OpenClaw Reference Setup: 6-Week Production Use Case with Security Architecture
Production Setup Details
This is a real-world OpenClaw implementation running continuously for 6 weeks on dedicated hardware. The user isn't a developer but built this over evenings and weekends while working in industrial engineering at a chemical plant.
Hardware and Core Configuration
- Hardware: Mac Mini M4 with 24GB RAM, dedicated
- Model cascade: Claude Sonnet → MiniMax → Qwen local (3 tiers)
- Custom tools: 15+
- Cron jobs: 12 running daily
- Uptime: 6 weeks continuous
- Cost: ~$30-50/month
- Daily messages: 20-50
Daily Functions
- Morning briefing: Every day at 5:08am with weather, calendar, emails, market data, reminders, and a vocabulary word. Assembled locally from cached sources.
- Invoice scanning: Reads GMX, iCloud and Gmail inboxes, downloads PDF invoices, categorises them with AI, and files them. First run processed 61 PDFs sorted into 11 categories in one pass.
- Voice messages: Transcribes locally with Whisper (no cloud), processes, and responds. No audio ever leaves the machine.
- iCloud bridge: Bidirectional file sync. Files dropped into a folder on iPhone get picked up by the agent, which can drop files back the same way.
Security Architecture
The creator emphasizes most setups have exec.security: "off", which is vulnerable to prompt injection. This implementation includes:
- Exec approvals with ~57 allowlisted binaries
- HTTP egress locked to a domain allowlist (no curl to unknown URLs)
- SMTP egress locked to an approved recipient list
- File integrity monitoring on 30+ critical files with SHA256 checksums
- Injection detection on every external input — email, calendar, web, voice
- Memory validation before every write (no poisoning via email content)
- Purple Team audit with MITRE ATT&CK mapping
Security score improved from 3/10 to 7.5/10.
Lessons Learned
sandbox.mode: "all"silently denies every exec call with no error or log- Memory explodes without hard limits. Implemented 200-line cap on daily logs plus weekly distillation into long-term memory
- Shell pipes always trigger approvals even when every binary is allowlisted. Solution: wrapper scripts
exec-approvals.jsonmust NOT be immutable as OpenClaw writes to it on every exec
Repository and Licensing
Everything is open-sourced at https://github.com/Atlas-Cowork/openclaw-reference-setup under MIT license. Includes templates, security architecture, tool catalog, and cron configs.
📖 Read the full source: r/openclaw
👀 See Also
Local vLLM Hosting on 2x Modded 2080 Ti for OpenClaw: Real-World Experience
A user shares their experience impulse-buying two modded 22GB 2080 Tis from Alibaba with NVLink to host a 20-30B model for OpenClaw via vLLM, seeking advice on suitable models for coding, homelab, and RAG.
AI TDD Pipeline: How Bad Instructions Created 3,400 Tests and What Fixed It
A developer built a multi-agent TDD pipeline with Claude Code where different agents handle testing, coding, and review. The initial instruction 'write tests for everything' resulted in 3,400 tests with only 44% valid, leading to 'coverage theater' where tests didn't catch real bugs.
OpenClaw's Bub AI agent struggles with delegation, burns $20 in 15 minutes during mobile site optimization
During QA for Driftwatch V3, the OpenClaw bot Bub burned $20 in 15 minutes by failing to delegate tasks properly. The developer discovered detailed spec templates reduce costs, while mobile retrofitting added unexpected time and expense.
User Reports $868 AUD OpenClaw Bill, Duplicate Sessions, and Breakage After Updates
A user spent $868 AUD on OpenClaw + Claude Sonnet in a month. They discovered duplicated Telegram polling sessions causing double agent runs, duplicate tool calls, and 2x token billing. Two major updates broke their setup, requiring manual config edits.