Next: After completing this guide, continue to ./EC2.md.
Create a dedicated GitHub account for your bot. This protects your main account from:
- Rogue agent behavior
- Prompt injection attacks
- Accidental commits to wrong repos
Your bot gets its own identity with limited blast radius.
- Go to github.com/signup
- Use a dedicated email (e.g.,
yourname+clawdbot@gmail.com) - Username suggestion:
yourname-clawdbotor similar
- Log into the bot account
- Go to Settings > Developer settings > Personal access tokens > Tokens (classic)
- Click Generate new token (classic)
- Set expiration (90 days recommended for security)
- Select scopes:
repo(full control of private repos)workflow(if using GitHub Actions)
- Copy the token immediately (you won't see it again)
After EC2 setup, configure git with the bot account:
git config --global user.name "yourname-clawdbot"
git config --global user.email "yourname+clawdbot@gmail.com"
git config --global credential.helper storeFirst push will prompt for credentials:
- Username:
yourname-clawdbot - Password:
<your-classic-token>
Note:
credential.helper storesaves credentials in plaintext at~/.git-credentials. This is acceptable for a dedicated bot account with limited repo access.
Use this directory pattern on all machines:
~/Code/<owner>/<repo>
Examples:
~/Code/merit-systems/OpenClawX402
~/Code/yourname-clawdbot/my-project
~/Code/openclaw/openclaw
This keeps repos organized by owner and makes collaboration cleaner.
- Never give the bot account access to sensitive repos
- Review bot commits periodically
- Rotate the token every 90 days
- Consider repo-scoped tokens for tighter control