OpenClaw is the open-source personal AI assistant that became one of the most-starred repositories in GitHub history. DeepSeek is the AI lab whose API prices undercut every major Western provider. Put them together and you get something genuinely interesting: an always-on agent that runs on your own hardware, talks to you through WhatsApp or Telegram, and costs cents per day to operate.
This guide covers what the combination actually offers, how to set it up properly, what it costs — and, because it matters more than most tutorials admit, how not to get burned on security.
What OpenClaw is (and why everyone is talking about it)
OpenClaw started in November 2025 as a side project by Austrian engineer Peter Steinberger. It went through a whirlwind of renames — first Clawdbot, then Moltbot after a trademark complaint from Anthropic, and finally OpenClaw on January 30, 2026. By March 2026 it had passed 247,000 stars on GitHub, and in February 2026 Steinberger announced the creation of the OpenClaw Foundation to steward the project as he joined OpenAI.
Unlike a chatbot in a browser tab, OpenClaw is a gateway that runs on your own machine or VPS. It connects to the messaging channels you already use — WhatsApp, Telegram, Signal, Discord, Slack and around twenty others — and to a large language model of your choice as its brain. From there it can manage your calendar, read feeds, run scheduled tasks, and extend itself with community "skills."
The key phrase is bring your own model. OpenClaw doesn't ship an LLM; it orchestrates one through your own API keys. Which brings us to DeepSeek.
Why DeepSeek as the brain
Three reasons make DeepSeek the most popular budget pairing for OpenClaw:
- Price. DeepSeek remains one of the cheapest capable APIs on the market (full table below). Agent loops resend a lot of context, and DeepSeek's context caching makes repeated input almost free.
- First-class support. DeepSeek is an officially documented provider in OpenClaw — no custom adapters needed. Its API is OpenAI-compatible, so the integration is boring in the best sense.
- The V4 models are real agent models. 1M-token context, up to 384K output tokens, native tool calling and a controllable thinking mode.
Current pricing (official, June 2026)
| Model | Input (cache hit) | Input (cache miss) | Output | Context |
|---|---|---|---|---|
| deepseek-v4-flash | $0.0028 /M | $0.14 /M | $0.28 /M | 1M tokens |
| deepseek-v4-pro | $0.003625 /M | $0.435 /M | $0.87 /M | 1M tokens |
Two details worth noting. First, cache hits cost ~50× less than cache misses — and an always-on agent that keeps replaying its system prompt and history benefits enormously from that. Second, V4-Pro's listed price has been promotional; check the official pricing page before budgeting around it.
⚠️ Deprecation alert: the legacy model names deepseek-chat and deepseek-reasoner are deprecated on July 24, 2026. Both aliases map to V4-Flash — so if you were using deepseek-reasoner for heavy reasoning and want equivalent or stronger capability, switch explicitly to deepseek-v4-pro.
Setting it up
You need an OpenClaw install and a DeepSeek API key from platform.deepseek.com. Then:
openclaw onboard --auth-choice deepseek-api-keyThe interactive onboarding sets deepseek/deepseek-v4-flash as the default model. Verify what's available with:
openclaw models list --provider deepseekIf the gateway runs as a daemon, the key must live in ~/.openclaw/.env (the daemon won't inherit your shell's environment):
DEEPSEEK_API_KEY=sk-...Or configure it declaratively:
{
env: { DEEPSEEK_API_KEY: "sk-..." },
agents: {
defaults: {
model: { primary: "deepseek/deepseek-v4-flash" },
},
},
}Which model should you pick?
- `deepseek-v4-flash` — the right default. Fast, very cheap, supports thinking mode when you need it (
/think xhighor/think maxin chat). - `deepseek-v4-pro` — the stronger V4. Use it when Flash visibly struggles with multi-step plans, at roughly 3× the cost.
One operational caveat: community users report elevated 503 errors from DeepSeek's API during Chinese business hours (roughly 9am–6pm Beijing time). OpenClaw supports fallback models — configure one from another provider so your assistant degrades gracefully instead of going silent.
Security: read this before exposing anything
OpenClaw's growth outpaced its security story, and the early-2026 record is sobering. Security researchers documented a high-severity one-click RCE (CVE-2026-25253, since patched), hundreds of malicious skills in the ClawHub registry designed to steal credentials and crypto wallets, and internet scans found tens of thousands of exposed or misconfigured gateways. Cisco researchers showed a third-party skill exfiltrating data via prompt injection, and Microsoft published dedicated guidance on isolating OpenClaw deployments.
None of this means "don't use it." It means treat your agent like a production service, not a toy:
- Never expose the gateway port to the internet. Bind to localhost, access remotely via Tailscale/WireGuard, and keep authentication enabled.
- Run it in a container or VM with least privilege. The agent can execute code; assume it will eventually execute something you didn't intend.
- Vet every skill before installing. Treat ClawHub like npm in its wild-west days: read the code, pin versions.
- Use dedicated accounts and scoped API keys. Your agent does not need your main Google account.
- Assume prompt injection. Anything the agent reads — an email, a web page, a calendar invite — is an attack surface. Require confirmation for destructive actions.
And one consideration specific to this pairing: self-hosting OpenClaw does not mean your data stays home. Every prompt — including whatever personal context your assistant accumulates — is sent to DeepSeek's servers for inference, under Chinese jurisdiction. For genuinely sensitive workloads, pair OpenClaw with a local model (e.g. via Ollama) instead and accept the capability trade-off.
Verdict
OpenClaw + DeepSeek is currently the cheapest way to run a genuinely capable, always-on personal AI agent: V4-Flash handles routine assistant work for cents per day, and the official integration takes minutes to configure. The price you pay isn't in dollars — it's in operational responsibility. Harden the deployment, scope its credentials, plan a fallback model, and be deliberate about what data you let it see. Do that, and it's one of the most interesting self-hosted setups of 2026.
This guide was researched and written with AI assistance; all facts were checked against the official documentation and the sources listed below (June 2026).