docs/channels/zaloclawbot.md
OpenClaw connects to Zalo ClawBot through the catalog-listed external @zalo-platforms/openclaw-zaloclawbot plugin. Login uses a Zalo Mini App QR code; the plugin id in config is openclaw-zaloclawbot.
| Plugin Version | OpenClaw Version | npm dist-tag | Status |
|---|---|---|---|
| 0.1.4 | >=2026.4.10 | latest | Active / Beta |
openclaw CLI available)openclaw onboard
Pick Zalo ClawBot from the channel menu. The wizard installs the plugin from the official catalog (integrity-verified), renders the login QR in the terminal, and finishes the channel once you scan it with the Zalo app.
To add the channel to an already-onboarded gateway:
openclaw plugins install "@zalo-platforms/[email protected]"
Use the exact pinned version so OpenClaw verifies the package against the catalog integrity hash during install.
openclaw config set plugins.entries.openclaw-zaloclawbot.enabled true
openclaw channels login --channel openclaw-zaloclawbot
Scan the terminal-rendered QR code with the Zalo mobile app, accept the Terms of Use inside the Zalo Mini App, and authorize the session.
openclaw gateway restart
Unlike the standard Zalo channel, which requires registering your own Zalo Official Account (OA) and configuring static developer credentials, Zalo ClawBot is an owner-bound personal assistant on shared official infrastructure:
The plugin communicates with Zalo via a persistent long-polling loop (getUpdates). Webhooks are disabled by default for local desktop/terminal gateway runs. Messages are processed client-side and mapped to your local agent runtime.
The plugin manages bot credentials under the OpenClaw state directory. Treat that directory as sensitive and cover it under the same access-control and backup policy as the rest of OpenClaw state.
This plugin's runtime lives entirely in the external @zalo-platforms/openclaw-zaloclawbot package; behavior details below beyond install/config are as reported by the plugin's maintainers and are not verified against OpenClaw core source.
zbsk) expires after 5 minutes for security. If the QR code expires before you scan it, rerun the login command to generate a new one.2026.4.10 or higher. Older versions do not support the external npm-plugin installation ledger this ID requires.