NetClaw — AI network engineering agent
NetClaw is a CCIE-level AI network engineering coworker built on the OpenClaw runtime and Anthropic Claude. It operates from Slack / WebEx / WebChat, wires Claude to ~70+ MCP servers (pyATS, NetBox/Nautobot, ServiceNow, Grafana, AWS/GCP, Meraki, gNMI, CML/ContainerLab and more) and 100+ skills, with safety rails: ITSM-gated changes, source-of-truth reconciliation, and an immutable Git audit trail.
Setup, key commands & run examples
You need Docker, Python 3, an Anthropic Claude API key, and (for chat ops) a Slack or WebEx workspace. Clone the repo and run the installer — it sets up OpenClaw, the MCP servers and the daemon service.
git clone https://github.com/automateyournetwork/netclaw.git
cd netclaw
# Phase 1: install OpenClaw + MCP servers + daemon
./scripts/install.sh
# (optional) answer 'y' to enable DefenseClaw + OpenShell sandboxPoint OpenClaw at Claude and wire up your chat channel. This is where the Anthropic API key, gateway and Slack/WebEx connection are set.
openclaw configure
# - AI provider: Anthropic Claude (paste your API key)
# - Gateway: accept defaults for local use
# - Channels: connect Slack (or WebEx) workspace + channelRun the setup script to edit testbed.yaml (your devices) and supply platform credentials only for the integrations you use. Personalize USER.md and TOOLS.md so the agent knows your role, timezone, device IPs and channels.
./scripts/setup.sh
# - testbed.yaml : device hosts + credentials (start with a lab box)
# - integrations : NetBox/Nautobot, ServiceNow, Grafana, etc. (only what you use)
# - USER.md : your name, role, timezone
# - TOOLS.md : device IPs, SSH hosts, Slack channels, site infoStart the gateway and the TUI in two terminals, then ask NetClaw a read-only question from Slack/WebEx (or the TUI). Begin with health/inventory before any change.
# terminal 1
openclaw gateway
# terminal 2
openclaw tui
# then, from Slack / WebEx / TUI:
# "run a health check on the lab fleet"
# "show me the BGP neighbors on r1 and reconcile against NetBox"Best practices
Only edit USER.md and TOOLS.md
These personalize the agent. SOUL.md, AGENTS.md and IDENTITY.md define NetClaw's behavior and expertise — leave them unless you intend to change how it operates.
Start read-only in a lab
Bring up one lab device in testbed.yaml first. Validate health, routing and reconciliation flows before granting write access or production credentials.
Gate every change behind ServiceNow
NetClaw's config workflows expect an ITSM change request (create → approve → apply → verify → close). Keep that gate on so no change happens without an approved CR.
Keep the GAIT audit trail on
The Git-based audit trail records what the agent did and why, per session. It is your answer to 'what did the AI change?' — never disable it in shared environments.
Add integrations incrementally
Each MCP server needs credentials and widens the blast radius. Enable them one at a time as you actually need NetBox, Grafana, AWS, Meraki, etc.
Project owner & credits
NetClaw is an independent, open-source project. This tutorial is an educational walkthrough hosted on NAPT — it is not the official documentation and we are not affiliated with the project's authors.
Created & maintained by
- Author: John Capobianco & the Automate Your Network community.
- Repository: github.com/automateyournetwork/netclaw
- Built on the OpenClaw runtime and Anthropic Claude. All product names, logos and trademarks belong to their respective owners.
Disclaimer
- Provided for educational purposes only. Always review the upstream README and license before deploying.
- NetClaw can execute changes against live infrastructure — you are solely responsible for testing in a lab and gating production use.
- Anthropic Claude usage is metered and billed to your own API key; costs are your responsibility.
- NAPT provides no warranty and accepts no liability for outcomes from following this guide.
License, terms & what you can reuse
NetClaw itself is governed by the license published in its upstream repository — always read the LICENSE file before using, modifying or redistributing the software. The tutorial text on this page is separate and provided by NAPT for learning.
You may reuse
- The setup commands, config snippets and CLI examples shown here — they reflect the project's own public documentation.
- Your own notes, checklist results and audit scores generated on this page (stored locally in your browser).
- The NetClaw source under the terms of its upstream license, keeping all required copyright and license notices intact.
Please don't
- Strip attribution or relicense NetClaw in a way its upstream license does not permit.
- Present this tutorial as official NetClaw documentation or imply endorsement by its authors, Anthropic or OpenClaw.
- Reuse third-party trademarks, logos or brand names beyond nominative, descriptive references.
When upstream license terms and this page conflict, the upstream license governs the software.
Review & audit
An honest assessment of NetClaw before you adopt it — what it does well, where the risks are, how it keeps changes safe, and who it suits best.
Strengths
- •Exceptional breadth — 70+ MCP integrations and 100+ skills cover most NetOps tooling out of the box.
- •Safety-first design: ITSM-gated changes, source-of-truth reconciliation and an immutable GAIT audit trail.
- •Open-source and self-hosted — full control, no vendor lock-in, runs on your own Claude key.
- •Multi-channel operations from Slack, WebEx and a local TUI suit real team workflows.
Considerations & risks
- •Large attack surface — 70+ MCP servers each need credentials and widen the blast radius.
- •Operational complexity: Docker, multiple runtimes and per-integration setup to maintain.
- •Requires metered Anthropic Claude spend that scales with usage.
- •Self-hosted means you own the security, patching and isolation; MCP maturity varies per server.
Security posture
- •Optional DefenseClaw + OpenShell sandbox isolates command execution.
- •Read-only-first model — validate health and inventory before any write.
- •Human-in-the-loop: destructive actions are gated behind approved ServiceNow change requests.
- •GAIT records every session (prompt, response, artifacts) for accountability.
Best fit
- •NetOps teams that already run a source of truth (NetBox/Nautobot) and ITSM (ServiceNow).
- •Organizations wanting an AI operations layer with auditable, gated change control.
- •Ideal for a lab or controlled rollout before granting production write access.
Readiness scoring rubric
Tick each safeguard you have in place. The weighted score and readiness band update live to show how production-ready your NetClaw deployment is.
0 / 18
0 of 8 safeguards checked
Not ready
Curated videos & guides
Checklist — pitfalls, gotchas & verification
Common pitfalls
- •Pasting production credentials into testbed.yaml before validating in a lab.
- •Enabling all 70+ MCP servers at once — huge attack surface and noisy config.
- •Disabling ServiceNow gating or GAIT to 'move faster' on changes.
Gotchas to watch
- •Requires an Anthropic Claude API key — usage is metered and billed to you.
- •Some MCP servers run via Docker/uvx/npx; missing runtimes cause silent tool failures.
- •Workspace markdown files are capped at 20,000 characters each.
Verify it works
- •Confirm 'openclaw gateway' is running before using the TUI or chat channel.
- •Run a read-only health check and confirm device output before any write.
- •Check the GAIT session log shows the turn (prompt, response, artifacts).
NetClaw is self-hosted, open-source and powered by your own Anthropic Claude key. Start read-only in a lab, enable the GAIT audit trail, and gate every write behind ServiceNow before pointing it at production.