Getting Started

Your PrivateClaw instance is a Confidential VM — a machine whose memory is hardware-encrypted by the CPU itself. Not even the cloud provider can read what's running inside. This guide walks you through verifying that, testing your setup, and connecting a messaging provider.

1. Verify Your TEE

The first thing to do after SSH-ing into your CVM is verify that it's actually running in a Trusted Execution Environment:

privateclaw verify

This runs four checks:

• CVM Attestation — Confirms your VM is running on AMD SEV-SNP hardware with Secure Boot enabled. SEV-SNP encrypts your VM's memory with a key that only the CPU holds — the hypervisor, host OS, and cloud operator are locked out.
• Inference Provider — Verifies that OpenClaw is configured to send prompts through Lunal's private inference endpoint, which also runs in a TEE. Your prompts are encrypted in transit and during processing.
• SSH Host Key Binding — Checks that your VM's SSH host key is cryptographically bound to the TEE via a TPM quote. This proves the machine you're talking to is the same one the TEE attestation covers — no MITM.
• External Access Lockout — Confirms only your SSH key is authorized and the firewall blocks lateral network access. No one else can get in.

You can run privateclaw verify at any time — after updates, after reboots, whenever you want reassurance. The checks are read-only and instant.

Why this matters

Most cloud VMs trust the cloud provider implicitly. The hypervisor can read your memory, the host OS can inspect your disk, and operators can access your data through management tools. Confidential computing changes that. With AMD SEV-SNP, the CPU encrypts your VM's memory with keys that the hypervisor never sees. privateclaw verify lets you independently confirm these guarantees are active — you don't have to take anyone's word for it.

2. Test Your Setup

Once you've verified the TEE, check that OpenClaw is working:

openclaw tui

This launches the terminal UI. Try sending a message to confirm inference is working end-to-end through the private pipeline. Press q to quit.

3. Connect a Messaging Provider

This is the most important step. OpenClaw is designed to work through messaging apps like WhatsApp and Signal — so you can use your AI assistant without being SSH'd into the CVM.

openclaw configure --section channels

This walks you through connecting one or more messaging providers. Once connected, you can chat with your OpenClaw instance from your phone or desktop — all messages route through the CVM and private inference pipeline, so the same privacy guarantees apply.

What's Next

• Explore OpenClaw's features: OpenClaw documentation
• Run privateclaw verify anytime to re-check your TEE
• Questions? Help & troubleshooting