OpenClaw Reference Setup: 6-Week Production Use Case with Security Architecture

Production Setup Details
This is a real-world OpenClaw implementation running continuously for 6 weeks on dedicated hardware. The user isn't a developer but built this over evenings and weekends while working in industrial engineering at a chemical plant.
Hardware and Core Configuration
- Hardware: Mac Mini M4 with 24GB RAM, dedicated
- Model cascade: Claude Sonnet → MiniMax → Qwen local (3 tiers)
- Custom tools: 15+
- Cron jobs: 12 running daily
- Uptime: 6 weeks continuous
- Cost: ~$30-50/month
- Daily messages: 20-50
Daily Functions
- Morning briefing: Every day at 5:08am with weather, calendar, emails, market data, reminders, and a vocabulary word. Assembled locally from cached sources.
- Invoice scanning: Reads GMX, iCloud and Gmail inboxes, downloads PDF invoices, categorises them with AI, and files them. First run processed 61 PDFs sorted into 11 categories in one pass.
- Voice messages: Transcribes locally with Whisper (no cloud), processes, and responds. No audio ever leaves the machine.
- iCloud bridge: Bidirectional file sync. Files dropped into a folder on iPhone get picked up by the agent, which can drop files back the same way.
Security Architecture
The creator emphasizes most setups have exec.security: "off", which is vulnerable to prompt injection. This implementation includes:
- Exec approvals with ~57 allowlisted binaries
- HTTP egress locked to a domain allowlist (no curl to unknown URLs)
- SMTP egress locked to an approved recipient list
- File integrity monitoring on 30+ critical files with SHA256 checksums
- Injection detection on every external input — email, calendar, web, voice
- Memory validation before every write (no poisoning via email content)
- Purple Team audit with MITRE ATT&CK mapping
Security score improved from 3/10 to 7.5/10.
Lessons Learned
sandbox.mode: "all"silently denies every exec call with no error or log- Memory explodes without hard limits. Implemented 200-line cap on daily logs plus weekly distillation into long-term memory
- Shell pipes always trigger approvals even when every binary is allowlisted. Solution: wrapper scripts
exec-approvals.jsonmust NOT be immutable as OpenClaw writes to it on every exec
Repository and Licensing
Everything is open-sourced at https://github.com/Atlas-Cowork/openclaw-reference-setup under MIT license. Includes templates, security architecture, tool catalog, and cron configs.
📖 Read the full source: r/openclaw
👀 See Also

Claude Managed Agents Released: Multi-Agent Orchestration and 70 Days of Practical Lessons
Anthropic launched Managed Agents for multi-agent orchestration and enhanced toolchains. A developer shares 70 days of experience using role-split agents (Opus decision layer, OpenCode engineer, research agents) and the critical shift from 'execute this' briefs to 'you can question my premise' briefs.

Claude Artifacts + React: Teacher Builds Mini Golf Game for Angle Lessons in 20 Min
A teacher used Claude's Artifact + React to build a mini golf game for teaching angles, then converted to HTML for sharing. Students designed their own courses via drawings.

Non-coder builds local video downloader with Claude AI in one evening
A user with zero coding knowledge used Claude AI to build AZ Downloader, a local video downloader that works on 14/16 platforms including YouTube, TikTok, Instagram, and Reddit. The tool was created in one evening and is now available on GitHub.

AI Agents Playing Strategy Game Show Emergent Diplomacy and Strategy
A developer created a strategy game at agentsandaimpires.com where AI agents autonomously play, with observed behaviors including efficient land capture by one agent and diplomatic peace coalition proposals by another.