Five Common OpenClaw Setup Mistakes That Waste Money and Create Security Risks

An experienced OpenClaw user analyzed over 50 different setups and found five recurring mistakes that cause unnecessary costs, security vulnerabilities, and operational problems.

1. Using Opus as the default model

This is the most expensive mistake in the OpenClaw ecosystem. Opus costs 10-15x more than Sonnet for tasks where users won't notice the difference. Use Sonnet for routine tasks like checking calendars, summarizing articles, setting reminders, or drafting quick emails. Reserve Opus only for deep research, multi-step reasoning, or nuanced writing where quality genuinely matters—about 5-10% of typical usage.

One user reduced weekly costs from $47 to $6 by changing their default model to Sonnet and adding to their SOUL.md: "only use opus when I explicitly ask for deep analysis."

{
  "ai": {
    "model": "claude-sonnet-4-5-20250929"
  }
}

2. Never starting a fresh session

Every message in your current session gets sent with each new API call. If you've been chatting for weeks in the same session, even simple questions carry thousands of tokens of old conversation, increasing costs. Users have cut monthly costs by 40-60% by typing /new before heavy tasks.

Starting a new session clears the conversation buffer but doesn't erase the agent's memory—it still has access to SOUL.md, USER.md, MEMORY.md, and all files.

3. Installing skills without reading the source

ClawHub has 13,000+ skills, with hundreds flagged by VirusTotal as actively malicious (infostealers, backdoors, remote access tools). Even non-malicious skills can cause problems:

• Loop silently on cron, burning $20-30/month with no visible output
• Inject themselves into every conversation, bloating context windows
• Override parts of config without notification
• Crash silently and leave agents in broken states

The recommendation: don't install skills unless you can read and understand their source code in 5 minutes. If a skill needs shell or network access, understand exactly why before installation.

4. Gateway exposed to the network

If your gateway config has "host": "0.0.0.0" or isn't set, your agent might be accessible to anyone who knows your IP. This gives strangers potential access to your email, calendar, files, and possibly shell.

Check your current configuration:

openclaw config get | grep host

Fix by changing to:

{
  "gateway": {
    "host": "127.0.0.1"
  }
}

Access through an SSH tunnel: ssh -L 18789:localhost:18789 user@your-vps

5. Adding a second agent before the first one works

When something breaks with agent 1, users often create agent 2 for a "fresh start" instead of fixing the original problem. This results in two agents consuming tokens independently, more complex binding/routing configurations, and doubled debugging complexity.

Every agent is a separate token consumer even when idle, needs its own channel binding configured correctly, and complicates debugging. Don't create agent 2 until agent 1 has been stable and useful for at least 2 weeks.