For video walkthrough of this guide you can watch out co-founders Ozgur's video here:
Disclaimer: Everything listed below is for authorized penetration testing. We log activity, we try to establish a good-manners trust with our customers and all of our partners. We believe offensive AI is a requirement to achieve a safety AGI. We aim to achieve it with KYC and authorization based systems rather than creating lying LLMs when objectionable requests come to them even in legitimate cases. That's why we built penclaw.ai and audn.ai
Penclaw.ai comes with listed features:
+ Openclaude (a version of Claude Code as a reference) with unlimited AI LLM token usage ( we placed Pingu Unchained 4 LLM on it )
+ A secure isolated 7/24 running personal remote desktop on cloud
+ Visual Remote desktop connection and computer use skill via Claude Opus 4.6 Vision
+ Openclaw instance always synced with original repo. We support all openclaw commands except stop/start commands which will break functionality.
+ Files and vibecoding on cloud through meta-claw button at /files
+ Resetting identity of openclaw so you can reconfigure it based on your needs rather than using it for pentesting
+ Self-improving agent injects learned skills and improves with more conversations because platform is distilled for penetration testing we hold the moat and edge of best AI for penetration testing. Only AI weights are shared between users and trained on Tinker by Thinking Machines.
The best way to get started is of course starting a subscription. You need an active subscription to be able to access your instance. If you fail to upgrade end of the trial period your instance will be inaccessible.
all data is isolated and never goes to a 3rd party AI company everything stays under audn.ai https://audn.ai/privacy and https://audn.ai/terms
(except computer use via claude 4.6 but we opted out for training there too )
After you start your 1-day free trial through Stripe your instance starts to get prepared with a preset that is perfect for cybersecurity and therefore most secure. Usually maximum under 2 minutes you should be able to access to the screen below:
We highly recommend enabling metaclaw. We are always testing it with metaclaw enabled so if you disable it you are taking a risk. Metaclaw skills engine learns from the conversations and learns patterns and evolve itself to you rather than you starting with clean slate. It learns what you meant easier and build a personalized learning system.
You access to launched openclaw with "Open Control UI" button.
This is not a guide for openclaw. For a guide for openclaw head to https://docs.openclaw.ai
======DASHBOARD TABS EXPLAINED=====
On top you find these tab buttons:
Dashboard ( what you see above is dashboard)
Files ( This is a personalized disk space that's completely belong to you and isolated for you)
Console ( you have your own cloud desktop console screen allows you to access to a nice terminal which allows you to run "openclaude" and "openclaw" commands there. )
Desktop GUI ( Graphical User Interface for your cloud desktop you can see the desktop, AI doesn't necessarily run things there but if you be direct "use computer use skill to open Linkedin.com and press sign in button" it does it through Claude 4.6 vision. It's currently on preview period. It's working well but complex work might not be as good as you might think or expect, you can add your own Claude API key to swap engine LLM from pingu-unchained-4 to your own Claude 4.6 instance, that's allowed if you would like to max your computer use performance)
Marketplace offers pre-built in tools for you to install to your openclaude (open claude code) and openclaw instance on cloud.
Access to your personal openclaw instance:
"Open Control UI" allows you to open your openclaw control UI on a new tab. You should press allow to connection request and you are ready to use your openclaw instance. Openclaw instance you get there is constantly synced and forked from latest Openclaw github repo available online, we might prefer to delay some updates, with "sudo" mode you can enable under "Files" tab you can try to update it via openclaw dashboard. (although this is not tested, this will be a risk you take)
=============FILES TAB EXPLAINED====================
The most important command and control center of penclaw.ai is "Files" tab think of it like an online IDE for everything. It has certain features such as:
On the left you see files from your workspace, let me go over the sample files from a real user.
The most important file generated later if you install something from marketplace we recommend you to install Audn Search tools available on the Marketplace "featured" section it will generate a dockerfile like below:
Rebuild Sandbox is the most important power on and off button you have for everything. Something is not working "Rebuild Sandbox" will resolve. If it doesn't you can get AI help by using red "Meta-Claw" button on top right.
They are intentionally made "RED" you can use metaclaw chat to describe the problem copy and paste the log text shown on your log section which is available in various places:
Logs button expand the logs for each section and you can see the status of components on your system. Docker means your cloud VM, Terminal means your isolated terminal instance when you go to /console and Desktop means Desktop GUI you have there, Instance is your openclaw instance logs. There are two ways to figure out issues and solve them on penclaw.ai
1. You use Meta-Claw button and explain any issues with openclaw configuration you have and the agent troubleshoot and fix your files for you. "Meta-Claw button" opens a meta-claw agent on the right hand side and you can copy and paste logs to it to get help from it to resolve issues.
This particular yellow lines might be disturbing I know but it's actually fine it's complaining about other instances and constantly they are trying to announce their computer name to the network so you can omit this issue.
When we actually ask about this it gives us this guidance:
So it's an unnecessary thing to solve it will have no affect to the functionality of your instance. If you see another error other than "bonjour" it signals something is wrong though you can either reach out to us or solve it via "Meta-Claw" like this.
What else you can do with meta-claw here:
1. Change configuration of Dockerfile.sandbox and OpenClaw configurations or fix if a certain file in the /files directory is wrong.
2. Ask it to create/edit files and skills to change the configuration.
3. It currently has no limits on which files it has access to because we trust it, if you ask it to do obviously breaking things it will break your instance. The only way to solve the issues then is using
"openclaw doctor --fix" command on /console and "History" button on /files where you can restore an older Dockerfile instance.
We advise you to not do any "DESTRUCTIVE" action. "ADDITIVE" actions are always welcome. Don't delete anything or you might break a functionality.
(metaclaw) folder is for self-evolving config
(tmp) is used for desktop, openclaw,terminal connections
(x11-unix) is used for desktop connection to claude 4.6 vision
(audn-webtools-mcp) allows your instance to do cloaked browsing and undetected read operations that goes through premium residential proxies.
(gateway.log) is full logs from openclaw gateway always useful to do copy paste from there to resolve issues.
Another very important buttons and configurations is up there in /files
Model picker ( Pingu Unchained 4 is our most reliable 131K context window model running on Ollama server )
Pingu-unchained-3-mcp ( nothing specific about it anymore we advise you to stick to pingu unchained 4)
Pingu-Unchained-27B (is our experimental model with similar context window)
These models are auto-configured on your openclaw instance when you change them here. So changing them restarts your openclaw instance.
Checklist items [sudo] and [Auto-Operate]
[sudo] enables openclaw to run in privileged mode. It can install packages and edit it's own content. In sudo mode commands are executed almost in host we only recommend it to leave open if you want to install packages and have error doing something that requires more privileges.
[auto-operate] enables Openclaw to ask less confirmation and run more autonomously. This is still experimental. Think of "Kairos mode" for claude code this is "Kairos mode" for openclaw.
Reset Identity: Reinstantiates the "Bootstrap.md" file in openclaw so it asks about who am I who are you and requires reconfiguring the identity of your openclaw. It no longer has pentesting identity configured so we recommend running "openclaw onboard" on console tab to configure it properly and patching the rest of the identity via "meta-claw" button on /files.
Next to Meta-Claw button you see your name and log out buttons.
============DASHBOARD ITEMS EXPLAINED========
DASHBOARD buttons:
"Start instance" : Only controls your Openclaw instance has no effect on Docker, terminal and desktop. The only way to power on and off them is through "Rebuild Sandbox" button under "Files" /files tab.
"Stop Instance" : Stops your openclaw gateway process.
"Skills & MCP Marketplace" : You one click install MCPs and skills there to your openclaw instance.
"Manage Billing": Update your subscription or cancel your subscription there. ( Please tell us detailed on why you cancel, as it's super important for us to get feedback)
On bottom left you will see smiling face that's our "HUMAN" help desk. We respond very quickly and we are team of 5 so any of us would be able to help you.
Metaclaw skills engine is different from "Meta-Claw" button on Files. This was complete coincidence we didn't have time to change the name of our button on Files but basically. Meta-Claw button where you lead the skills injection and tell agent how to behave. Metaclaw Skills engine here do it autonomously from chats and experiences.
We recommend leaving this on and on "Skills Only (no GPU)" the rest is experimental and might affect the performance of your openclaw instance.
Gateway auth token is specifically unique for you don't lose it don't share it, every action made through this token is logged under your email so you are responsible for keeping it safe.
Gateway auth token is used for access to openclaw instance through control UI through console openclaw commands, openclaw TUI, openclaw Control UI, penclaw.ai API.
Press show curl example to see how to create a new chat via penclaw.ai API to talk to your openclaw agent via API.
We use it actively to automate our X account audn_ai http://x.com/audn_ai
Instance logs show your openclaw instance logs.
Channel configuration below is not used so I don't recommend you to configure them from here. Using "openclaw onboard" command is more safe on "Console" tab.
=================CONSOLE OPENCLAW AND OPENCLAUDE COMMANDS EXPLAINED ====== ( Aka 3rd party CLAUDE CODE )
This is where you have access to your terminal, it supports openclaw tui, openclaw commands, openclaude ( 3rd party claude code configured with unlimited AI ) configured.
Openclaude button basically writes openclaude and opens this screen
Openclaw help button similarly allows you to run openclaw commands such as openclaw onboard. I don't recommend stopping starting daemon commands through here but openclaw onboard has been tried and it worked here.
Openclaw tui was also tested it also worked.
Openclaude's known limitations:
It runs on sandbox so it doesn't have access to installing packages
You can enable "sudo" on /files and ask "Meta-Claw" agent to install specific package.
I.e I installed "gh" package via this way and it became available for openclaude to use it.
We are currently working on enabling "sudo" mode for openclaude which may have been enabled check if you can do "sudo su" on /terminal which means your openclaude instance can run elevated commands to resolve issues.
We prefer you to not use "sudo" at all times this is not safe for you (tenant) and us to keep open all the time. Whenever you don't need to disable it.
"sudo su" command on /console allows you to update packages upgrade them or install packages.
=======SUDO MODE EXPLAINED======
SUDO mode when enabled:
disables computer use or makes it harder to use your AI probably can't resolve where the desktop is when you are running on sudo
DESKTOP GUI stops working with sudo mode
sudo mode should only used in these circumstances:
You need to install a package
You are rejected with a permission error
Your openclaw, openclaude, or metaclaw cli instance gets permission errors
============DESKTOP GUI AND COMPUTER USE EXPLAINED==
Desktop GUI allows you and your openclaw instance to operate on the same computer with 4 eyes. ( 2 from your eyes and 2 from AI's eyes through claude 4.6 vision )
We use a proxy and rate limiting on claude 4.6 vision but it's with no free charge during preview period.
Try asking openclaw instance like this " use computer use tool and skill to head to Linkedin.com in the open browser" .
A cloaked browser auto-opens automatically we tried to prevent AI hallucinating unseen browsers which makes it really hard to use computer use that way. So even if you close browse it auto opens on "about:blank"
We tested this to apply to jobs on Linkedin and completely working on various different job pages. It operates end to end crawling through sites to apply to jobs listed on different websites.
===========DESKTOP GUI might be flaky====
If you have any issues please let us know by clicking smiling blue icon on bottom left and explain with screenshots and more info so we can resolve your issues.
=========MARKETPLACE EXPLAINED===========
Marketplace is the most important component we think exist in penclaw.ai we listed some really useful tools for you to add skills and functionalities and further personalize your instance through UI rather than getting lost or installing stuff that you don't know if will work.
All items that are listed are listed in these categories:
MCP server manager is required if you are going to install MCPs therefore it might come auto installed if you install MCPs that are listed. Don't remove or uninstall it because it might be required for the packages you installed.
Featured Section:
Featured section lists what we think as on the edge operating your penclaw instance.
Audn Sec QA: Allows you to do behavioural security testing on text and voice Agents. (Also gives an external UI for the operations https://audn.ai )
Computer use gives you access to use the desktop GUI ( sudo must be disabled in order for this to work)
HackingTool gives you access to 185+ tools and easy to use GUI on the terminal.
The github icon on top right of each marketplace item gives you access to the original github repo they are hosted or sourced from.
HOPX Sandbox allows you to spin off a computer on cloud with network and sudo access so you can try out network tools and stuff on there. It also gives an External UI.
Supermemory gives an external UI for the memories stored by your openclaw instance but you must be specifically ask agent to remember this remember that and they also give an extra UI for you to investigate it.
Authorize & connect means that the service requires you to login. For Audn it auto-logins for Supermemory and Github you need to login explicitly to your account.
You might notice some items are listed with 1-Day Free Trial. This means that this marketplace item requires deployment and deploy button brings you to https://pingu.audn.ai/mcp and you need a "SEPARATE" subscription there to deploy specific MCP to the account of your choice. Either you can install to your "Render" account or "Vercel" account. We recommend "Render" more because most MCPs in this space requires comprehensive network access and "Render" offers it better through Docker deployments.
When you try to deploy you have two options either you head to the github URL use your own skills to deploy it to publicly accessible URL and enter the deployment URL. (which would be free option)
second option is you press Deploy Via Audn.AI and you go to https://pingu.audn.ai start a 1-day free trial on $8 per month subscription (separate from penclaw.ai subscription) and deploy that with one click to render account you give via API key and it gives you deployment URL which you can use on this screen. You can read about this process separately here: https://docs.audn.ai/en/articles/13791570-get-any-mcp-from-github-to-connect-to-your-ai
You can deploy any MCP or tool you find on Github with this way to Render or Vercel. We recommend Render because of more capabilities and tested there more.
This subscription offers you access to "Chatbot" like experience with similar MCP installation and deployment options.
There are also default skills from Openclaw tagged as "Free" these ones require further config inside Openclaw in Openclaw in skills section you can see if skill is configured correctly if not you can always chat in sudo mode to provide related API keys and configurations so it store it securely.
To all anons and users:
Some skills may ask API keys, they are securely stored just in your instance. We actively monitor security of penclaw.ai we take legal precautions against harmful use. We are a startup, we don't have unlimited resources, we are exactly like our customers, we act with integrity, always aim for win-win, we appreciate any help and in the meantime we help back.
Any silly behaviour with short term thinking would terminate this beautiful experiment.
We believe "active defense" is a necessity we need to actively defense our systems. Therefore we built attack simulation toolkit here, to make things more safe and better not to violate rights.
We believe humanity should be able to keep up with the growing potential security risks of AI. We are trying to build proactive defense against growing risks and bad actors.
We believe launching open weight llms were actually a "genie out of the bottle" moment.
There is no going back, we will only be safe if we can simulate real attacks on scale and tame our AI to be our security pet rather than unlawful use.
World needs more "good" people be one of them.
On your openclaw instance installed skills are listed like this if it's ready it means that asking your instance for skills will allow openclaw to run them.
For you to do setup they built "Needs Setup" those require "sudo" mode enabled on "/files" and few chats with openclaw to install required packages.
====TROUBLESHOOTING GUIDE=======
1. Please check if you installed any MCP such as MCP Server manager or audn search ( It 100% enables Dockerfile.sandbox file )
2. On Dockerfile.sandbox file accessible from /files click on it and you will see "Rebuild Sandbox" button. This is your troubleshooting button use it often it will be in good state. If you do that and if your instance takes more than 30 minutes:
Reclick that 30 minutes later. It means a long running docker operation hanged.
Or try reaching out to us on bottom left human support button.
3. After you install things and reconfigure you might need to stop your openclawinstance and start again from /dashboard . For a complete power on off you should use "Rebuild Sandbox" on /files.
4. Use Meta-Claw on Files /files endpoint, Meta-Claw resolves your issues more quickly ask it to install packages etc rather than using openclaw. The reason is whatever Meta-Claw does is permanent.
5. Reach out to us from blue smiling icon bottom left or send email to us at [email protected]
========= What else? ===========
Things that are done and tried with penclaw.ai:
1. Complete Pentesting of a YC S25 startup in a day ( web, auth, backend LLM, voice AI, behavioural testing) , done via openclaude on /console operating openclaw instance for multi subagent kickoff and orchestration. Using openclaude for orchestration will be more and more better in time. We will launch openclaw as installable MCP inside cloud openclaude on /console and enable Kairos mode!
2. Auto linkedin Applier ( using computer use we ran linkedin job applier bot )
3. An AI responder and X account manager on X ( https://x.com/audn_ai ) similar to Grok, this bot responds whenever someone tags it and asks questions about cybersecurity, has user specific personal memory and similarly comments threads and sometimes tweets about latest openclaw vulnerabilities.
4. Reddit comment bot, reddit didn't allow a similar thing but we built that anyway. It posts, comments, works exactly same with X bot.
5.Your imagination? You can obviously do so many things with this. Email us or write here on blue smiling button on bottom left and we will respond and list your case here!