diff --git a/Dockerfile b/Dockerfile
index dd6991257ea..4f9d06c2d2c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -43,6 +43,11 @@ RUN chown -R node:node /app
 # This reduces the attack surface by preventing container escape via root privileges
 USER node
 
+# Support custom init scripts mounted at /openclaw-init.d/
+# Scripts must be executable. They run before the gateway starts.
+# Example: docker run -v ./my-scripts:/openclaw-init.d:ro openclaw
+ENTRYPOINT ["/app/scripts/docker-entrypoint.sh"]
+
 # Start gateway server with default config.
 # Binds to loopback (127.0.0.1) by default for security.
 #
diff --git a/scripts/docker-entrypoint.sh b/scripts/docker-entrypoint.sh
new file mode 100755
index 00000000000..659134ccb5c
--- /dev/null
+++ b/scripts/docker-entrypoint.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+# OpenClaw Docker entrypoint with init script support.
+#
+# Runs any executable scripts found in /openclaw-init.d/ before starting
+# the main process. This allows users to mount custom initialization
+# scripts (e.g., install dependencies, apply patches, start services)
+# without overriding the entire entrypoint.
+#
+# Usage in docker-compose.yml:
+#   volumes:
+#     - ./my-init-scripts:/openclaw-init.d:ro
+
+INIT_DIR="/openclaw-init.d"
+
+if [ -d "$INIT_DIR" ] && [ "$(ls -A "$INIT_DIR" 2>/dev/null)" ]; then
+  echo "[openclaw-init] Running init scripts from $INIT_DIR..."
+  for script in "$INIT_DIR"/*; do
+    [ -f "$script" ] || continue
+    if [ -x "$script" ]; then
+      echo "[openclaw-init] Running $(basename "$script")..."
+      "$script" 2>&1 | sed "s/^/  /"
+    else
+      echo "[openclaw-init] Skipping $(basename "$script") (not executable)"
+    fi
+  done
+  echo "[openclaw-init] Done."
+fi
+
+exec "$@"