Setup

Guided first-run setup for a stable Msty Claw workspace

Msty Claw is Msty's desktop agent app for practical, end-to-end execution: local or cloud model use, controlled automation, repeatable playbooks, and channel-integrated workflows when you need them. It is designed to move from "single prompt help" to reliable day-to-day operations without losing visibility or control.

This setup guide is written for a strong first run. By the end, you should have one agent running in a controlled workspace, a model provider configured correctly, and baseline security in place before any broader rollout.

Quick setup sequence

  • Install Claw
  • Connect a model provider
  • Set default working style
  • Create and validate one agent
  • Apply security baseline
  • Add tools only as needed (including Skills, Context Scout, Computer Use, and web search)
  • Enable Pulse, Rules, and workspace profile files only when they support your workflow
  • Add channels and Cloud Sync only after local flow is stable

Follow this order intentionally. It reduces troubleshooting complexity because each phase builds on a known-good previous state.

Install

Download Msty Claw from msty.ai/claw and install it on your machine.

Msty Claw is compatible with:

  • macOS
  • Windows
  • Linux

Start by connecting a model provider

Go to Settings > Model Providers and configure at least one provider. This is the foundation for every chat, agent run, playbook execution, and task.

If you are working with cloud models, verify credentials and endpoint details before moving on. If you are using a local runtime, confirm the service is reachable and that at least one model can be selected. It is worth spending an extra minute here because most "setup issues" later are actually provider connectivity problems.

Minimum provider checks:

  • You can select at least one model
  • A test chat response succeeds
  • Provider latency and errors look reasonable for your workload

If any of these fail, stop and fix provider setup before moving forward. Most later failures are symptoms of an unstable provider layer.

For full provider setup and model routing guidance, see Model Providers. For local runtime setup details, see Managed Services.

Set your default working style early

Before creating agents, set your app default in Settings > General. Working style affects how Claw plans, explains, and executes. Choosing this up front gives you consistent behavior across new chats and agents, which makes validation easier.

If you are unsure, choose a balanced default and then override style per agent only when there is a clear reason.

Common starting point:

  • App default: Balanced
  • Override to Careful for higher-risk agents

Keep overrides limited at first; excessive per-agent variation makes it harder to compare behavior during rollout.

For style behavior and selection patterns, see Working Styles.

Create one agent and validate it in a narrow scope

Go to Settings > Agents and create a single agent for your first validation run. Give it a small, intentional scope: one workspace, one runtime mode, and local-only routing unless you already need channel delivery.

When selecting runtime, use host mode for fast iteration and container mode when isolation matters more than speed. If you choose container mode, make sure Docker or Podman is already available on your machine. On macOS, Claw can also use OrbStack when Docker is running through the OrbStack context.

At this stage, avoid adding too many advanced options. The objective is a stable first run you can trust, not a fully optimized agent profile.

For your first agent, keep scope intentionally narrow:

  • One workspace
  • One runtime mode
  • Local only routing for initial validation

The goal is to prove a reliable baseline path before adding routing complexity, broader permissions, or external integrations.

For deeper agent configuration and lifecycle guidance, see Agents.

Apply your security baseline before adding integrations

Open Settings > Security and configure sender groups, allowed folders, blocked patterns, and a Network Guard preset. This is where you define operational boundaries for agent behavior.

A practical baseline is to limit workspace access to the project paths the agent actually needs and keep network policy conservative until you confirm your workflows. Security settings are much easier to tune before channels and external tools are heavily used.

Baseline controls to set before wider rollout:

  • Sender groups
  • Allowed folders
  • Blocked patterns
  • Network Guard preset
  • Airlock policy for internet-enabled container agents

Apply these before shared channel routing so policy decisions happen proactively instead of reactively.

For full hardening guidance, see Security.

Add tools only for immediate workflow needs

In Settings > Tools, configure MCP servers and web search only when they support a concrete task. Starting with a minimal tool surface reduces noise and makes troubleshooting simpler.

If you add tools now, test each one in isolation once so you can separate tool-specific issues from agent or provider issues.

Recommended first tool posture:

  • Add one MCP server first
  • Validate one tool path end-to-end
  • Add web search key only if needed by workflows
  • Enable Context Scout only after workspace path and model routing are stable
  • Install Computer Use only if chats or agents need to operate desktop apps directly
  • Configure Airlock before enabling broad web access on production agents

This minimizes noisy failures and helps you isolate issues to one integration at a time.

For detailed MCP and tool governance guidance, see Tools.

Enable workflow intelligence deliberately

After the first agent path works, decide whether to enable the newer workflow-shaping features.

  • Use Pulse when you want a private briefing of open threads, cleanup opportunities, failed tasks, reusable workflow ideas, and patterns before you start typing.
  • Use Rules when you want event-based guidance, tool blocking, post-action follow-up, or automatic checks.
  • Use Context Scout when a workspace prompt needs relevant files, code maps, and a better task brief before sending.
  • Use Workspace Profile Files when workspaces already contain SOUL.md, IDENTITY.md, or USER.md files that should shape chats and agents in that workspace.

Recommended order:

  1. Set a Pulse model before turning Pulse on
  2. Start Rules with one low-risk rule
  3. Enable workspace profile files only after reviewing the files in active workspace roots

These features improve continuity, but they also add more context and automation. Treat them as operational controls, not first-run requirements.

Add channels and Cloud Sync when your local flow is stable

Channels in Settings > Remote Routes and Cloud Sync in Settings > Cloud are best treated as phase-two setup. They are optional for local agent operation and should come after core execution is already reliable.

Connect channels only if you need remote routing through Discord, Telegram, or WhatsApp. Enable Cloud Sync only when device continuity is required and your team has a plan for recovery key handling. If you are using Msty Claw Go, pair phones from Settings > Cloud after desktop sync/device setup is complete.

Phase-two rollout criteria:

  • Core local agent run is stable
  • Security baseline is already configured
  • You have explicit operational need for remote routing or cross-device continuity

If you cannot meet these criteria yet, stay local and continue validation instead of widening scope.

For implementation details, see Channels and Cloud Sync.

Run a first end-to-end validation

Now run one safe, representative task through your first agent. Use a real workspace action that is low risk, then confirm output quality, approval behavior, and runtime execution all match your expectations.

If you enabled tools or channels, run one controlled validation per integration path. Avoid bulk automation until each path is verified individually.

Minimum done-state checklist

  • One provider connected and one model selectable
  • One agent created and runnable in intended workspace
  • Security baseline applied (sender, folder, network)
  • Optional tools/channels validated one path at a time
  • Optional Pulse, Rules, Computer Use, and workspace profile files configured only where needed

Treat this as the handoff point from setup into routine operations.

If setup fails, debug in this order

First check provider connectivity, then workspace permissions, then runtime availability. That order resolves the majority of first-run failures quickly.

Related detail pages

Overview
How Msty Claw works and where to start
Security
Configure sender controls, folder policy, and network guard in Msty Claw