New to OpenClaw? Get the CAIO Blueprint href="/blueprint">See your Chief AI Officer in action →rarr;
Guide

How to Uninstall OpenClaw Completely (2026)

Just deleting the folder is not enough. API keys stay valid, messaging bots stay connected, and memory files with your personal data remain on disk. Here is how to actually remove everything.

February 11, 2026 · 10 min read · By Espen

Deleting the OpenClaw directory does not fully uninstall OpenClaw. As of February 2026, OpenClaw has no built-in uninstall command. If you simply remove the folder, your API keys remain valid (and chargeable), your messaging platform connections stay active (bots still appear online in WhatsApp, Telegram, and Discord), memory files containing conversation history and personal data persist on your filesystem, and background processes may continue running. Ox Security documented these issues in their "You Can't Just Delete OpenClaw" report, finding that most users who thought they had uninstalled OpenClaw still had active credentials and connections lingering on their systems (Source: Ox Security, January 2026).

This guide walks you through the complete uninstall process -- every file, every connection, every background process -- so nothing is left behind.

Do this in order. Disconnect messaging channels and revoke API keys before deleting files. Once the config files are gone, you lose the information you need to find and disconnect everything.

Why Deletion Isn't Enough

When you run rm -rf ~/.openclaw and call it done, here is what you have left behind:

LeftoverRiskLocation
Active API keysKeys remain valid at OpenAI, Anthropic, Google. Can be used by anyone who copied them.Provider dashboards
Messaging connectionsWhatsApp, Telegram, Discord bots remain online. Messages sent to the bot queue indefinitely.Platform servers
systemd/pm2 serviceBackground process tries to restart OpenClaw, fails silently, fills logs./etc/systemd/system/ or pm2 config
Cron jobsScheduled tasks attempt to run OpenClaw commands.crontab -l
Docker containers/imagesContainer may still be running. Image consumes disk space.Docker daemon
npm global packageCLI command remains in PATH.npm list -g
PATH entryShell profile still references OpenClaw binary.~/.bashrc, ~/.zshrc
Browser sessionsGateway web UI session cookies remain.Browser storage

The Ox Security report found that 73% of users who "uninstalled" OpenClaw still had at least one active messaging connection, and 89% had not revoked their API keys (Source: Ox Security, "You Can't Just Delete OpenClaw," January 2026). The API keys alone are a significant risk -- if they were exposed during the CVE-2026-25253 vulnerability window, an attacker could still use them to run up charges on your account.

What OpenClaw Leaves Behind

Before you start uninstalling, understand what OpenClaw created on your system. The exact footprint depends on how you installed it (one-liner, npm, or Docker), but here is the complete inventory.

The ~/.openclaw/ directory

This is the primary data directory. It contains:

Privacy note The memory files are the most sensitive data OpenClaw stores. They may contain personal information, conversation snippets, and data you would not want exposed. Make sure these are securely deleted, not just removed.

The config.yaml file in detail

This is worth examining before deletion, because it tells you exactly what you need to revoke and disconnect. A typical config.yaml contains:

# Example ~/.openclaw/config.yaml contents
ai:
  provider: anthropic
  api_key: "sk-ant-api03-XXXXXXXXXXXX"  # Cleartext API key
  model: claude-sonnet-4-5

channels:
  whatsapp:
    enabled: true
    phone_id: "1234567890"
    token: "EAAxxxxxxx"       # WhatsApp Business API token
  telegram:
    enabled: true
    bot_token: "7123456789:AAFxxxxxxxxx"  # Telegram bot token
  discord:
    enabled: true
    bot_token: "MTIxxxxxxx"   # Discord bot token

gateway:
  host: "0.0.0.0"
  port: 3456
  auth_token: "your-gateway-token"

webhooks:
  - url: "https://hooks.slack.com/services/T00/B00/xxx"
  - url: "https://your-domain.com/webhook"

Every token and key listed in this file is something you need to revoke or disconnect. Read your config.yaml carefully before proceeding.

Step 1: Disconnect Messaging Channels

This is the most important step. Do it first, while you still have access to your config.yaml to identify which platforms are connected.

WhatsApp

  1. Go to the Meta Business Settings dashboard
  2. Navigate to WhatsApp Accounts → your account → Settings
  3. Under Registered Phones, remove the phone number associated with OpenClaw
  4. Delete the WhatsApp Business API app if it was created solely for OpenClaw

Telegram

  1. Open Telegram and message @BotFather
  2. Send /deletebot
  3. Select the bot you created for OpenClaw
  4. Confirm deletion. This permanently removes the bot and invalidates its token.

Discord

  1. Go to the Discord Developer Portal
  2. Select the application you created for OpenClaw
  3. Click Delete App at the bottom of the General Information page
  4. Confirm deletion. This removes the bot from all servers and invalidates its token.

Other platforms

Check your config.yaml for any other connected channels (Slack, Signal, Email, Matrix, Teams, etc.) and disconnect them through each platform's settings. The key principle: revoking the token on the platform side ensures the connection is dead even if some local configuration survives.

For details on how each channel's connection works, see our OpenClaw WhatsApp & Telegram Setup guide (the disconnection steps are the reverse of setup).

Step 2: Revoke API Keys

Every API key in your config.yaml needs to be revoked from the provider's dashboard. Do not skip this step -- a valid API key can be used to make calls (and incur charges) even after OpenClaw is deleted.

Anthropic (Claude)

  1. Go to console.anthropic.com/settings/keys
  2. Find the API key used by OpenClaw (check the key prefix against your config.yaml)
  3. Click Revoke

OpenAI (GPT)

  1. Go to platform.openai.com/api-keys
  2. Find and delete the key used by OpenClaw

Google (Gemini)

  1. Go to aistudio.google.com/apikey
  2. Find and revoke the key used by OpenClaw

Other providers

If you configured xAI (Grok), Cohere, Mistral, or any other provider, visit their respective dashboards and revoke those keys as well. Check your config.yaml for any keys you may have forgotten about.

Do not skip this step. If your OpenClaw instance was exposed during the CVE-2026-25253 vulnerability window, your API keys may have been copied by an attacker. Revoking them is the only way to ensure they cannot be used.

Step 3: Stop Running Processes

OpenClaw may be running as a background process in several ways. Check all of them.

Direct process

# Find any running OpenClaw processes
ps aux | grep openclaw

# Kill them
pkill -f openclaw

systemd service (Linux)

The one-liner installer often creates a systemd service:

# Stop the service
sudo systemctl stop openclaw

# Disable it from starting on boot
sudo systemctl disable openclaw

# Remove the service file
sudo rm /etc/systemd/system/openclaw.service

# Reload systemd
sudo systemctl daemon-reload

pm2 (Node.js process manager)

# Check if OpenClaw is managed by pm2
pm2 list

# If listed, stop and delete it
pm2 stop openclaw
pm2 delete openclaw

# Save the pm2 config to persist the removal
pm2 save

Docker

# Stop and remove the container
docker stop openclaw
docker rm openclaw

# Remove the image
docker rmi openclaw/openclaw

# Remove associated volumes
docker volume rm openclaw-data

# List all volumes to check for any others
docker volume ls | grep openclaw

Step 4: Remove Files

Now that connections are severed and processes are stopped, delete the files. Use secure deletion to prevent recovery of sensitive data.

macOS

# Securely delete the OpenClaw directory
rm -rf ~/.openclaw

# If you want to overwrite sensitive files first (optional, for SSDs this is less effective)
find ~/.openclaw -name "config.yaml" -exec shred -vfz -n 3 {} \;
find ~/.openclaw -name "*.json" -path "*/memory/*" -exec shred -vfz -n 3 {} \;
rm -rf ~/.openclaw

Linux

# Securely overwrite sensitive files before deletion
shred -vfz -n 3 ~/.openclaw/config.yaml
find ~/.openclaw/memory -type f -exec shred -vfz -n 3 {} \;

# Remove the directory
rm -rf ~/.openclaw

Remove PATH entries

The one-liner installer may have added OpenClaw to your shell PATH. Check and clean these files:

# Check for OpenClaw references in shell profiles
grep -r "openclaw" ~/.bashrc ~/.zshrc ~/.bash_profile ~/.profile 2>/dev/null

# Edit the relevant file and remove any OpenClaw-related lines
# Example: remove a line like export PATH="$HOME/.openclaw/bin:$PATH"

Step 5: Clean Up Docker and npm

If you installed OpenClaw via npm or Docker, additional cleanup is needed.

npm global uninstall

# Remove the global npm package
npm uninstall -g @openclaw/cli

# Verify it is gone
which openclaw
# Should return nothing or "openclaw not found"

Docker deep clean

# Remove all OpenClaw-related images (including cached layers)
docker images | grep openclaw | awk '{print $3}' | xargs docker rmi -f

# Remove any orphaned volumes
docker volume prune

# Check for docker-compose files
find ~ -name "docker-compose*" -exec grep -l "openclaw" {} \; 2>/dev/null

Remove cron jobs

# List current cron jobs
crontab -l

# If any reference OpenClaw, edit and remove them
crontab -e

Clear browser sessions

If you used the OpenClaw gateway web UI, clear the browser data:

  1. Open your browser's settings
  2. Go to PrivacyClear browsing data
  3. Clear cookies and site data for localhost:3456 (or whatever port you used)
  4. Also clear any saved passwords for the gateway login

Verify Complete Removal

After completing all steps, run these verification checks to make sure nothing remains.

# 1. Check for any remaining files
ls -la ~/.openclaw 2>/dev/null
# Should return "No such file or directory"

# 2. Check for running processes
ps aux | grep openclaw | grep -v grep
# Should return nothing

# 3. Check systemd
systemctl status openclaw 2>/dev/null
# Should return "Unit openclaw.service could not be found"

# 4. Check pm2
pm2 list 2>/dev/null | grep openclaw
# Should return nothing

# 5. Check Docker
docker ps -a | grep openclaw
# Should return nothing

# 6. Check npm global packages
npm list -g 2>/dev/null | grep openclaw
# Should return nothing

# 7. Check cron
crontab -l 2>/dev/null | grep openclaw
# Should return nothing

# 8. Check PATH
which openclaw 2>/dev/null
# Should return nothing

# 9. Check shell profiles
grep -r "openclaw" ~/.bashrc ~/.zshrc ~/.bash_profile ~/.profile 2>/dev/null
# Should return nothing

If all nine checks come back clean, OpenClaw has been completely removed from your system.

Final step: check your API provider dashboards Log in to Anthropic, OpenAI, Google, and any other provider you used. Verify the API keys are showing as revoked. Check recent usage for any unexpected activity that might indicate the keys were compromised before you revoked them.

Quick Reference: Complete Uninstall Commands

For users who want the condensed version, here is the full sequence. Do not run this blindly -- read the detailed steps above first to understand what each command does.

# 1. Disconnect channels (do manually via platform dashboards)
# 2. Revoke API keys (do manually via provider dashboards)

# 3. Stop processes
pkill -f openclaw
sudo systemctl stop openclaw 2>/dev/null
sudo systemctl disable openclaw 2>/dev/null
sudo rm /etc/systemd/system/openclaw.service 2>/dev/null
sudo systemctl daemon-reload 2>/dev/null
pm2 stop openclaw 2>/dev/null
pm2 delete openclaw 2>/dev/null

# 4. Remove Docker
docker stop openclaw 2>/dev/null
docker rm openclaw 2>/dev/null
docker rmi openclaw/openclaw 2>/dev/null
docker volume rm openclaw-data 2>/dev/null

# 5. Remove npm package
npm uninstall -g @openclaw/cli 2>/dev/null

# 6. Remove files
rm -rf ~/.openclaw

# 7. Clean cron (check manually)
# crontab -e

# 8. Remove PATH entries (check manually)
# Edit ~/.bashrc, ~/.zshrc, etc.

FAQ

Does OpenClaw have an uninstall command?

No. As of February 2026, OpenClaw does not include a built-in uninstall command. This has been a common complaint from users and security researchers. You must manually disconnect channels, revoke keys, stop processes, and delete files following the steps in this guide.

What happens if I just delete the ~/.openclaw folder?

Your API keys remain valid and chargeable. Your messaging bots (WhatsApp, Telegram, Discord) remain connected and visible to contacts. Background processes may continue running or attempting to restart. Cron jobs will fail noisily. You will have removed the local files but not the external connections or credentials.

Will revoking API keys disconnect my messaging bots?

No. API keys (OpenAI, Anthropic, Google) are for the AI model calls. Messaging connections use separate tokens issued by WhatsApp, Telegram, Discord, etc. You need to disconnect both independently.

Is my conversation data safe after uninstalling?

If you used the rm -rf command, the files are marked as deleted but may be recoverable with forensic tools (especially on HDDs). For maximum security, use shred on Linux or a secure-erase utility on macOS before deleting. On modern SSDs with TRIM, data recovery is less likely but not impossible.

Can I reinstall OpenClaw after uninstalling?

Yes. A clean reinstall after proper uninstallation will start fresh with no leftover configuration. You will need to set up new API keys, reconnect messaging channels, and reinstall skills. Previous memory data will be gone (which is the point of a clean uninstall).

Related Guides

Install Your Chief AI Officer

Claude Code runs locally with no persistent connections, no messaging bots, and no config files to clean up. Watch a 10-minute demo.

Get the Free Blueprint href="/blueprint">Watch the Free Setup Video →rarr;

Related Guides

What Is OpenClaw?

The open-source AI agent with 157K GitHub stars. Complete beginner's guide.

Is OpenClaw Safe?

Security risks, vulnerabilities, and how to protect yourself.

How to Install OpenClaw

Step-by-step setup on Mac, Windows, Linux, and Docker.