How to completely uninstall OpenClaw in 2026
Uninstalling the package removes the command — not the agent. Here is how to remove every OpenClaw leftover: the background gateway, port 18789, data folders, plaintext keys and OAuth grants.
By The Aipurity Team · July 15, 2026
If you installed OpenClaw during the hype and now want it gone, running npm uninstall -g openclaw feels like the end of the story. It isn’t. That command removes the CLI package — the thing you type — but it leaves the agent’s actual life on your machine untouched: a background gateway that restarts on boot, data folders full of chat history and skills, a login-service registration, and, worst of all, API keys and OAuth tokens that stay valid until you revoke them at the source.
This guide walks through a complete removal on macOS, Windows and Linux — every leftover, in the order that actually works. If you’d rather have a tool find it all for you first, the Aipurity device scanner enumerates OpenClaw residue, the port 18789 gateway and plaintext secrets in one pass and quarantines them reversibly.
Prefer a scan first?Run the free OpenClaw scanner →What OpenClaw actually installs
Knowing the footprint explains why a quick delete never works. A standard install puts four separate things on your system:
- The CLI package — a global npm/pnpm/bun package. This is the only part
npm uninstallremoves. - A background gateway — registered as a login service (launchd on macOS, a systemd user service on Linux, Task Scheduler on Windows) so it survives reboots. Service names differ by era: ai.openclaw.gateway, bot.molt.gateway, or com.clawdbot.gateway.
- A state directory — chat history, skill files and session data in ~/.openclaw, plus legacy ~/.clawdbot or ~/.moltbot folders if you installed before the renames.
- Credentials in plaintext — API keys and OAuth tokens the agent used, stored readable on disk. Deleting the files does not revoke what already leaked from them.
The single most common mistake
People run the package uninstall, see the command disappear, and assume they’re done — while the gateway keeps running on port 18789 and the keys stay live. Removal has four steps, not one.
Remove OpenClaw on macOS
- 01Remove the package with whichever manager installed it.
- 02Find the login service (names vary across the Clawdbot/Moltbot/OpenClaw eras, so match broadly).
- 03Unload it using the label the previous step printed.
- 04Quarantine or remove the data folders once you’re sure.
- 05Verify the port is closed — no output means nothing is listening any more.
npm uninstall -g openclaw # or: pnpm remove -g openclaw / bun remove -g openclaw launchctl list | grep -iE "openclaw|molt|clawd" launchctl bootout gui/$(id -u)/ai.openclaw.gateway ls -d ~/.openclaw ~/.clawdbot ~/.moltbot 2>/dev/null lsof -i :18789
Remove OpenClaw on Windows
Same idea in PowerShell — package, scheduled task, folders, port.
npm uninstall -g openclaw
Get-ScheduledTask | Where-Object { $_.TaskName -match "openclaw|molt|clawd" }
Unregister-ScheduledTask -TaskName "OpenClaw Gateway" -Confirm:$false
Get-ChildItem "$env:USERPROFILE\.openclaw","$env:APPDATA\openclaw" -ErrorAction SilentlyContinue
netstat -ano | findstr 18789Remove OpenClaw on Linux
Package, user service, folders, port — plus one check the other platforms don’t need: your shell profile, where some installers append PATH or environment lines.
npm uninstall -g openclaw systemctl --user list-units | grep -iE "openclaw|molt|clawd" systemctl --user disable --now openclaw-gateway.service ls -d ~/.openclaw ~/.clawdbot ~/.moltbot 2>/dev/null grep -iE "openclaw|molt" ~/.bashrc ~/.zshrc 2>/dev/null ss -ltnp | grep 18789
Installed with Docker?
Containers, images and volumes live outside the filesystem paths above — remove them with Docker itself. The volume is where the state actually lives, so don’t skip it.
docker ps -a | grep -iE "openclaw|molt|clawd" docker rm -f <container-id> docker images | grep -iE "openclaw|molt" docker rmi <image-id> docker volume ls | grep -iE "openclaw|molt" docker volume rm <volume-name> # compose installs, from the folder with the compose file: docker compose down --volumes
Revoke what the agent could reach
Removal cleans your disk; it does nothing about the accounts the agent was authorized into. This is the step every quick guide skips — and the one that actually matters for security. If you ever connected a service, revoke the grant at that service:
- Google — myaccount.google.com → Security → Third-party apps with account access.
- GitHub — Settings → Applications → Authorized OAuth Apps → revoke.
- Slack — Workspace settings → Manage apps → remove the integration.
- Discord — User Settings → Authorized Apps → deauthorize.
- Microsoft — account.live.com/consent/Manage → remove access.
- WhatsApp & Telegram — WhatsApp: Settings → Linked devices; Telegram: Settings → Devices → terminate session.
Rotate, don’t just delete
Any API key the scan flags (OpenAI, Anthropic, and anything else in the agent’s config) stays valid until you rotate it at the provider’s dashboard. A leaked key lives on until you revoke it — not until you delete the file it sat in.
Verify it’s completely gone
Run through this checklist after the steps above:
- No process matches openclaw / molt / clawd in your process list.
- Port 18789 is not listening (lsof -i :18789 / netstat -ano | findstr 18789 / ss -ltnp | grep 18789).
- The autostart entry is gone (launchctl / systemctl --user / Task Scheduler).
- The data folders (~/.openclaw and legacy ~/.clawdbot, ~/.moltbot) are removed or quarantined.
- Docker containers, images and volumes removed (if you used Docker).
- Every OAuth grant revoked and every flagged API key rotated.
When removal fights back
- The gateway is back after a reboot — an autostart entry survived. Remove the login-service entry, not just the process.
- Port 18789 is busy but no OpenClaw is found — another tool may have claimed the port; identify the listening process before assuming.
- A deleted folder keeps reappearing — a still-running process recreates its state directory on exit. Stop the service first, then remove the folder.
- You used a custom install path — a relocated state folder can sit outside every default location. A running gateway still shows via the process and port checks; for the folder, search for the name you chose.
Is OpenClaw malware?
No — it’s a legitimate open-source project. But it runs with high privileges, stores credentials in plaintext, and exposed instances were hit by real attacks: researchers measured tens of thousands of internet-exposed gateways on the default port, and campaigns targeting them distributed credential stealers. Treat an old, unused install like an unlocked door, not a virus — close it deliberately.
Let the scanner find every leftover for youRun the free OpenClaw scanner →Sources


