Wyndo, this is the reality check the community needed. You nailed the "Mac Mini" trap—people are obsessing over physical control while running a tool that, by default, is architecturally promiscuous. A $5 VPS with proper isolation beats a $600 local box with open ports any day.
For Tuesday’s deep dive, I’m taking your setup and adding the armor. We aren't just doing firewalls; we’re talking about Docker-based network isolation, LiteLLM credential brokering (so the agent never actually holds your API keys), and a strict "NEVER-connect" list.
As I wrote in the intro: "I know this feels like teaching people to juggle chainsaws safely when the right answer is don't juggle chainsaws. But they're juggling anyway. At least now they'll wear gloves." See you Tuesday.
Thanks Fernando, looking forward to see your post published next week, excited! I'm sure people will be more comfortable launching their OpenClaw soon!
Wyndo, this is by far the best breakdown of how to actually operate open claw that I've read anywhere, let alone on Substack. Also, given your technical wizardry and the complexity that it caused, even you at times, means that I don't think I'm quite ready to join the revolution.
The thing that has given me most pause for thought, though, is the realisation towards the end of the post that you no longer visit apps. I wonder to what extent this might become an opportunity for pernicious agents to start using other apps on your behalf rather than the ones that you'd originally intended to. Definitely something to consider, especially in the age of AI advertisements.
Yeah, the UX is just too techy at the moment. Better to wait a couple of months, or maybe Anthropic will build it soon, who knows!
And yes, those are valid concerns. I think it’s important to have strong guardrails here, but we don’t know if the agent has the potential to go rogue.
Impressive deep dive on the heartbeat feature. Thinking of AI agents as proactive assistants rather than reactive tools shifts the mental model entirely. I've been testing similiar setups with scheduled actions but hadnt considered layering in context-aware monitoring to decide if something needs attention vs just running blindly on a timer.
Keep em coming! Building my own junior stock analyst with openclaw so interested in the space
2 questions if I may: 1. Did you find a guide to easily connect G suite? 2. What is your base LLM? What was the total cost on tokens burnt those first 10 days?
I can't find it at the moment, but I just read an article a few days ago where someone tested prompt injection attacks against openclaw, and the cheaper, less capable models were easy to exploit.
They very quickly got kimi to reply to an email with a 'bank statement' it had access to. I don't think they managed to exploit opus or 5.2, which doesn't mean they're 'safe', but probably safer.
My buddy in Toronto, a 20 year dev, a pilot, and a good guy, has launched his own Autonomous AI Assistant called Open whale. It's safe, and auto extends itself: https://github.com/viralcode/openwhale
Wyndo, this is the reality check the community needed. You nailed the "Mac Mini" trap—people are obsessing over physical control while running a tool that, by default, is architecturally promiscuous. A $5 VPS with proper isolation beats a $600 local box with open ports any day.
For Tuesday’s deep dive, I’m taking your setup and adding the armor. We aren't just doing firewalls; we’re talking about Docker-based network isolation, LiteLLM credential brokering (so the agent never actually holds your API keys), and a strict "NEVER-connect" list.
As I wrote in the intro: "I know this feels like teaching people to juggle chainsaws safely when the right answer is don't juggle chainsaws. But they're juggling anyway. At least now they'll wear gloves." See you Tuesday.
Thanks Fernando, looking forward to see your post published next week, excited! I'm sure people will be more comfortable launching their OpenClaw soon!
10 days of your life you're unlikely to get back Wyndo ! All the best 🤓
10 days well spent :)
And didn't need to because you did! Such a good report I've Restacked it with you tagged. Thanks man 👏
appreciate you Chris :)
I meant "I didn't mean to"
Agents acting without constant prompts changes how work actually gets done.
exactly!
How much does this cost you to use as far as tokens?
Do you keep it seperate from you personal email and Google drive? Or do you have seperate Google accounts based on what you are doing?
I have business account for seperate Google account for my agents.
I dont really track the cost of tokens because I dont use API. But my weekly Max plan is still okay and manageable.
Wyndo, this is by far the best breakdown of how to actually operate open claw that I've read anywhere, let alone on Substack. Also, given your technical wizardry and the complexity that it caused, even you at times, means that I don't think I'm quite ready to join the revolution.
The thing that has given me most pause for thought, though, is the realisation towards the end of the post that you no longer visit apps. I wonder to what extent this might become an opportunity for pernicious agents to start using other apps on your behalf rather than the ones that you'd originally intended to. Definitely something to consider, especially in the age of AI advertisements.
Thanks Sam :)
Yeah, the UX is just too techy at the moment. Better to wait a couple of months, or maybe Anthropic will build it soon, who knows!
And yes, those are valid concerns. I think it’s important to have strong guardrails here, but we don’t know if the agent has the potential to go rogue.
O-oh geez 🤓
Phenomenal deep dive and step-by-step. And how I wish I had started with Sonnet.
Oh geez 🤓
Opus is not good for saving cost thats for sure! And might be overkill for some quick tasks monitoring and execution :)
I can’t for the life of me figure out how to downgrade- might need to start over and now I can use your guide 🙌
U can ask Farrell to do it for you. Or u need to go to dashboard and update it yourself
He is good at doing things more elegantly than me. What a guy!
Impressive deep dive on the heartbeat feature. Thinking of AI agents as proactive assistants rather than reactive tools shifts the mental model entirely. I've been testing similiar setups with scheduled actions but hadnt considered layering in context-aware monitoring to decide if something needs attention vs just running blindly on a timer.
The heartbeat feature is defly game-changing. Been using it for monitoring my tasks!
Keep em coming! Building my own junior stock analyst with openclaw so interested in the space
2 questions if I may: 1. Did you find a guide to easily connect G suite? 2. What is your base LLM? What was the total cost on tokens burnt those first 10 days?
excited 🔥
1. It's easy not that hard. But you need to connect it through google cloud console, but it's pretty straight-forward process.
2. I use Sonnet 4.5, but I'm planning to let my AI agent build website, so I might need to upgrade to Opus 4.5 later.
3. I'm currently on Max plan and I don't use API token. So not sure how much but my weekly usage still okay though.
Given how much you're gonna use it, I think using Max plan makes more sense.
But I find some people using Kimi to save some cost.
I can't find it at the moment, but I just read an article a few days ago where someone tested prompt injection attacks against openclaw, and the cheaper, less capable models were easy to exploit.
They very quickly got kimi to reply to an email with a 'bank statement' it had access to. I don't think they managed to exploit opus or 5.2, which doesn't mean they're 'safe', but probably safer.
I saw a Youtube Video on it that said the same thing, the best, more "intelligent" models are natively safer.
given the openclaw is highly experimental product, i think it's wise for us to use safer model.
lets stick to flagship model then :)
Amazing deep dive. Thank you, and keep them coming!
My buddy in Toronto, a 20 year dev, a pilot, and a good guy, has launched his own Autonomous AI Assistant called Open whale. It's safe, and auto extends itself: https://github.com/viralcode/openwhale