| Bot shows "configured but not connected" | Your token may have been revoked. Use `/revoke` with BotFather to generate a new token and reconfigure. |
| Bot doesn't respond in group chats | Make sure you disabled privacy mode via `/setprivacy` with BotFather. |
| Bot doesn't respond to DMs | Ensure pairing is completed. Also verify the token is correct. |
| "Invalid bot token" error | Ensure you copied the full token from BotFather. The format is `123456789:ABCdefGHIjklMNOpqrSTUvwxYZ`. |
## Security
* Your bot token is stored exclusively inside your sandbox's configuration file (`~/.openclaw/openclaw.json`).
* The token never passes through Coral's servers — it is sent directly from the Coral UI to your sandbox via an authenticated gateway RPC.
* If you back up and restore your sandbox, the Telegram configuration is preserved in the backup.
# WhatsApp
Source: https://docs.coral.inc/features/integrations/whatsapp
Chat with your AI assistant through WhatsApp
Connect your Coral assistant to WhatsApp so you can chat with it directly in your WhatsApp conversations.
## Overview
The WhatsApp integration is **sandbox-native** — your session credentials are stored securely inside your isolated sandbox environment and never leave it. Unlike Discord and Telegram, WhatsApp uses QR code scanning (via WhatsApp's Linked Devices feature) instead of a bot token.
**Important**: The WhatsApp account you scan with becomes the bot. If you only have one phone number, you'll be messaging yourself to chat with your assistant — this works, but can feel a little awkward. For a more natural experience, consider using a second number for the bot.
## Prerequisites
* A Coral account with an active sandbox
* A phone with WhatsApp installed
* At least one phone number to allow-list for receiving responses
## Step 1: Configure Allowed Phone Numbers
For security, your assistant only responds to messages from pre-approved phone numbers.
1. Open the [Coral dashboard](https://app.coral.inc) and go to the **Integrations** page.
2. Click on the **WhatsApp** card.
3. Add the phone numbers that should be able to chat with the assistant. Enter each number in **international E.164 format** (e.g., `+15551234567`).
You must add at least one phone number before proceeding.
## Step 2: Scan the QR Code
1. After entering your phone numbers, click **"Generate QR Code"**.
2. Coral will display a QR code on screen.
3. On your phone, open **WhatsApp** > **Settings** > **Linked Devices** > **Link a Device**.
4. Scan the QR code displayed in Coral.
The page will automatically detect when the scan is successful and transition to the connected state.
If the QR code expires before you scan it, click **"Refresh QR"** to generate a new one.
## Step 3: Start Chatting
Once connected:
1. Open WhatsApp on another device or from another number on your allow-list.
2. Find the linked account in your contacts (or search for the phone number).
3. Send a message like "Hello!" — your AI assistant will reply right in the chat.
## Managing Your WhatsApp Integration
Once connected, the WhatsApp card shows your linked phone number and connection status.
### Edit Allowed Numbers
You can update the list of allowed phone numbers at any time:
1. Click **"Edit allowed numbers"** on the connected card.
2. Add or remove phone numbers.
3. Click **"Save"**.
### Reconnect
If the WhatsApp session becomes disconnected (e.g., you logged out from Linked Devices on your phone), click **"Reconnect"** to generate a new QR code and re-link.
### Disconnect
Click **"Disconnect"** to fully remove the WhatsApp session from your sandbox. You will need to scan a new QR code to reconnect.
## Troubleshooting
| Problem | Solution |
| ------------------------------- | ------------------------------------------------------------------------------------------------------------- |
| QR code expired | Click **"Refresh QR"** to generate a new one. QR codes are time-limited. |
| "Configured but not connected" | Your linked session may have expired. Click **"Reconnect"** to scan a new QR code. |
| Bot doesn't respond to messages | Check that the sender's phone number is on the allowed list. Only allow-listed numbers get responses. |
| Session disconnects frequently | This can happen if you unlink the device from WhatsApp settings on your phone. Keep the linked device active. |
## Security
* WhatsApp session credentials (Baileys authentication) are stored exclusively inside your sandbox.
* The session data never passes through Coral's servers.
* Phone numbers on the allow-list are stored in your sandbox's configuration (`channels.whatsapp.allowFrom`).
* If you back up and restore your sandbox, the WhatsApp configuration is preserved, but you may need to re-scan the QR code to re-establish the session.
# Models
Source: https://docs.coral.inc/features/models
Choose the AI model tier for your assistant
Coral offers three model tiers that control which AI model powers your assistant. You can switch tiers at any time from the Settings page.
## Model tiers
| Tier | Default Model | Alternative | Best for |
| ------------ | ----------------- | -------------- | --------------------------------- |
| **Light** | Gemini 3 Flash | — | Fast, cost-effective tasks |
| **Standard** | Claude Sonnet 4.6 | — | Balanced everyday use |
| **Pro** | Claude Opus 4.6 | Gemini 3.1 Pro | Complex reasoning, advanced tasks |
The **Standard** tier is selected by default when you set up your assistant.
Use the Light tier for simple tasks to conserve credits. Switch to Pro when you need the most capable reasoning for complex analysis, coding, or multi-step workflows.
## Changing your model
1. Go to the **Settings** page.
2. Find the **Model** section.
3. Select a tier (Light, Standard, or Pro).
4. If the tier has multiple models (Standard and Pro do), choose your preferred model.
5. Click **Apply**.
The change takes effect immediately — no restart required.
![Coral settings page]()
## How tiers affect credits
Each AI model request costs credits based on the model and token count:
* **Light** tier models use the fewest credits per request.
* **Standard** tier models use a moderate amount.
* **Pro** tier models use the most credits per request.
Your credit usage is tracked on the Settings page under **Usage & Billing**. Individual message costs are also shown inline in the chat. See [Billing & Credits](/getting-started/billing) for plan details and pricing.
If you configured your own API keys during onboarding (BYOK), model requests are billed directly by your AI provider — Coral credits are not consumed unless you have [Coral fallback](/features/bring-your-own-key#coral-fallback) enabled.
# Remote Desktop
Source: https://docs.coral.inc/features/remote-desktop
Access a graphical desktop in your sandbox via VNC
The remote desktop gives you graphical desktop access to your sandbox — right in your browser. It uses VNC through the noVNC HTML5 client, so no additional software is needed.
## Opening the remote desktop
There are two ways to access the remote desktop:
### From Settings
1. Go to the **Settings** page in your Coral dashboard.
2. Scroll to the **Tools & Access** section.
3. Click **"Open Remote Desktop"**.
A new browser tab opens with a full desktop environment running inside your sandbox.
### From the Chat page
The **Computer Panel** on the chat page includes a **Desktop** tab that shows a live VNC view of your sandbox. This lets you watch your assistant's desktop activity while chatting — useful for monitoring browser automation or visual tasks. See [Chat — Computer Panel](/features/chat#computer-panel) for details.
![Coral settings page]()
The button checks availability first. If VNC is not running in your sandbox, the button will be disabled.
## Connection details
* The desktop connects over a secure WebSocket through the Coral proxy — your sandbox credentials never reach the browser.
* Sessions use a time-limited ticket (30-minute TTL).
* If the connection drops, close the tab and re-open from the Settings page.
## When to use the remote desktop
Most users won't need the remote desktop for day-to-day use. It's primarily useful for:
* Watching your assistant perform browser-based tasks in real-time (via the Chat Computer Panel)
* Running browser-based tools or automation (e.g., Puppeteer with a visible browser)
* Debugging graphical applications
* Any task that requires visual interaction beyond the [terminal](/features/terminal)
# Skills
Source: https://docs.coral.inc/features/skills
Extend your assistant with domain-specific capabilities
Skills are packages that give your assistant specialized abilities — web search, Notion integration, audio transcription, and more. Your agent uses active skills automatically when relevant to a conversation.
Skills are managed from the **Integrations** page in the Coral dashboard, in the section below the messaging connections.
![Coral integrations page]()
## Skill categories
Skills are organized into four sections based on their current state:
### Active
Fully configured and ready to use. Your agent invokes these automatically when relevant. Each active skill card shows a green **"Active"** badge and offers:
* **"Change key"** — Update the API key for this skill
* **"Turn off"** — Disable the skill without removing it
* **"Docs"** — Link to the skill's documentation (when available)
### Needs Setup
Installed but missing an API key or configuration. These cards are highlighted in blue. Click **"Set \[KEY\_NAME]"** to enter the required key inline — paste your key, click **Save**, and the skill becomes active immediately.
### Disabled
Installed and configured but turned off. Click **"Turn on"** to re-enable. The skill becomes active instantly — no restart needed.
### Available to Install
Skills that require additional software (binaries) not yet present in your sandbox. Each card lists the missing dependencies (e.g., "Requires ffmpeg") and shows an **"Ask agent to install"** button. Clicking it opens the Chat page with a pre-filled message asking your assistant to install the needed software.
## Configuring API keys
Many skills require external API keys. You can provide these in two ways:
1. **Inline on the skill card** — In the Needs Setup section, click "Set \[KEY\_NAME]" and paste your key directly. This is the fastest path for a single key.
2. **Via Environment Variables** — Go to Settings > Environment Variables and add the key there. This is better for managing multiple keys at once. See [Environment Variables](/features/environment-variables).
Keys are stored securely in your sandbox's OpenClaw config. They never leave your isolated environment.
## Enabling and disabling skills
* **Active skills** → click **"Turn off"** on the card
* **Disabled skills** → click **"Turn on"** on the card
Changes take effect immediately — no gateway restart needed.
## Installing missing dependencies
For skills in the "Available to Install" section:
1. Click **"Ask agent to install"**
2. The Chat page opens with a message like "Please install \[skill name]"
3. Your assistant installs the required binaries via the terminal
4. Return to the Integrations page to see the skill move to Active or Needs Setup
## Skill metadata
Each skill card shows:
* **Name and emoji** — Descriptive label for the skill
* **Source badge** — Whether the skill is "bundled" (ships with OpenClaw) or from an external source
* **Description** — Brief explanation of what the skill does
* **Docs link** — Link to the skill's homepage or documentation (when available)
# Web Terminal
Source: https://docs.coral.inc/features/terminal
Access a command-line shell on your sandbox from the browser
The web terminal gives you direct shell access to your sandbox — right in your browser. No SSH client or key setup required.
## Opening the terminal
There are two ways to access the terminal:
### From Settings
1. Go to the **Settings** page in your Coral dashboard.
2. Scroll to the **Tools & Access** section.
3. Click **"Open Terminal"**.
A new browser tab opens with a full terminal emulator (powered by [xterm.js](https://xtermjs.org/)). You're connected to a shell running inside your sandbox.
### From the Chat page
The **Computer Panel** on the chat page includes a **Terminal** tab for quick shell access without leaving the conversation. See [Chat — Computer Panel](/features/chat#computer-panel) for details.
![Coral settings page]()
## What you can do
The terminal gives you a standard Linux shell with access to:
* **OpenClaw CLI** — Run `openclaw` commands to inspect or modify your assistant's configuration.
* **File system** — Browse and edit files in your sandbox (configuration, logs, data).
* **Package management** — Install additional tools or dependencies.
* **Debugging** — Inspect running processes, view logs, and troubleshoot issues.
The terminal has full access to your sandbox. Be careful with destructive commands — changes are permanent and may affect your running assistant. If something goes wrong, you can restore from a backup.
## Connection details
* The terminal connects over a secure WebSocket through the Coral proxy. Your sandbox credentials never reach the browser.
* Sessions are authenticated with a time-limited ticket (30-minute TTL).
* If the connection drops, close the tab and re-open from the Settings page.
## When to use the terminal
Most users won't need the terminal for day-to-day use. It's primarily useful for:
* Advanced OpenClaw configuration not exposed in the Control UI
* Debugging issues with your assistant
* Installing custom tools or scripts
* Viewing raw log files
# Use Cases
Source: https://docs.coral.inc/features/use-cases
Pre-built workflow templates to get started quickly
The Use Cases page provides pre-built workflow templates that show what your assistant can do. Each template includes a detailed prompt that guides your assistant through setup and ongoing operation.
![Coral use cases page]()
## Browsing use cases
1. Navigate to the **Use Cases** tab in the sidebar.
2. Use the **search bar** to filter by title or description.
3. Use the **category pills** to filter: All, Social Media, Finance, Productivity.
## Trying a use case
Click **"Try It"** on any use case card. You'll be redirected to the Chat page with the full workflow prompt pre-filled in the input box. Press **Enter** to send, and your assistant walks you through setup step by step.
## Available templates
### Daily Portfolio News Briefing
**Category:** Finance
Sets up a daily morning briefing on stocks you track, delivered to your messaging channel. Your assistant:
1. Asks which stock tickers to track
2. Asks your preferred briefing time and messaging channel
3. Delivers a 500-800 word opinionated briefing each morning using the built-in web search tool
You can add or remove tickers at any time by asking your assistant.
### Daily Twitter/X Brief
**Category:** Social Media
Monitors Twitter/X for topics and accounts you care about and delivers a daily digest. Your assistant:
1. Asks which topics and accounts to follow
2. Asks your preferred time and messaging channel
3. Delivers the top 5-10 posts each morning, grouped by theme with summaries and links
### Explore Skills on ClawHub
**Category:** Productivity
Browse and install community-contributed skills from the ClawHub marketplace. Your assistant:
1. Pulls trending, most-installed, and newly released skills
2. Asks about your interests and searches for matching skills
3. Inspects skills before recommending them (shows stars, installs, descriptions)
4. Installs your chosen skills directly into your sandbox
A guided marketplace experience — like having a knowledgeable friend walk you through the options.
### Todoist Task Tracker
**Category:** Productivity
Connects to Todoist to help you track tasks collaboratively with your assistant. Setup:
1. Connect Todoist via the **App Integrations** section in the Integrations tab (your assistant checks if it's already connected)
2. Your assistant creates an organized project with sections: In Progress, Waiting, Done
3. Track and manage tasks through conversation
### Audio Journaling to Notion
**Category:** Productivity
Send voice memos via a messaging channel, and your assistant transcribes and organizes them in Notion. Setup:
1. Connect Notion via the **App Integrations** section in the Integrations tab (your assistant checks if it's already connected)
2. Enable the Whisper skill and provide an OpenAI API key
3. Your assistant creates a "Daily Journals" database in Notion
4. Send audio snippets — they're transcribed and organized by date
### Create Presentation Slides
**Category:** Productivity
Create animation-rich HTML presentations with distinctive visual styles — from scratch or by converting PowerPoint files. Your assistant:
1. Asks about the topic and purpose of your presentation (pitch deck, conference talk, tutorial, etc.)
2. Shows visual style options so you can pick what looks best — no design skills needed
3. Generates a single self-contained HTML file with animations, transitions, and responsive design
4. Supports keyboard, touch, and scroll navigation — zero dependencies, works anywhere
You can also share an existing PowerPoint file to convert it into a web presentation with an upgraded visual style.
## Creating your own workflows
Use cases are just prompts — you can write your own. Tips:
* Be explicit about setup steps (API keys, integrations needed)
* Describe the recurring behavior you want (daily briefing, event-triggered action, etc.)
* Reference specific features by name (Settings, Integrations, Environment Variables) so your assistant knows where to guide you
# Billing & Credits
Source: https://docs.coral.inc/getting-started/billing
Plans, pricing, and credit usage
Coral uses a credit-based billing system. Each plan includes a monthly credit allowance, and AI model usage is deducted from your balance.
![Coral usage and billing page]()
## Plans
| Plan | Price | Included Credits | Trial |
| -------------- | -------- | ---------------- | ---------------- |
| **Standard** | \$50/mo | 5,000 | 7-day free trial |
| **Ultra** | \$200/mo | 20,000 | — |
| **Enterprise** | Custom | Custom | — |
### Standard
Best for light automation and getting started.
* Your agent runs 24/7
* Standard task capacity
* **LLM credits included**
* 5,000 credits included to get you started
* Popular tools included at no extra cost: Exa Search, Twitter, LinkedIn, ElevenLabs, and more
* Community support
### Ultra
Best for power users and small teams.
* Everything in Standard, plus:
* Performance private cloud machine with 16GB RAM
* 20,000 credits included
* Dedicated support from our engineers
* Early access to new feature
### Enterprise
Best for teams that need custom solutions and dedicated support.
* Everything in Ultra, plus:
* Custom credit allowances
* Launch multiple agents
* Team management & access control
* Centralized operations and monitoring
* Audit logs
## Subscribing
1. After signing in, you're prompted to choose a plan.
2. The **Standard** plan offers a **7-day free trial** — no payment required upfront.
3. Click **"Start Free Trial"** or **"Subscribe"** to proceed to Stripe checkout.
4. After subscribing, return to Coral to set up your assistant.
## Tracking usage
Your usage is visible on the **Settings** page under **Usage & Billing**:
* **Current Plan** — Shows your active plan with a link to manage it.
* **Credit Balance** — Visual progress bar showing credits used vs. included, with the reset date.
* **This Period** — Total requests, tokens, and cost, broken down by AI provider (OpenAI, Anthropic, Google, etc.).
## Switching plans
1. Go to **Settings** > **Usage & Billing** > **Manage Plan**, or navigate to the **Billing** page directly.
2. Click **"Switch to \[Plan Name]"** on your desired plan.
3. The change takes effect at the end of your current billing period. You keep your current credits until then.
## Buying more credits
If you run out of credits before your billing period resets, you can purchase additional credits:
1. Navigate to the **Billing** page.
2. In the **Buy More Credits** section, select how many credits you want.
3. Credits are priced at **\$10 per 1,000 credits**.
4. Purchased credits never expire — they carry over across billing periods.
## Referrals
Share Coral with others and earn credits:
1. Navigate to the **Billing** page.
2. Find your unique **referral link** in the Referrals section.
3. When someone signs up using your link and converts to a paid plan, you both earn bonus credits.
You can track your referrals and total credits earned on the same page.
## Managing billing
Click **"Manage Billing"** to open the Stripe customer portal where you can:
* Update payment methods
* View invoices
* Cancel your subscription
## How credits are consumed
Each AI model request costs credits based on the model tier and token count:
* **[Light](/features/models)** tier models (Gemini 3 Flash) use the fewest credits per request.
* **[Standard](/features/models)** tier models (Claude Sonnet 4.6) use a moderate amount.
* **[Pro](/features/models)** tier models (Claude Opus 4.6, Gemini 3.1 Pro) use the most credits per request.
Credits reset at the start of each billing period. Purchased bonus credits never expire.
If you configured your own API keys (BYOK), model requests are billed directly by your AI provider — Coral credits are not consumed unless [Coral fallback](/features/bring-your-own-key#coral-fallback) is enabled. See [Bring Your Own Key](/features/bring-your-own-key) for details.
# Quickstart
Source: https://docs.coral.inc/getting-started/quickstart
Go from sign-up to your first conversation in under 5 minutes
This guide walks you through creating your Coral account, setting up your AI assistant, and sending your first message.
## Step 1: Sign in
Navigate to [Coral](https://app.coral.inc) and sign in with your Google account, or create an account with email and password.
![Coral login page]()
## Step 2: Choose a plan
After signing in, you'll be prompted to choose a plan. Each plan includes a monthly credit allowance for AI model usage. The **Standard plan** (\$50/mo, 5,000 credits) offers a **7-day free trial** — no payment required upfront. See [Billing & Credits](/getting-started/billing) for full plan details.
![Coral usage and billing page]()
## Step 3: Configure your assistant
The setup wizard asks two things:
1. **AI provider** — Choose **"Use our API keys"** (recommended) to get started immediately, or **"Bring your own key"** if you have your own API key or ChatGPT/Codex subscription. See [Bring Your Own Key](/features/bring-your-own-key) for supported providers.
2. **Agent name** — Give your assistant a name (defaults to "Coral").
Using our API keys means you don't need to create accounts with AI providers or manage billing with them separately. Usage is tracked against your Coral plan credits.
![Coral onboarding wizard]()
Click **Launch OpenClaw** to provision your sandbox. This typically takes 30-60 seconds.
## Step 4: Start chatting
Once your sandbox is ready, you'll land on the chat page. Your assistant defaults to the **Standard** model tier (Claude Sonnet 4.6) — you can [change this](/features/models) anytime in Settings. Type a message to start a conversation.
![Coral chat page]()
The chat page shows suggested prompts to help you explore what your assistant can do. You can also:
* **Attach files** — Drag and drop or click the attachment button to share images and documents.
* **Browse use cases** — Visit the **Use Cases** tab to discover pre-built prompts for common tasks.
## What's next
Extend your assistant with web search, Notion, and more.
Switch between Light, Standard, and Pro model tiers.
Connect your assistant to Discord, WhatsApp, or Slack.
Manage your plan and track credit usage.
Try pre-built workflow templates.
Access the full OpenClaw dashboard for advanced configuration.
# Your First Week With OpenClaw
Source: https://docs.coral.inc/guides/ultimate-guide
From first message to a fully configured AI assistant — a complete guide
Most guides to OpenClaw spend their first 2,000 words on infrastructure: spinning up a VPS, configuring Docker, opening firewall ports, and debugging why the gateway won't start. You can skip all of that.
With Coral, your OpenClaw instance is already running. The gateway is live, your sandbox is isolated and secured, and your first conversation is one tab away. This guide starts where the others end — at the point where OpenClaw actually becomes useful.
***
## Day 1 — Your first useful thing
### Send a real task, not a test
The most common first message is something like "hello" or "what can you do?" Both are reasonable, but neither tells you anything meaningful about what daily life with OpenClaw looks like.
Instead, start with something you actually need today. Examples that show OpenClaw's strengths immediately:
* "Research the top 5 competitors to \[your company] and summarize their pricing models in a table."
* "Draft a reply to this email: \[paste the email]."
* "I have a meeting with \[person] tomorrow. Look them up and give me a quick briefing."
* "Set up a daily 8am summary of the top AI news, delivered to me here in chat."
The last one is particularly useful because it demonstrates proactive behavior — OpenClaw scheduling something to run on its own, not just responding to you.
![Coral chat page]()
If your first task involves web search, make sure the web search skill is active before you send it. Go to **Integrations**, scroll to the Skills section, and confirm the search skill shows a green **Active** badge. It ships enabled on most plans, but worth a quick check.
### Connect a messaging channel
The single highest-leverage action in your first day is connecting a messaging channel. Once OpenClaw is in your WhatsApp, Telegram, Discord, or Slack, it becomes ambient — you interact with it throughout the day without switching apps or opening a browser.
Go to the **Integrations** page and connect at least one:
![Coral integrations page showing messaging channel cards]()
![Coral integrations page showing WhatsApp and Telegram connected with green status badges]()
**Which channel to start with:**
* **WhatsApp** — Best if you want a genuinely ambient assistant. Most people check WhatsApp more than any other app. Voice messages work too.
* **Discord** — Best if you already use Discord for work or a community. You can add the bot to a server you control and interact there.
* **Telegram** — Good middle ground. Full-featured bot support, fast, and available on all platforms.
* **Slack** — Best for team setups where you want colleagues to share access to an assistant.
The setup for each follows the same pattern: create a bot on the platform, copy its token, paste it into Coral. The Integrations page walks you through each one step by step.
### Try one use case template
Before you start building workflows from scratch, browse the **Use Cases** tab. These are pre-built prompt templates that walk your assistant through setting something up — and they're the fastest way to understand what's possible.
![Coral use cases page with template cards]()
A few worth trying on Day 1:
* **Daily Portfolio News Briefing** — If you track stocks, this is operational in about two minutes.
* **Daily Twitter/X Brief** — Monitors topics and accounts you care about and delivers a digest.
* **Explore Skills on ClawHub** — Your assistant browses the skills marketplace with you and installs what's relevant.
Click **Try It** on any card. You'll land on the chat page with the full prompt pre-filled. Press Enter and follow the setup steps your assistant walks you through.
***
## Days 2–3 — Make it yours
### Give it a personality through conversation
One of the most consistently useful things you can do is shape how your assistant behaves and communicates. OpenClaw uses a configuration file called `SOUL.md` to store its personality, preferences, and operating principles. You don't need to edit any files — just describe what you want in chat.
Some examples of things to tell it:
* "Be more concise. I prefer bullet points over paragraphs."
* "When you search the web, always cite your sources inline."
* "I'm a software engineer. You can assume I'm comfortable with technical depth."
* "Default to asking clarifying questions before starting a long task."
* "Never send me a message without a clear next action or summary."
Your assistant will update its own `SOUL.md` based on what you tell it. These preferences persist across all future conversations.
Changes to `SOUL.md` take effect in the next conversation, not the current one. If you update several things at once, start a new chat to see them in action.
### Connect your first tool
Once your assistant has a personality, give it something to act on. The fastest integrations to set up are through the **App Integrations** section on the Integrations page, which connects 70+ apps via Composio.
The most immediately useful to connect first:
| Tool | Why it's worth doing early |
| ------------------- | --------------------------------------------------------------------------------- |
| **Google Calendar** | Your assistant can schedule meetings, check your availability, and add reminders. |
| **Gmail** | Draft, send, and triage email through conversation. |
| **Notion** | Build a second brain — your assistant can read and write pages. |
| **GitHub** | Open issues, review PRs, and search code by asking. |
| **Todoist** | Two-way task management through chat. |
To connect: go to **Integrations**, find the app in the App Integrations section, and click Connect. OAuth-based integrations (Google, Slack) walk you through authorization in the browser. Others use an API key you paste in.
### Pick the right model tier for the right task
Coral offers three model tiers, and switching between them is one of the most effective ways to manage your credit usage. The default is **Standard** (Claude Sonnet 4.6), which is the right choice for most things. But it's worth knowing when to change it.
![Coral settings page]()
![Coral settings page showing Light, Standard, and Pro model tier options]()
**When to use each tier:**
| Task type | Tier | Why |
| -------------------------------------------------------- | ------------ | ----------------------------------------------------------- |
| Quick lookups, simple questions, drafting short messages | **Light** | Fast and cheap. Gemini 3 Flash handles these well. |
| Research, drafting, analysis, most day-to-day work | **Standard** | The best default. Balanced capability and cost. |
| Complex code, multi-step reasoning, nuanced writing | **Pro** | Claude Opus 4.6. Worth the extra credits for hard problems. |
To switch: go to **Settings**, find the **Model** section, select a tier, and click **Apply**. Changes take effect immediately.
You can switch tiers mid-conversation by going to Settings and applying the change. The new model takes effect on your next message in the same chat.
### Set up one proactive behavior
Proactive behaviors — things your assistant does on a schedule without you asking — are what separate OpenClaw from a chat interface. Ask your assistant to set one up through conversation.
Some reliable starting points:
* **Morning briefing** — "Every weekday at 8am, send me a summary of: today's calendar events, any unread emails from the last 12 hours flagged as important, and the top 3 AI news headlines. Send it to my \[WhatsApp/Discord/Telegram]."
* **Daily digest** — "Every evening at 6pm, summarize what we worked on today and list any open tasks."
* **Weekly review** — "Every Friday at 4pm, ask me to do a weekly review and walk me through it."
Your assistant will configure a scheduled task that runs automatically. You can view and manage scheduled tasks through the Control UI if you want to adjust timing or disable one.
***
## Week 1 — Build workflows
### Understand skills
Skills are packages that give your assistant new capabilities. Some are bundled and active by default (web search, file handling). Others need an API key before they activate. A few require additional software to be installed in your sandbox first.
Manage all of this from the **Integrations** page, in the Skills section:
* **Active** (green badge) — Ready to use. Your assistant invokes these automatically when relevant.
* **Needs Setup** (blue highlight) — Installed but waiting for an API key. Click **Set \[KEY\_NAME]** and paste the key inline.
* **Disabled** — Configured but off. Click **Turn on** to re-enable instantly.
* **Available to Install** — Requires additional software. Click **Ask agent to install** and your assistant handles it.
**Which skills to enable in Week 1:**
1. **Web search** — Enable this first if it isn't already active. Almost every useful workflow eventually involves looking something up.
2. **Whisper (audio transcription)** — If you want to send voice memos and have them transcribed to Notion, email drafts, or task lists. Requires an OpenAI API key.
3. **Image generation** — If your work involves visual assets. Requires a Stability AI or Replicate key.
For skills that need API keys you don't have yet, your assistant can tell you where to get them — just ask: "I want to enable \[skill name]. Walk me through getting the API key."
### Work through a full workflow
By the end of Week 1, try building one end-to-end workflow that runs without your involvement. A good benchmark:
> "Every Monday at 9am, search for the top 5 posts about \[your topic] from the past week on Twitter and Reddit. Write a 300-word summary of the key themes. Post it to my Notion page called 'Weekly Research' and send me a link on WhatsApp."
This single workflow tests: scheduling, web search, synthesis, Notion write access, and WhatsApp delivery. If all five work, your assistant is fully operational.
### Reset context when a conversation gets heavy
Long conversations slow things down. OpenClaw maintains context within a session, but very long threads can make responses less focused and more expensive per message.
A practical rule: if a conversation has gone past 30-40 exchanges and you're switching to a new task, start a fresh chat. Your assistant's persistent memory (`SOUL.md`, `USER.md`, skills configuration) carries over automatically — only the in-session context resets.
If you notice responses getting slower or less precise in a long thread, this is usually why. Start a new conversation and continue from there.
### The delegation mindset
The biggest shift in using OpenClaw effectively is treating it less like a search engine (one question, one answer) and more like a capable person you're delegating to. This means:
**Give context, not just commands.** "Draft an email to our lead investor" is less useful than "Draft an email to our lead investor. We're a Series A startup in B2B SaaS. We missed our MRR target by 12% last month. Tone should be transparent but confident. We have a plan to recover."
**Describe the outcome, not the steps.** Let your assistant figure out how to get there. "Find out who the decision-makers are at \[company] and draft a cold outreach message for each of them" is better than micromanaging every search and draft.
**Correct it explicitly.** If a response misses the mark, say specifically what was wrong: "Too formal. Cut the length in half. Lead with the question, not the context." Your assistant updates its approach immediately.
***
## Going deeper
### When to use the Control UI
The Coral dashboard gives you most of what you need. The **Control UI** — OpenClaw's native interface — goes further. Open it from the **Integrations** page when you need:
* Fine-grained per-channel system prompt customization
* Detailed tool and permission management
* Raw access to configuration files (`openclaw.json`, `SOUL.md`, `USER.md`)
* Viewing scheduled task history and logs
The Control UI opens in a new tab. It cannot be embedded due to browser security restrictions (`X-Frame-Options`).
### Managing API keys at scale
If you have multiple skills each needing their own API key, managing them individually on each skill card gets unwieldy. Use **Environment Variables** instead:
1. Go to **Settings > Environment Variables**
2. Add keys in `KEY_NAME=value` format
3. Skills that reference those variable names pick them up automatically
This is also the right approach if you're using [Bring Your Own Key](/features/bring-your-own-key) for your AI provider and want to manage the key centrally.
### Terminal access
For users who want full control, the **Terminal** page gives you a shell inside your sandbox. This is useful for:
* Inspecting or editing config files directly
* Installing system packages that skills depend on
* Running one-off scripts or debugging
Most users never need the terminal. But it's there if you do.
***
## Model tier reference
Quick reference for choosing a tier by task:
| Task | Recommended tier |
| ------------------------------------ | ----------------- |
| Quick question, fact lookup | Light |
| Summarizing a document | Light |
| Drafting an email or message | Light or Standard |
| Research across multiple sources | Standard |
| Writing a long document | Standard |
| Complex analysis or reasoning | Standard or Pro |
| Writing or reviewing production code | Pro |
| Multi-step agentic tasks | Pro |
| Nuanced judgment calls | Pro |
When in doubt, **Standard is the right default**. Switch to Pro when you need it, Light when you're doing something simple.
***
## What's next
Full reference for managing skills and API keys.
Messaging channels and app connections in detail.
Model tier details and credit costs.
Advanced configuration via the OpenClaw dashboard.
Pre-built workflow templates to try.
Understand credit usage and manage your plan.
# Welcome to Coral
Source: https://docs.coral.inc/index
Your personal AI assistant, hosted and managed for you
Coral gives you a fully managed [OpenClaw](https://github.com/openclaw/openclaw) instance — no servers to configure, no CLI required. Sign in, pick your AI provider, and start chatting in minutes.
Go from sign-up to your first conversation in under 5 minutes.
Send messages, attach images, and interact with your assistant.
Extend your assistant with domain-specific capabilities.
Pre-built workflow templates to get started quickly.
Choose between Light, Standard, and Pro AI model tiers.
Connect your assistant to Discord, WhatsApp, Slack, Google Workspace, and more.
Connect AI tools to Coral docs via MCP, llms.txt, or Markdown.
## What you get
* **Isolated sandbox** — Your own OpenClaw instance running on dedicated infrastructure.
* **System-managed API keys** — Use our keys to talk to OpenAI, Anthropic, and Google models, or [bring your own](/features/bring-your-own-key) (including ChatGPT/Codex OAuth).
* **App hosting** — Your assistant can [build and publish web apps](/features/app-hosting) (CRMs, dashboards, tools) directly from your sandbox.
* **Skills and integrations** — Extend your assistant with web search, image generation, and more. Connect to Discord, WhatsApp, Slack, Telegram, and 70+ apps via Composio (Google Suite, GitHub, Notion, Stripe, and more).
* **Credit-based billing** — Transparent usage tracking with included monthly credits.
* **Automatic backups** — Rolling and daily encrypted backups, with one-click restore.
* **Web-based everything** — Chat, configure, and manage from your browser. No CLI needed.
## How it works
```mermaid theme={null}
graph LR
A[Sign in with Google] --> B[Configure your assistant]
B --> C[Sandbox launches]
C --> D[Chat, integrate, customize]
```
1. **Sign in** — Use your Google account or email/password.
2. **Configure** — Choose an AI provider (or use ours) and name your assistant.
3. **Launch** — Coral provisions a dedicated sandbox with OpenClaw pre-installed.
4. **Use** — Chat directly, open the Control UI, connect messaging platforms, or use the API.
# Security Architecture
Source: https://docs.coral.inc/security/architecture
How Coral isolates, authenticates, and protects your OpenClaw instance at the infrastructure level
Coral was designed around the security gaps that caused the 2026 OpenClaw exposure crisis. Most exposed instances failed because they relied solely on the application's own authentication — which means a single misconfiguration or vulnerability bypasses all protections. Coral's architecture enforces security at the infrastructure layer, independently of what OpenClaw does internally.
This page covers how that works across authentication, isolation, credential storage, and access control.
For background on what prompted this design, see the [Security Overview](/security/overview) and the Coral blog: [The OpenClaw Security Crisis of 2026](https://coral.inc/blog/2026-03-07-openclaw-security-crisis-2026).
***
## Architecture Overview
The diagram below shows how a request travels from your browser to your sandbox. Every path passes through the proxy layer — there is no way to reach your sandbox directly from the internet.
```mermaid theme={null}
flowchart TD
Browser["Your Browser"]
subgraph Auth["Google Authentication"]
GAuth["Sign in with Google"]
end
subgraph CoralPlatform["Coral Platform — no sandbox has a public IP"]
direction TB
subgraph ProxyLayer["Proxy Layer — session validated before any request reaches the sandbox"]
HTTPProxy["HTTP Proxy
Validates session cookie
Injects gateway token server-side"]
WSProxy["WebSocket Proxy
Validates time-limited ticket
Injects gateway token server-side"]
end
CredDB[("Encrypted Database
Gateway credentials
Row-isolated per user
Never sent to browser")]
subgraph Sandbox["Your Dedicated VM — no public IP, no exposed port"]
Gateway["OpenClaw Gateway"]
Storage[("Encrypted Storage
Per-user key")]
end
end
Browser -->|"1 · Sign in"| GAuth
GAuth -->|"2 · Session token"| Browser
Browser -->|"3a · HTTP + session cookie"| HTTPProxy
Browser -->|"3b · WebSocket + ticket"| WSProxy
CredDB -.->|"gateway token
server-side only"| HTTPProxy
CredDB -.->|"gateway token
server-side only"| WSProxy
HTTPProxy -->|"authenticated request"| Gateway
WSProxy -->|"authenticated connection"| Gateway
Gateway --- Storage
style CredDB fill:#fef3c7,stroke:#d97706,color:#000
style Sandbox fill:#f0fdf4,stroke:#16a34a
style ProxyLayer fill:#eff6ff,stroke:#3b82f6
style Auth fill:#fdf4ff,stroke:#a855f7
style Gateway fill:#dcfce7,stroke:#16a34a,color:#000
style Storage fill:#dcfce7,stroke:#16a34a,color:#000
style Browser fill:#f8fafc,stroke:#64748b,color:#000
style GAuth fill:#fdf4ff,stroke:#a855f7,color:#000
style HTTPProxy fill:#dbeafe,stroke:#3b82f6,color:#000
style WSProxy fill:#dbeafe,stroke:#3b82f6,color:#000
```
**What this shows:**
* Your browser authenticates once and receives a session token — not a gateway credential
* All HTTP and WebSocket requests pass through the proxy layer, which validates your session before forwarding
* The gateway credential is fetched server-side from an encrypted database and injected by the proxy — it never travels to your browser
* Your sandbox runs in a dedicated VM with no public IP and no exposed ports
***
## Authentication
**How it works:**
When you sign in, you authenticate through Google and receive a session token stored in an httpOnly cookie. This cookie is validated by the proxy layer on every request — it is never accessible to browser JavaScript and does not travel to your sandbox.
For WebSocket connections (real-time chat, terminal, remote desktop), your browser receives a short-lived, single-purpose ticket instead of a persistent credential. The proxy validates this ticket before establishing the WebSocket connection. Tickets are cryptographically protected at rest and automatically expire — they cannot be used indefinitely or replayed after expiration.
The session validation happens at the proxy layer, independently of OpenClaw's own authentication. This matters: if a vulnerability in OpenClaw could bypass its internal auth checks (as some CVEs have demonstrated), the proxy layer remains as an independent enforcement point.
**Administrator access** is verified live on every request — not from a cached session claim. This means role changes take effect immediately without requiring a re-login.
**Contrast with self-hosted:** Authentication is handled entirely inside the OpenClaw application. There is no independent outer enforcement layer. A vulnerability that bypasses OpenClaw's auth leaves nothing behind it.
***
## Security Isolation
**How it works:**
Each Coral user gets a dedicated virtual machine — not a shared container or a namespace partition on a shared host. Every sandbox has its own isolated CPU, memory, and filesystem. There is no shared kernel between users.
No sandbox has a public IP address. There is no way to reach an individual sandbox directly from the internet. The OpenClaw gateway port is never exposed. Sandboxes are not discoverable by internet scanners. The only path to a sandbox is through Coral's internal infrastructure, and every request on that path is authenticated.
This design addresses two classes of attack that affect self-hosted deployments:
* **Network exposure:** A scanner cannot find your gateway port because it has no internet-accessible address to scan.
* **Cross-user lateral movement:** Because each user has a dedicated VM, a compromise of one sandbox has no filesystem or memory path to another user's sandbox.
**Why this matters for ClawJacked (CVE-2026-25253):** The ClawJacked attack works by connecting to the gateway WebSocket from a malicious website. That requires the WebSocket endpoint to be reachable directly from a browser. In Coral, there is no directly reachable WebSocket endpoint — all connections pass through the authenticated proxy first.
**Contrast with self-hosted:** A VPS instance receives a dedicated public IP. Unless a firewall is explicitly configured, the gateway port is open by default and discoverable within hours by passive internet scanners.
***
## Secure Storage
**How it works:**
The gateway credential — the token that grants control of an OpenClaw instance — is stored server-side in an encrypted, row-isolated database. It is never included in any response sent to your browser. Your browser does not have access to it at any point in the session flow.
What your browser receives instead: a session token (for HTTP) or a short-lived ticket (for WebSocket). These tokens cannot be used to derive the gateway credential. If a browser session were compromised, the attacker would obtain a session token — not the underlying gateway credential.
Your sandbox's filesystem storage is encrypted per user with a dedicated key. Automated encrypted backups run on a rolling schedule.
**Contrast with self-hosted:** Users typically enter the gateway token directly in the browser, where it lives in browser memory and travels on every request. Local credential files on a VPS are generally unencrypted.
***
## Access Control
**How it works:**
Every request to a Coral sandbox — HTTP or WebSocket — passes through the proxy layer before reaching OpenClaw. The proxy validates your session regardless of what the sandbox application does internally. This is not a feature of OpenClaw; it is a separate enforcement point in the infrastructure.
The proxy layer enforces scope isolation for different connection types. Each ticket is scoped to a specific connection type and sandbox — it cannot be reused across different contexts.
The database that stores credentials and user data operates on a deny-by-default model. Every table denies direct access unless explicitly authorized through server-side application paths. There are no open-by-default permissions.
Audit logs and operational metrics are shipped off-sandbox to centralized storage, so they remain available even if a sandbox is terminated or compromised.
**Contrast with self-hosted:** There is no independent access control layer outside OpenClaw. The application itself is the only enforcement point.
***
## Limits of This Architecture
Coral's infrastructure addresses the attack vectors responsible for the vast majority of OpenClaw security incidents: network exposure, authentication bypass, and credential leakage. There are risks it does not eliminate.
**Platform dependencies.** Our authentication and data infrastructure rely on managed third-party services. If those providers experience a security incident, it could affect us. We monitor their security advisories and have incident response procedures, but the dependency exists.
**OpenClaw application vulnerabilities.** Sandboxes run OpenClaw, which has had 90+ security advisories. We apply patches as quickly as possible after disclosure, but there is a window between disclosure and deployment where a sandbox-level vulnerability could be exploited by someone who already has an authenticated session.
**Trusted user actions.** If you connect an account to your agent and the agent acts on it, Coral's infrastructure does not override that — the agent operates within the permissions you granted. Our architecture reduces external attack surface; it does not constrain what an authorized agent can do.
**The right mental model:** Treat your agent like a new employee. Don't connect accounts you can't afford to lose, start with narrow permissions, and expand access as trust builds.
***
## Comparison
| Risk | Raw Self-Hosted VPS | Coral |
| ---------------------------- | ------------------------------------------------------ | --------------------------------------------------------------------------------- |
| **Public IP exposure** | Dedicated IP; gateway port scannable by default | No public IP for sandboxes; internal routing only |
| **Gateway authentication** | Manual setup required; many instances never configured | Mandatory; enforced at proxy layer before reaching OpenClaw |
| **WebSocket attack surface** | Gateway WebSocket directly reachable from any browser | WebSocket behind authenticated proxy; no direct browser access |
| **Credential storage** | Plaintext local credential files | Server-side in isolated, encrypted database; browser receives session tokens only |
| **Sandbox isolation** | Shared host OS with other processes | Dedicated VM per user |
| **Storage encryption** | Manual, or not done | Automated, per-user |
| **Security updates** | Manual; many instances never updated | In-place automatic |
| **Audit trail** | Local files only | Operational logs shipped off-sandbox |
***
If you are currently running a self-hosted instance and want to assess your exposure, see [Harden Your Self-Hosted Instance](/security/hardening-self-hosted) for a checklist, or [Terminate Your Instance](/security/terminate-instance) for step-by-step shutdown instructions.
# Harden Your Self-Hosted Instance
Source: https://docs.coral.inc/security/hardening-self-hosted
Step-by-step guide to securing a self-hosted OpenClaw instance against the most common attack vectors
This guide covers the steps needed to secure a self-hosted OpenClaw instance. The hardening steps are the same regardless of which cloud provider you use — the differences between providers are limited to firewall configuration syntax, which is noted where relevant.
The steps are ordered by impact. Work through them in sequence.
If you'd rather shut down your instance entirely instead of hardening it, see [Terminate Your Instance](/security/terminate-instance). Not sure which path to take? See the [Security Overview](/security/overview) for context.
***
## Before you start
**Check if you're already exposed.** Look up your server's public IP on the [OpenClaw Exposure Watchboard](https://openclaw.allegro.earth/). If your instance appears there, it is actively reachable from the internet. Find your public IP with:
```bash theme={null}
curl -s https://ifconfig.me
```
If you are on the watchboard, assume your instance may have already been accessed and rotate all credentials after completing these steps.
***
## Step 1: Update OpenClaw
The single most impactful step is running a current version. Several critical vulnerabilities — including the [ClawJacked WebSocket hijack (CVE-2026-25253, CVSS 8.8)](https://thehackernews.com/2026/02/clawjacked-flaw-lets-malicious-sites.html) — were patched in v2026.2.25. Older versions remain vulnerable regardless of other hardening steps.
```bash theme={null}
openclaw update
```
Verify your version:
```bash theme={null}
openclaw --version
```
You should be on **v2026.2.25 or later**. The full list of security advisories is maintained on the [OpenClaw GitHub security page](https://github.com/openclaw/openclaw/security/advisories).
Do not run `openclaw update` or `npm install -g openclaw` inside a running Coral sandbox — this causes a supervisord retry race and puts the instance into a FATAL state. Coral handles OpenClaw updates automatically.
***
## Step 2: Block the gateway port
This is the most impactful single step for instances running on a public VPS. OpenClaw's gateway listens on port 18789 by default. Blocking inbound access to this port from the internet makes your instance invisible to the scanners that found 258,305 exposed instances.
```bash theme={null}
sudo ufw default deny incoming
sudo ufw allow ssh
sudo ufw enable
sudo ufw status
```
If you need to allow access from a specific trusted IP only:
```bash theme={null}
sudo ufw allow from YOUR_TRUSTED_IP to any port 18789
```
```bash theme={null}
sudo firewall-cmd --set-default-zone=drop
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload
sudo firewall-cmd --list-all
```
```bash theme={null}
# Drop all inbound except SSH
sudo iptables -P INPUT DROP
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Save rules
sudo iptables-save > /etc/iptables/rules.v4
```
Most cloud providers offer a network-level firewall (Security Groups, Firewall Rules, etc.) that blocks traffic before it reaches your server. This is often easier to manage than host-level firewall rules:
* **AWS**: Edit the EC2 Security Group. Remove inbound rules for port 18789. See [AWS Security Groups documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html).
* **DigitalOcean**: Use Cloud Firewalls in the networking section of your control panel. See [DigitalOcean Cloud Firewalls documentation](https://docs.digitalocean.com/products/networking/firewalls/).
* **Hetzner**: Use Firewalls in the Hetzner Cloud Console. See [Hetzner Firewall documentation](https://docs.hetzner.com/cloud/firewalls/).
* **Google Cloud**: Use VPC firewall rules. See [GCP Firewall documentation](https://cloud.google.com/firewall/docs/firewalls).
***
## Step 3: Bind the gateway to localhost
Even with a host firewall, configure OpenClaw itself to listen only on the loopback interface. This is a defense-in-depth measure: if a firewall rule is ever misconfigured or temporarily disabled, the gateway is not reachable from the network.
Edit `~/.openclaw/openclaw.json` (JSON5 format):
```json5 theme={null}
{
gateway: {
bind: "loopback" // Only listen on 127.0.0.1
}
}
```
Restart the gateway after making changes:
```bash theme={null}
openclaw restart
```
On versions prior to v2026.1.29, the default was `"all"` (binds to `0.0.0.0`). On v2026.1.29 and later, `"loopback"` is the default — verify your config explicitly if you upgraded from an older version.
***
## Step 4: Enable strong authentication
Verify that authentication is configured and set a strong auth token (32+ characters):
```bash theme={null}
openclaw config set auth.mode token
openclaw config set auth.token "$(openssl rand -hex 32)"
```
To view your current token:
```bash theme={null}
openclaw config get auth.token
```
Do not reuse this token as a password anywhere else. Store it in a password manager. Anyone who obtains this token has full control of your agent and everything it's connected to.
***
## Step 5: Use zero-trust access for remote connections
If you need to access your instance remotely, use a zero-trust tunnel instead of opening ports. [Tailscale](https://tailscale.com/) is the most commonly cited option in community hardening guides — it creates an encrypted overlay network and makes your instance completely invisible to internet scanners.
Install Tailscale on your server:
```bash theme={null}
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up
```
Once connected via Tailscale, access your OpenClaw gateway over the Tailscale IP. Your gateway remains bound to localhost; a local port forward through the Tailscale connection brings it to your client machine.
[WireGuard](https://www.wireguard.com/) is an alternative if you prefer to manage your own VPN infrastructure.
***
## Step 6: Put a reverse proxy in front
If you need public HTTPS access (e.g., for webhook integrations), put a reverse proxy in front of the gateway rather than exposing the gateway port directly. The proxy adds TLS termination, authentication headers, and rate limiting.
Caddy handles TLS certificates automatically via Let's Encrypt.
```
your-domain.example.com {
basicauth /* {
# Generate password hash: caddy hash-password
youruser $2a$14$...hash...
}
reverse_proxy 127.0.0.1:18789
}
```
See [Caddy documentation](https://caddyserver.com/docs/) for full configuration options.
```nginx theme={null}
server {
listen 443 ssl;
server_name your-domain.example.com;
ssl_certificate /etc/letsencrypt/live/your-domain.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your-domain.example.com/privkey.pem;
auth_basic "OpenClaw";
auth_basic_user_file /etc/nginx/.htpasswd;
location / {
proxy_pass http://127.0.0.1:18789;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
```
See [Nginx documentation](https://nginx.org/en/docs/) and [HAProxy's OpenClaw authentication guide](https://www.haproxy.com/blog/properly-securing-openclaw-with-authentication) for further options.
***
## Step 7: Lock down file permissions
OpenClaw credential files in `~/.openclaw/` are protected only by filesystem permissions. Restrict access:
```bash theme={null}
chmod 700 ~/.openclaw
chmod 600 ~/.openclaw/credentials/*
chmod 600 ~/.openclaw/openclaw.json
```
Run OpenClaw under a dedicated non-root service user. Do not run as root or your personal user account:
```bash theme={null}
sudo useradd --system --shell /bin/false openclaw-svc
sudo -u openclaw-svc openclaw start
```
***
## Step 8: Audit and lock down skills
[Koi Security audited the ClawHub marketplace](https://www.koi.ai/blog/clawhavoc-341-malicious-clawedbot-skills-found-by-the-bot-they-were-targeting) and found 341 malicious skills out of 2,857 reviewed. One of them was the #1 most-downloaded skill. The count later grew to 1,184 as more were identified.
For each installed skill:
1. Review the skill's source code before enabling it
2. Check the [ClawHavoc report](https://www.koi.ai/blog/clawhavoc-341-malicious-clawedbot-skills-found-by-the-bot-they-were-targeting) for the skill name
3. Disable any skill you didn't explicitly install or can't verify
Disable automatic skill installation in `~/.openclaw/openclaw.json`:
```json5 theme={null}
{
skills: {
autoInstall: false
}
}
```
Enable Docker sandbox isolation for tool execution (this limits the blast radius if a skill is malicious):
```bash theme={null}
openclaw config set sandbox.mode docker
```
***
## Step 9: Rotate all secrets
If your instance was ever publicly reachable — even briefly — assume that credentials may have been read. Rotate everything the agent had access to:
* **Gateway token** — Generate a new one as described in Step 4
* **LLM API keys** — OpenAI, Anthropic, Google, or any other provider key stored in `~/.openclaw/`
* **Connected account tokens** — Any OAuth tokens or API keys for integrations (Gmail, Slack, GitHub, Notion, etc.)
* **SSH keys** — If the agent had SSH access, generate new keys and remove old authorized keys
For each integration, revoke the old token/OAuth grant and create a new one with the minimum scope needed.
***
## Step 10: Ongoing monitoring
OpenClaw records session transcripts (tool calls, arguments, results) as local files. Enable and review these regularly:
```bash theme={null}
openclaw config set logging.level audit
```
For centralized logging (recommended if the host is shared), configure the optional OpenTelemetry exporter documented in the [OpenClaw docs](https://docs.openclaw.ai/).
OpenClaw ships a built-in security check command:
```bash theme={null}
openclaw security audit --deep
```
Run this after initial hardening and periodically thereafter. It checks authentication configuration, network binding, file permissions, and known-vulnerable skill versions.
Install fail2ban to automatically block IPs that repeatedly fail authentication:
```bash theme={null}
sudo apt-get install fail2ban
```
Configure a jail for OpenClaw's auth log path. See the [fail2ban documentation](https://www.fail2ban.org/wiki/index.php/MANUAL_0_8) for setup details.
OpenClaw has had 90+ security advisories. Pin to a specific version and review the [release notes](https://github.com/openclaw/openclaw/releases) and [security advisories](https://github.com/openclaw/openclaw/security/advisories) before updating:
```bash theme={null}
openclaw config set updates.auto false
```
***
## Community hardening guides
The security community published extensive hardening resources in response to the 2026 exposure crisis. The following guides are cited sources for this documentation:
* [DefectDojo: The OpenClaw Hardening Checklist — In-Depth Edition](https://defectdojo.com/blog/the-openclaw-hardening-checklist-in-depth-edition)
* [Clawctl: The Hardening Guide Nobody Wants to Write](https://clawctl.com/blog/openclaw-hardening-guide)
* [Penligent: A Practical Hardening and Validation Playbook](https://www.penligent.ai/hackinglabs/he/openclaw-security-risks-and-how-to-fix-them-a-practical-hardening-and-validation-playbook/)
* [Awesome Agents: How to Actually Secure OpenClaw](https://awesomeagents.ai/guides/how-to-secure-openclaw-hardening-guide/)
* [Brian Christner: OpenClaw Security Checklist](https://brianchristner.io/openclaw-security-checklist-hardening-your-ai-agent-infrastructure/)
* [Fernando Lucktemberg / AI Maker: OpenClaw Security Hardening Guide](https://aimaker.substack.com/p/openclaw-security-hardening-guide)
* [Easton: Secure OpenClaw Deployment](https://eastondev.com/blog/en/posts/ai/20260204-openclaw-secure-deployment/)
* [HAProxy: Properly Securing OpenClaw with Authentication](https://www.haproxy.com/blog/properly-securing-openclaw-with-authentication)
***
## Next steps
If you've completed the steps above but would rather move to a managed setup where this hardening is handled for you, see [how Coral approaches OpenClaw security](https://coral.inc/blog/2026-03-07-coral-security-architecture).
If you've decided to shut down your instance entirely, see [Terminate Your Instance](/security/terminate-instance).
# Security Overview
Source: https://docs.coral.inc/security/overview
Understand the OpenClaw exposure crisis and what you can do about it
In early 2026, a security researcher discovered over 42,000 publicly exposed OpenClaw instances via a passive internet scan. By March 2026, that number had grown to **258,305** — tracked in real time on a [public watchboard](https://openclaw.allegro.earth/). Of the instances that were actively verified, [93.4% had critical authentication bypass vulnerabilities](https://maordayanofficial.medium.com/the-sovereign-ai-security-crisis-42-000-exposed-openclaw-instances-and-the-collapse-of-1e3f2687b951).
This section covers what to do if you're running a self-hosted OpenClaw instance.
If your server's IP appears on the [OpenClaw Exposure Watchboard](https://openclaw.allegro.earth/), your instance is publicly reachable from the internet right now. Treat it as potentially compromised and follow the steps in this section immediately.
## What happened
OpenClaw was designed as a local-first personal assistant. When users deployed it to cloud VPS providers for always-on availability, the gateway port (18789) became internet-accessible — often without a firewall or authentication configured. Security researchers later found that [ClawHub, the skill marketplace, contained 1,184 malicious skills](https://www.koi.ai/blog/clawhavoc-341-malicious-clawedbot-skills-found-by-the-bot-they-were-targeting), and a WebSocket vulnerability ([CVE-2026-25253, "ClawJacked"](https://thehackernews.com/2026/02/clawjacked-flaw-lets-malicious-sites.html), CVSS 8.8) allowed malicious websites to hijack local instances without user interaction.
For a detailed timeline and analysis, see the Coral blog: [The OpenClaw Security Crisis of 2026](https://coral.inc/blog/2026-03-07-openclaw-security-crisis-2026).
## Choose your path
Keep your self-hosted OpenClaw instance and secure it with step-by-step hardening instructions.
Shut down your exposed instance entirely. Step-by-step instructions for every major cloud provider.
See Coral's security architecture: dedicated VMs, authenticated proxy layer, and server-side credential isolation.
# Terminate on Alibaba Cloud
Source: https://docs.coral.inc/security/terminate-instance/alibaba-cloud
How to permanently release an ECS instance running OpenClaw on Alibaba Cloud
This guide covers releasing (terminating) an Alibaba Cloud ECS (Elastic Compute Service) instance. Releasing an instance permanently deletes it and its associated system disk. Data disks are not deleted unless you explicitly select that option.
Alibaba Cloud calls this operation "release" (释放) rather than "terminate." The result is the same: the instance is permanently deleted and billing stops.
Complete the [pre-termination checklist](/security/terminate-instance#pre-termination-checklist) before proceeding. Releasing an instance is irreversible.
***
## Before you start: check Release Protection
If Release Protection is enabled on the instance, the release operation will fail. Check and disable it first:
1. In the ECS console, click the instance name to open its details.
2. In the **Instance Details** tab, look for **Release Protection** under the Settings section.
3. If enabled, click the edit icon and switch it off.
**Official documentation:** [Enable or disable release protection](https://www.alibabacloud.com/help/en/ecs/user-guide/enable-or-disable-release-protection-for-ecs-instances)
***
## Option 1: Alibaba Cloud Console
Sign in to the [Alibaba Cloud ECS Console](https://ecs.console.aliyun.com/) and navigate to **Instances & Images → Instances**.
Use the region dropdown at the top to select the region where your instance is running.
Locate the ECS instance running OpenClaw. Confirm the correct instance by checking its public IP address against what appeared on the watchboard.
Click **More → Instance Status → Release**. In the dialog, choose **Release Now**. Optionally check **Release attached data disks** if you also want to delete data disks.
Click **Next → OK** to confirm.
**Official Alibaba Cloud documentation:** [Release an instance](https://www.alibabacloud.com/help/en/ecs/user-guide/release-an-instance)
***
## Option 2: Alibaba Cloud CLI (aliyun)
If you have the [Alibaba Cloud CLI](https://www.alibabacloud.com/help/en/alibaba-cloud-cli/) installed:
```bash theme={null}
# List instances to find the instance ID
aliyun ecs DescribeInstances \
--RegionId cn-REGION \
--output cols=InstanceId,PublicIpAddress,Status rows=Instances.Instance[]
# Release (delete) the instance
aliyun ecs DeleteInstance \
--InstanceId i-XXXXXXXXXXXXXXXXX \
--RegionId cn-REGION
```
To also release attached data disks:
```bash theme={null}
aliyun ecs DeleteInstance \
--InstanceId i-XXXXXXXXXXXXXXXXX \
--RegionId cn-REGION \
--TerminateSubscription true
```
**Official API reference:** [DeleteInstance](https://www.alibabacloud.com/help/en/ecs/developer-reference/api-ecs-2014-05-26-deleteinstances)
***
## Post-termination cleanup
### Delete unattached data disks
Data disks that were not deleted during instance release continue to incur charges. In the ECS console, navigate to **Storage & Snapshots → Disks**, filter by **Status = Available**, and release them.
```bash theme={null}
aliyun ecs DeleteDisk --DiskId d-XXXXXXXXXXXXXXXXX
```
### Delete snapshots
```bash theme={null}
# List snapshots
aliyun ecs DescribeSnapshots --RegionId cn-REGION
# Delete a snapshot
aliyun ecs DeleteSnapshot --SnapshotId s-XXXXXXXXXXXXXXXXX
```
### Release Elastic IPs (EIPs)
Unassociated EIPs incur charges. In the console, navigate to **VPC → Elastic IP Addresses** and release them.
```bash theme={null}
aliyun vpc ReleaseEipAddress \
--AllocationId eip-XXXXXXXXXXXXXXXXX \
--RegionId cn-REGION
```
### Delete custom images
```bash theme={null}
# List custom images
aliyun ecs DescribeImages --ImageOwnerAlias self --RegionId cn-REGION
# Delete an image
aliyun ecs DeleteImage --ImageId img-XXXXXXXXXXXXXXXXX --RegionId cn-REGION
```
***
## Rotate credentials
After releasing the instance, rotate everything the agent had access to. See the [post-termination checklist](/security/terminate-instance#post-termination-checklist) for the full list.
# Terminate on AWS EC2
Source: https://docs.coral.inc/security/terminate-instance/aws
How to permanently shut down an EC2 instance running OpenClaw on Amazon Web Services
This guide covers terminating an AWS EC2 instance. Termination permanently deletes the instance. The root EBS volume is deleted by default; other attached volumes may need to be deleted separately.
Complete the [pre-termination checklist](/security/terminate-instance#pre-termination-checklist) before proceeding. Termination is irreversible.
***
## Option 1: AWS Management Console
Sign in to the [AWS Management Console](https://console.aws.amazon.com/ec2/) and navigate to **EC2 → Instances → Instances**.
Check the box next to the instance running OpenClaw. Confirm the correct instance by checking its public IP against what appeared on the watchboard.
If termination protection is enabled (Actions → Instance Settings → Change Termination Protection shows "Enabled"), disable it first. Otherwise the terminate action will fail with a `OperationNotPermitted` error.
Choose **Instance state → Terminate instance** from the Actions menu. Confirm when prompted.
The instance moves to the **shutting-down** state and then **terminated**. AWS retains the terminated record for about an hour before removing it from the list.
**Official AWS documentation:** [Terminate Amazon EC2 Instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html)
***
## Option 2: AWS CLI
If you have the [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) installed and configured:
```bash theme={null}
# Find your instance ID (if you don't have it)
aws ec2 describe-instances \
--query "Reservations[*].Instances[*].[InstanceId,PublicIpAddress,State.Name]" \
--output table
# Terminate the instance
aws ec2 terminate-instances --instance-ids i-XXXXXXXXXXXXXXXXX
```
If termination protection is enabled, disable it first:
```bash theme={null}
aws ec2 modify-instance-attribute \
--instance-id i-XXXXXXXXXXXXXXXXX \
--no-disable-api-termination
```
**Official AWS CLI reference:** [terminate-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/terminate-instances.html)
***
## Post-termination cleanup
### Delete unattached EBS volumes
The root EBS volume is deleted automatically when the instance terminates (if "Delete on Termination" was enabled — this is the default). Additional attached volumes are not deleted automatically.
```bash theme={null}
# List unattached volumes
aws ec2 describe-volumes \
--filters Name=status,Values=available \
--query "Volumes[*].[VolumeId,Size,CreateTime]" \
--output table
# Delete a specific volume
aws ec2 delete-volume --volume-id vol-XXXXXXXXXXXXXXXXX
```
### Delete snapshots
```bash theme={null}
# List snapshots owned by your account
aws ec2 describe-snapshots --owner-ids self \
--query "Snapshots[*].[SnapshotId,Description,StartTime]" \
--output table
# Delete a snapshot
aws ec2 delete-snapshot --snapshot-id snap-XXXXXXXXXXXXXXXXX
```
### Remove the Security Group
If you created a Security Group specifically for this instance, delete it:
```bash theme={null}
aws ec2 delete-security-group --group-id sg-XXXXXXXXXXXXXXXXX
```
### Release the Elastic IP (if assigned)
Elastic IPs continue to incur charges if not released after the instance is terminated:
```bash theme={null}
# List Elastic IPs
aws ec2 describe-addresses --query "Addresses[*].[PublicIp,AllocationId,AssociationId]"
# Release an unassociated Elastic IP
aws ec2 release-address --allocation-id eipalloc-XXXXXXXXXXXXXXXXX
```
**AWS guide:** [Delete or Terminate EC2 Resources](https://repost.aws/knowledge-center/delete-terminate-ec2)
***
## Rotate credentials
After termination, rotate everything the agent had access to. See the [post-termination checklist](/security/terminate-instance#post-termination-checklist) for the full list.
# Terminate on Baidu Cloud
Source: https://docs.coral.inc/security/terminate-instance/baidu-cloud
How to permanently release a BCC instance running OpenClaw on Baidu Cloud (Baidu AI Cloud)
This guide covers releasing (terminating) a Baidu Cloud BCC (Baidu Cloud Compute) instance. Releasing an instance permanently removes it and stops billing. Attached Cloud Disk Service (CDS) volumes and snapshots must be deleted separately.
Complete the [pre-termination checklist](/security/terminate-instance#pre-termination-checklist) before proceeding. Releasing an instance is irreversible.
***
## Option 1: Baidu Cloud Console
Sign in to the [Baidu Cloud Console](https://console.bce.baidu.com/bcc/) and navigate to **Cloud Server BCC → Instance List**.
Use the region selector at the top to choose the region where your instance is running.
Find the BCC instance running OpenClaw. Confirm the correct instance by checking its public IP against what appeared on the watchboard.
An instance must be in the **Stopped** state before it can be released. If the instance is running, click **More → Stop** and wait for the status to change to Stopped.
With the instance stopped, click **More → Release**. Review the confirmation dialog and click **OK** to confirm.
**Official Baidu Cloud documentation:**
* [Stop an Instance](https://intl.cloud.baidu.com/en/doc/BCC/s/7jwvynngs-intl-en)
* [Batch Stop Instances](https://intl.cloud.baidu.com/en/doc/BCC/s/Akyb07kw0-intl-en)
***
## Option 2: BCE CLI
The [Baidu Cloud Engine CLI (bcecli)](https://cloud.baidu.com/doc/CLI/s/Kjwvz23ms) handles authentication internally using your Access Key ID and Secret Access Key, so you don't need to compute the API signatures manually.
Install and configure:
```bash theme={null}
pip install bcecli
bce configure # Enter your AccessKeyId, SecretAccessKey, and default region
```
Stop and release the instance:
```bash theme={null}
# Stop the instance first (must be Stopped before release)
bce bcc stop-instance --instance-id i-XXXXXXXX
# Release (permanently terminate) the instance
bce bcc release-instance --instance-id i-XXXXXXXX
```
Replace `i-XXXXXXXX` with your BCC instance ID and `bj` with your region code in the CLI config. See the [BCE CLI BCC command reference](https://cloud.baidu.com/doc/CLI/s/Kjwvz23ms) for the full list of options.
The raw Baidu Cloud BCC REST API uses the [BCE Signature Algorithm (bce-auth-v1)](https://cloud.baidu.com/doc/Reference/s/njwvz1yfu), which requires HMAC-SHA256 signing that is not practical to do manually with curl. Use the BCE CLI or the [BCE Python SDK](https://github.com/baidubce/bce-sdk-python) (`pip install bce-python-sdk`) for scripted access.
***
## Post-termination cleanup
### Delete CDS data disks
Attached Cloud Disk Service volumes are not deleted when the instance is released. In the BCC console, navigate to **Cloud Disk Service → Disk List**, filter by Status = "Available", and delete the disks you no longer need.
### Delete snapshots
In the BCC console, navigate to **Cloud Disk Service → Snapshot List** and delete any snapshots created from this instance.
### Release Elastic IPs (EIP)
Elastic IPs that were associated with the instance are not released automatically. In the console, navigate to **Elastic IP → EIP List** and release any EIPs no longer in use.
***
## Rotate credentials
After releasing the instance, rotate everything the agent had access to. See the [post-termination checklist](/security/terminate-instance#post-termination-checklist) for the full list.
# Terminate on DigitalOcean
Source: https://docs.coral.inc/security/terminate-instance/digitalocean
How to permanently destroy a Droplet running OpenClaw on DigitalOcean
This guide covers destroying a DigitalOcean Droplet. Destroying a Droplet permanently removes the server and its disk. Backups and snapshots are not deleted automatically — you'll need to remove those separately.
Complete the [pre-termination checklist](/security/terminate-instance#pre-termination-checklist) before proceeding. Destroying a Droplet is irreversible.
***
## Option 1: DigitalOcean Control Panel
Sign in to the [DigitalOcean Control Panel](https://cloud.digitalocean.com/droplets) and click **Droplets** in the left sidebar.
Click the name of the Droplet running OpenClaw. Confirm the correct Droplet by checking its IP address against what appeared on the watchboard.
In the left sidebar of the Droplet detail page, scroll to **Destroy**.
Click **Destroy this Droplet**. Read the warning — this action cannot be undone. Type the Droplet name to confirm, then click **Destroy**.
**Official DigitalOcean documentation:** [How to Destroy a Droplet](https://docs.digitalocean.com/products/droplets/how-to/destroy/)
***
## Option 2: doctl CLI
If you have [doctl](https://docs.digitalocean.com/reference/doctl/how-to/install/) installed:
```bash theme={null}
# List Droplets to find the ID
doctl compute droplet list
# Destroy the Droplet (replace DROPLET_ID)
doctl compute droplet delete DROPLET_ID
```
You'll be prompted to confirm. To skip the prompt:
```bash theme={null}
doctl compute droplet delete DROPLET_ID --force
```
**Official doctl reference:** [doctl compute droplet delete](https://docs.digitalocean.com/reference/doctl/reference/compute/droplet/delete/)
***
## Option 3: DigitalOcean API
```bash theme={null}
curl -X DELETE \
-H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \
"https://api.digitalocean.com/v2/droplets/DROPLET_ID"
```
A successful request returns HTTP 204 with no body. See the [DigitalOcean API reference](https://docs.digitalocean.com/reference/api/api-reference/#operation/droplets_destroy) for details.
***
## Post-termination cleanup
### Delete backups and snapshots
DigitalOcean backups and snapshots are not deleted when the Droplet is destroyed. These continue to incur storage charges and contain your instance's data.
In the Control Panel, go to **Backups & Snapshots** under the Manage section, or use doctl:
```bash theme={null}
# List snapshots
doctl compute snapshot list
# Delete a snapshot
doctl compute snapshot delete SNAPSHOT_ID
# List backups (associated with Droplets)
doctl compute image list --type backup
# Delete a backup image
doctl compute image delete IMAGE_ID
```
### Release reserved IPs
If the Droplet had a reserved IP (formerly Floating IP) assigned, release it:
```bash theme={null}
# List reserved IPs
doctl compute reserved-ip list
# Release a reserved IP
doctl compute reserved-ip delete RESERVED_IP_ADDRESS
```
### Delete associated volumes
Block Storage volumes attached to the Droplet are not deleted automatically:
```bash theme={null}
# List volumes
doctl compute volume list
# Delete a volume
doctl compute volume delete VOLUME_ID
```
***
## Rotate credentials
After destruction, rotate everything the agent had access to. See the [post-termination checklist](/security/terminate-instance#post-termination-checklist) for the full list.
# Terminate on Google Cloud
Source: https://docs.coral.inc/security/terminate-instance/google-cloud
How to permanently delete a Compute Engine VM instance running OpenClaw on Google Cloud Platform
This guide covers deleting a Google Cloud Compute Engine VM instance. Deleting an instance permanently removes it. The boot disk is deleted by default if "Delete boot disk when instance is deleted" was checked (the default); additional persistent disks are not deleted automatically.
Complete the [pre-termination checklist](/security/terminate-instance#pre-termination-checklist) before proceeding. Deletion is irreversible.
***
## Option 1: Google Cloud Console
Sign in to the [Google Cloud Console](https://console.cloud.google.com/compute/instances) and navigate to **Compute Engine → VM instances**.
Check the box next to the VM instance running OpenClaw. Confirm the correct instance by checking its External IP against what appeared on the watchboard.
Click **Delete** in the top action bar, or click the three-dot menu next to the instance and choose **Delete**. Confirm in the dialog.
The instance moves to a deleting state and disappears from the list when deletion is complete.
**Official Google Cloud documentation:** [Delete a VM instance](https://cloud.google.com/compute/docs/instances/deleting-instance)
***
## Option 2: gcloud CLI
If you have the [Google Cloud CLI](https://cloud.google.com/sdk/docs/install) installed:
```bash theme={null}
# List instances to find your instance name and zone
gcloud compute instances list
# Delete the instance (replace INSTANCE_NAME and ZONE)
gcloud compute instances delete INSTANCE_NAME --zone=ZONE
```
You'll be prompted to confirm. To skip the prompt:
```bash theme={null}
gcloud compute instances delete INSTANCE_NAME --zone=ZONE --quiet
```
If you want to keep the boot disk (e.g., to preserve data before deletion), add `--keep-disks=boot`:
```bash theme={null}
gcloud compute instances delete INSTANCE_NAME --zone=ZONE --keep-disks=boot
```
***
## Post-termination cleanup
### Delete persistent disks
Any additional persistent disks attached to the instance are not deleted automatically. List and delete them:
```bash theme={null}
# List unattached disks
gcloud compute disks list --filter="users:( )"
# Delete a disk
gcloud compute disks delete DISK_NAME --zone=ZONE
```
### Delete snapshots
```bash theme={null}
# List snapshots
gcloud compute snapshots list
# Delete a snapshot
gcloud compute snapshots delete SNAPSHOT_NAME
```
### Release static external IP addresses
Static external IP addresses continue to incur charges if not released:
```bash theme={null}
# List static IPs
gcloud compute addresses list --filter="status:RESERVED"
# Release a static IP
gcloud compute addresses delete ADDRESS_NAME --region=REGION
```
### Remove firewall rules
If you created firewall rules specifically for this instance, remove them:
```bash theme={null}
# List firewall rules
gcloud compute firewall-rules list
# Delete a firewall rule
gcloud compute firewall-rules delete RULE_NAME
```
***
## Rotate credentials
After deletion, rotate everything the agent had access to. See the [post-termination checklist](/security/terminate-instance#post-termination-checklist) for the full list.
# Terminate on Hetzner
Source: https://docs.coral.inc/security/terminate-instance/hetzner
How to permanently delete a Hetzner Cloud server running OpenClaw
This guide covers deleting a Hetzner Cloud server. Deletion permanently removes the server and its primary disk. Volumes, snapshots, and backups are not deleted automatically.
Complete the [pre-termination checklist](/security/terminate-instance#pre-termination-checklist) before proceeding. Server deletion is irreversible.
***
## Option 1: Hetzner Cloud Console
Sign in to the [Hetzner Cloud Console](https://console.hetzner.cloud/) and select your project.
Navigate to **Servers** in the left sidebar.
Click the name of the server running OpenClaw. Confirm the correct server by checking its IP address against what appeared on the watchboard.
Click the **•••** (more options) menu in the top right of the server detail page and select **Delete**. Confirm the deletion in the dialog.
Alternatively, from the server list, click the **•••** menu on the server row and select **Delete**.
**Official Hetzner documentation:** [Hetzner Cloud Servers FAQ](https://docs.hetzner.com/cloud/servers/faq/)
***
## Option 2: hcloud CLI
If you have the [hcloud CLI](https://github.com/hetznercloud/cli) installed:
```bash theme={null}
# List servers to find the server ID or name
hcloud server list
# Delete a server by name or ID
hcloud server delete SERVER_NAME_OR_ID
```
You'll be prompted to confirm. Add `--force` to skip the prompt.
***
## Option 3: Hetzner Cloud API
```bash theme={null}
curl -X DELETE \
-H "Authorization: Bearer $HETZNER_API_TOKEN" \
"https://api.hetzner.cloud/v1/servers/SERVER_ID"
```
A successful response returns HTTP 200 with an action object. See the [Hetzner Cloud API reference](https://docs.hetzner.cloud/#servers-delete-a-server) for details.
***
## Post-termination cleanup
### Delete volumes
Volumes attached to the server are not deleted when the server is deleted. In the Cloud Console, navigate to **Volumes**, identify volumes that are no longer attached (Status = "Available"), and delete them.
Using the CLI:
```bash theme={null}
# List volumes
hcloud volume list
# Delete a volume
hcloud volume delete VOLUME_NAME_OR_ID
```
### Delete snapshots
Snapshots created from this server are not deleted automatically:
```bash theme={null}
# List snapshots (images with type=snapshot)
hcloud image list --type snapshot
# Delete a snapshot
hcloud image delete IMAGE_ID
```
### Delete backups
If automated backups were enabled for the server, they are deleted automatically when the server is deleted. If you need to verify:
```bash theme={null}
hcloud image list --type backup
```
### Release Floating IPs
Floating IPs are not deleted when a server is deleted. They continue to incur charges:
```bash theme={null}
# List floating IPs
hcloud floating-ip list
# Delete a floating IP
hcloud floating-ip delete FLOATING_IP_ID
```
### Remove the server from any Load Balancers or Networks
If the server was part of a Load Balancer or private network, remove it:
```bash theme={null}
# Detach from a private network
hcloud server detach-from-network SERVER_NAME --network NETWORK_NAME
# Remove from a load balancer
hcloud load-balancer remove-target LOAD_BALANCER_NAME --type server --server SERVER_NAME
```
***
## Rotate credentials
After deletion, rotate everything the agent had access to. See the [post-termination checklist](/security/terminate-instance#post-termination-checklist) for the full list.
# Terminate Your Instance
Source: https://docs.coral.inc/security/terminate-instance/index
Step-by-step instructions for shutting down an exposed OpenClaw instance on every major cloud provider
If your instance is exposed and you want to shut it down entirely, select your cloud provider below. Each guide covers the console steps, CLI command, and post-termination cleanup checklist.
Terminating an instance permanently deletes it and all data on it. If you want to keep the instance but secure it instead, see [Harden Your Self-Hosted Instance](/security/hardening-self-hosted).
## Pre-termination checklist
Before terminating, complete these steps to avoid leaving orphaned resources and leaked credentials:
* [ ] **Export any data you need** — session transcripts, configs, files. Termination is irreversible.
* [ ] **Note your attached storage** — Identify any block volumes, snapshots, or object storage buckets associated with the instance. You'll delete these separately after termination.
* [ ] **Identify connected accounts** — List every OAuth token or API key the agent had access to. You'll revoke and rotate these after termination.
***
## Select your cloud provider
Amazon Web Services
Compute Engine
Droplets
OCI Compute Instances
Cloud Virtual Machine (CVM)
Elastic Compute Service (ECS)
Baidu Cloud Compute (BCC)
Hetzner Cloud Servers
Kamatera Cloud Servers
***
## Post-termination checklist
After the instance is gone, complete these steps. Skipping them leaves credentials live that could still be used against your accounts.
### Rotate all secrets
For every credential the agent had access to:
| Credential type | How to rotate |
| ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------ |
| LLM API keys (OpenAI, Anthropic, Google) | Revoke in the provider's API keys dashboard and generate a new key |
| Gateway token | Already gone with the instance — no action needed |
| OAuth tokens (Gmail, Slack, GitHub, etc.) | Revoke in each service's "Connected Apps" or "Authorized OAuth Apps" settings |
| SSH keys | Remove the public key from `~/.ssh/authorized_keys` on any other servers it had access to. Generate a new keypair. |
### Delete associated storage
Cloud providers don't always delete attached block volumes when an instance is terminated. Check for and delete:
* **Block volumes / EBS volumes** — Unattached volumes continue to incur charges and retain your data
* **Snapshots** — Manual or automated snapshots of the instance disk
* **Object storage buckets** — S3, GCS, or equivalent buckets the instance had access to
### Review billing
Verify in your cloud provider's billing console that charges for the terminated instance have stopped. If you see unexpected charges, a volume or snapshot may still be running.
### Check for exfiltration
Review your cloud provider's network logs for unusual outbound traffic from the instance in the period before termination. If you see high outbound volume to unexpected destinations, treat connected accounts as compromised and rotate them.
# Terminate on Kamatera
Source: https://docs.coral.inc/security/terminate-instance/kamatera
How to permanently terminate a Kamatera cloud server running OpenClaw
This guide covers terminating a Kamatera cloud server. Termination permanently removes the server and stops billing.
Complete the [pre-termination checklist](/security/terminate-instance#pre-termination-checklist) before proceeding. Server termination is irreversible.
***
## Kamatera Console
Sign in to your [Kamatera account](https://console.kamatera.com/) and navigate to **My Cloud**.
Click **Servers** in the left navigation panel. This lists all servers in your account.
Find the server running OpenClaw. Confirm the correct server by checking its IP address against what appeared on the watchboard.
Click the server to open its details, then click **Terminate** (or click the action menu on the server row and choose **Terminate**). Confirm the action in the dialog.
Kamatera sends a confirmation email when the server is successfully terminated.
**Official Kamatera documentation:** [How do I terminate a server?](https://www.kamatera.com/faq/answer/terminate-server/)
***
## Option 2: Kamatera REST API
Kamatera does not provide a dedicated CLI tool. For scripted or automated termination, use the [Kamatera REST API](https://developers.kamatera.com/).
Authenticate with your Kamatera API client ID and secret (available from the Kamatera console under **API Keys**), then send a DELETE request to the server endpoint. Refer to the [Kamatera API reference](https://developers.kamatera.com/) for the exact endpoint path and request format for your server type.
***
## Post-termination cleanup
### Verify billing has stopped
Check the **Billing** section of the Kamatera console to confirm charges for the terminated server have stopped. Kamatera bills by the hour, so charges should stop within an hour of termination.
### Remove associated public IPs
If the server had a dedicated public IP that was billed separately, release it from the **IP Management** section of your account to stop associated charges.
### Delete stored disk images
If you created any server images (backups or snapshots) from this server before termination, navigate to **My Cloud → Images** and delete any images you no longer need.
***
## Rotate credentials
After termination, rotate everything the agent had access to. See the [post-termination checklist](/security/terminate-instance#post-termination-checklist) for the full list.
# Terminate on Oracle Cloud
Source: https://docs.coral.inc/security/terminate-instance/oracle-cloud
How to permanently terminate a Compute instance running OpenClaw on Oracle Cloud Infrastructure (OCI)
This guide covers terminating an Oracle Cloud Infrastructure (OCI) Compute instance. Termination permanently removes the instance. By default, the boot volume is preserved after termination — you must explicitly choose to delete it, or delete it separately.
Complete the [pre-termination checklist](/security/terminate-instance#pre-termination-checklist) before proceeding. Termination is irreversible.
***
## Option 1: OCI Console
Sign in to the [OCI Console](https://cloud.oracle.com/compute/instances) and navigate to **Compute → Instances**.
Use the **Compartment** dropdown in the left panel to select the compartment where your instance lives. The instance list is per-compartment.
Click the name of the instance running OpenClaw. Confirm the correct instance by checking its public IP address in the instance details.
Click **More Actions → Terminate**. In the dialog, check **Permanently delete the attached boot volume** to also remove the boot disk. Click **Terminate instance**.
**Official OCI documentation:** [Terminating an Instance](https://docs.oracle.com/en-us/iaas/Content/Compute/Tasks/terminatinginstance.htm)
***
## Option 2: OCI CLI
If you have the [OCI CLI](https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm) installed:
```bash theme={null}
# Find your instance OCID
oci compute instance list \
--compartment-id \
--query "data[*].{id:id, name:\"display-name\", ip:\"primary-private-ip\"}" \
--output table
# Terminate the instance (preserves boot volume by default)
oci compute instance terminate --instance-id
# Terminate and also delete the boot volume
oci compute instance terminate \
--instance-id \
--preserve-boot-volume false
```
You'll be prompted to confirm. Add `--force` to skip the prompt.
**Official OCI CLI reference:** [oci compute instance terminate](https://docs.oracle.com/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/compute/instance/terminate.html)
***
## Post-termination cleanup
### Delete the boot volume
If you did not check "Permanently delete the attached boot volume" during termination, the boot volume still exists and incurs charges.
In the console: **Storage → Block Storage → Boot Volumes**. Select the volume and click **Terminate**.
Using the CLI:
```bash theme={null}
# List boot volumes in a compartment
oci bv boot-volume list \
--compartment-id \
--availability-domain
# Delete a boot volume
oci bv boot-volume delete --boot-volume-id
```
### Delete block volumes
Additional block volumes attached to the instance are not deleted when the instance terminates:
```bash theme={null}
# List block volumes
oci bv volume list --compartment-id
# Delete a block volume
oci bv volume delete --volume-id
```
### Delete backups
```bash theme={null}
# List boot volume backups
oci bv boot-volume-backup list --compartment-id
# Delete a backup
oci bv boot-volume-backup delete --boot-volume-backup-id
```
### Release public IPs
Reserved public IPs continue to incur charges:
```bash theme={null}
# List public IPs (regional scope)
oci network public-ip list \
--compartment-id \
--scope REGION
# Delete a reserved public IP
oci network public-ip delete --public-ip-id
```
***
## Rotate credentials
After termination, rotate everything the agent had access to. See the [post-termination checklist](/security/terminate-instance#post-termination-checklist) for the full list.
# Terminate on Tencent Cloud
Source: https://docs.coral.inc/security/terminate-instance/tencent-cloud
How to permanently terminate a CVM instance running OpenClaw on Tencent Cloud
This guide covers terminating a Tencent Cloud Virtual Machine (CVM) instance. Tencent Cloud has two billing modes that affect how termination works:
* **Pay-as-you-go instances** are terminated and released immediately.
* **Prepaid (subscription) instances** are moved to the recycle bin first. They are held for 7 days by default, then permanently deleted. You can manually purge them from the recycle bin to release resources immediately.
Complete the [pre-termination checklist](/security/terminate-instance#pre-termination-checklist) before proceeding. Termination is irreversible once the instance leaves the recycle bin.
***
## Option 1: Tencent Cloud Console
Sign in to the [Tencent Cloud CVM Console](https://console.cloud.tencent.com/cvm/instance) and navigate to **Cloud Virtual Machine → Instances**.
Use the region dropdown at the top of the page to select the region where your instance is running.
Check the box next to the CVM instance running OpenClaw. Confirm the correct instance by checking its public IP address against what appeared on the watchboard.
Click **More → Instance Status → Terminate/Return**. Review the warning dialog and confirm.
* **Pay-as-you-go**: The instance moves to Terminated state immediately.
* **Prepaid**: The instance moves to the Recycle Bin. To permanently delete it, go to **Recycle Bin**, select it, and click **Purge**.
**Official Tencent Cloud documentation:** [Terminating/Returning Instances](https://www.tencentcloud.com/document/product/213/4930)
***
## Option 2: Tencent Cloud CLI (TCCLI)
If you have [TCCLI](https://www.tencentcloud.com/document/product/1013/33463) installed:
```bash theme={null}
# List instances to find the instance ID
tccli cvm DescribeInstances --region ap-REGION
# Terminate an instance (pay-as-you-go)
tccli cvm TerminateInstances \
--region ap-REGION \
--InstanceIds '["ins-XXXXXXXXX"]'
```
For prepaid instances, termination moves them to the recycle bin. Use `ReturnNormalInstances` to initiate return of a prepaid instance:
```bash theme={null}
tccli cvm ReturnNormalInstances \
--region ap-REGION \
--InstanceId ins-XXXXXXXXX
```
**Official Tencent Cloud API reference:** [TerminateInstances](https://www.tencentcloud.com/document/product/213/15723)
***
## Post-termination cleanup
### Purge from recycle bin (prepaid instances)
Prepaid instances moved to the Recycle Bin still hold resources. In the console, go to **Recycle Bin → Cloud Virtual Machines**, select the instance, and click **Purge**.
### Release Elastic IPs (EIPs)
Elastic IPs continue to incur charges when unassociated after instance termination. In the console, navigate to **Virtual Private Cloud → IP and ENI → Elastic IPs**, select the EIP, and click **Release**.
### Delete CBS (Cloud Block Storage) data disks
Data disks attached to the instance are not deleted automatically on termination (the system disk is deleted). In the console, navigate to **Cloud Block Storage**, filter by Status = "Available" to find unattached disks, and delete them.
### Delete custom images and snapshots
If you created any images or snapshots from this instance, navigate to **Images** or **Snapshots** in the CVM console and delete them.
***
## Rotate credentials
After termination, rotate everything the agent had access to. See the [post-termination checklist](/security/terminate-instance#post-termination-checklist) for the full list.