OpenClaw Docker Hub: Official Images and Tags Guide

Where Are the Official Images?

The official OpenClaw Docker images are published on Docker Hub under the openclaw organization:

https://hub.docker.com/r/openclaw/openclaw

This is the only official source for OpenClaw container images. If you find images under other names or on other registries, they are community forks or unofficial builds. While community builds may work, they are not tested or maintained by the OpenClaw team and may contain modifications.

The repository has two main images:

• openclaw/openclaw — The full OpenClaw application with all features, including browser automation (Chromium/Puppeteer).
• openclaw/sandbox — The sandbox container used for isolated code execution when the Docker sandbox backend is enabled.

Most operators only need openclaw/openclaw. The sandbox image is pulled automatically when you enable the Docker sandbox backend.

What Tags Are Available?

The OpenClaw Docker repository publishes several types of tags:

latest — Always points to the most recent stable release. Updated every time a new version is published. This is what you get when you run docker pull openclaw/openclaw without specifying a tag.

Version-specific (e.g., 3.23.1) — Points to a specific release and never changes. Once published, the image behind a version tag is immutable. This gives you reproducible deployments — you know exactly what code is running.

Minor version (e.g., 3.23) — Points to the latest patch release within a minor version. Updated when new patch releases are published (3.23.0 → 3.23.1 → 3.23.2). Gives you automatic patch updates without major changes.

nightly — Built every night from the main branch. Contains the latest development changes, including unreleased features, bug fixes in progress, and potentially breaking changes. Updated every 24 hours.

rc-X.Y.Z — Release candidates published before major releases. Used for community testing before a version goes stable.

As of March 2026, the current stable version is 3.23.x. The version history includes releases going back to the MoltBot era, though those early versions are not recommended for new deployments.

Which Tag Should You Use?

The right tag depends on your priorities:

For most operators, a specific version tag is the safest choice for production. Pin to the version you have tested, and only update when you are ready to test the new version. Unexpected updates from latest can introduce breaking changes that take your agent offline.

For personal projects or non-critical deployments, latest is fine. You get new features automatically and the occasional breaking change is an acceptable trade-off.

How Do You Pull and Verify an Image?

Pull the image with Docker:

# Pull latest
docker pull openclaw/openclaw:latest

# Pull specific version
docker pull openclaw/openclaw:3.23.1

# Pull nightly
docker pull openclaw/openclaw:nightly

After pulling, verify the image details:

# Check image size and creation date
docker images openclaw/openclaw

# Inspect image metadata
docker inspect openclaw/openclaw:3.23.1 | grep -i created

# Check the OpenClaw version inside the image
docker run --rm openclaw/openclaw:3.23.1 openclaw --version

The --version command shows the exact version, build date, and Git commit hash. This is useful for verifying that you are running the expected version, especially when debugging issues.

If you are behind a corporate firewall or have slow internet, you can pre-pull images during maintenance windows:

# Pull the new version without restarting
docker pull openclaw/openclaw:3.24.0

# Later, update docker-compose.yml and restart
docker compose up -d

This minimizes downtime because the image is already cached locally when you restart.

How Large Are the Images?

OpenClaw Docker images are larger than minimal container images because they include several heavyweight dependencies:

Chromium is the largest component. If you do not need browser automation, you can use the -slim variant (when available) which excludes Chromium and reduces the image size by about half.

Docker layer caching means that subsequent pulls are much smaller — only the layers that changed are downloaded. A typical patch update downloads 10-50MB rather than the full 800MB.

Make sure your server has enough disk space for the image, the data volume, and Docker's own overhead. A minimum of 5GB free disk space is recommended, with 10GB or more for production deployments that accumulate conversation history.

What About the Old ClawdBot and MoltBot Images?

The project was renamed twice before becoming OpenClaw:

• clawdbot/clawdbot — The original Docker Hub image from the ClawdBot era (November 2025). Still exists on Docker Hub but is no longer updated. The latest tag points to a pre-3.22 version.
• moltbot/moltbot — The Docker Hub image from the MoltBot era (January 2026). Also still exists but no longer updated.

Both legacy images work but are outdated and do not receive security patches. If you are still using them, migrate to openclaw/openclaw by:

1. Backing up your /data volume.
2. Changing the image in docker-compose.yml to openclaw/openclaw:latest.
3. Renaming any legacy environment variables (remove CLAWDBOT_ or MOLTBOT_ prefixes).
4. Running docker compose up -d.

OpenClaw automatically migrates data from the old format when it detects a legacy data directory. Your sessions, memory, and skills are preserved during the migration.