OpenClaw - How to start small and secure
In this one you’ll be provided with a way to install OpenClaw without the need to buy a mac mini at a cost of only 5-10$ per month for hardware and a personal settable limit of token costs while keeping the blast radius of a potential destructive low.
Disclaimer
At this point, I’m not sure if there’s already a similar more established way from the community of achieving the same. Instead in advance research I just came up the solution that I present here.
Claim
Claim: Everyone is hooked up by the idea of OpenClaw. Being the idea of having a personal AI Agent Assistant at your fingertips.
Yet, if I ask people if they started it they usually say they didn’t dare to install it on their computer or even any old PC being reluctant to putting it in their home network.
That is not just for AI-critical people, even for people that I’d consider generally open with some affinity for experimenting with AI. Why? Anxiety to burn money, accidentally give access to sensitive data, or possibly causing a destructive event that cannot be reverted. Not without reason as published stories about accidental mail inbox deletions tell…
Further, it makes sense as OpenClaw is known to be the “most dangerous software in the world”.
(Note that by now OpenClaw maintainers have focused a lot on improving security [1], [2]).
My Recommendation
My recommendation: AWS lightsail - and by that I don’t mean the AWS Service itself (Alternatives are Hetzner Cloud or Digital Ocean) but the type of service that allows you to do a safe entry. Why? Because AWS lightsail offers a lightweight relatively cheap solution for an empty Linux instance on which the agent can live that has no sensitive data, no browser credentials, no credit card details that you would normally have on your desktop machine.
This is important because likely the agent will be very pro-active as it will install program, access the file system, even configure the OS without you explicitly telling it to do. This is by design and on purpose from by the maker of OpenClaw to let the agent seem more human. The assumption is if something goes wrong in there - no harm. Worst case you have to wipe everything and deploy a fresh new instance.
The Blast-Radius-Reduced Install Procedure
For this purpose I made a repo. The point is not every detail of the code in the repo itself but the main idea behind it. The idea of finding a guided way to kind of securely enter the space. Putting it on a Lightsail instance allows one to start an OpenClaw agent in an isolated laboratory-like environment without access to any of your data unless you explicitly want to.
The repo contains the infra-as-code written in TypeScript to deploy and configure the Linux Instance. It will only have permission for outgoing http requests to browse the web and one inbound to allow you to ssh into the machine.
Once logged in you can start the OpenClaw installation guide.
My recommendation is to run through and don’t give it any skill (yet), but in my case I gave it an API-Key to one of the preferred frontier models. Back then I generated an API key from Anthropic’s Claude Platform (platform.claude.com/settings/keys) with limit set to $50 meaning that the token costs of this hobby project will never exceed that amount unless I actively increase it again. I used Opus 4.6 as model which Peter Steinberger recommended back than as his preferred model to run the agent being able to mimic the character that you give it.
Done that you should be able to chat the with your bot via your running ssh session in the terminal.
Then, hook it up to Telegram. I picked Telegram (1) as it was supposed to have the easiest bot integration via “botfather” and (2) as I did not have it installed before and none of my social contacts are in Telegram. If this is the same for you I’d go for it. To be on the completely safe side make sure to not sync your existing contacts after installation.
Most important: Don’t add the bot into any of your group chats unless you really trust the people in the chat (prompt injection). My recommendation: Just start with a single 1:1 chat with the bot.
For starters, do something harmless. In my very first chat, I let my bot help me research on my mini solar system for my apartment’s balcony.
Even with that innocent topic, I can say it was tons of fun chatting with the bot, even on or the other louder laugh. In my case, I gave the agent the character of a “cheeky goblin”. Installation time was around Easter, which is why I equipped the agent with the “🐣” emoji, causing it to weave in many creative jokes as a conversation starter or closer.
Future Work and Next Steps
- Access to uncritical tools: Give access to uncritical tools that can be scoped easily via API tokens where blast radius is limited. E.g. a Jira Boards.
- Group Chat: Add it to a group chat with trustworthy people. E.g. planning a multi-day bike trip on Komoot
Take it from there and continue to increase its competencies by plugging in more tools.