OpenClaw Reference Setup: 6-Week Production Use Case with Security Architecture
Production Setup Details
This is a real-world OpenClaw implementation running continuously for 6 weeks on dedicated hardware. The user isn't a developer but built this over evenings and weekends while working in industrial engineering at a chemical plant.
Hardware and Core Configuration
- Hardware: Mac Mini M4 with 24GB RAM, dedicated
- Model cascade: Claude Sonnet → MiniMax → Qwen local (3 tiers)
- Custom tools: 15+
- Cron jobs: 12 running daily
- Uptime: 6 weeks continuous
- Cost: ~$30-50/month
- Daily messages: 20-50
Daily Functions
- Morning briefing: Every day at 5:08am with weather, calendar, emails, market data, reminders, and a vocabulary word. Assembled locally from cached sources.
- Invoice scanning: Reads GMX, iCloud and Gmail inboxes, downloads PDF invoices, categorises them with AI, and files them. First run processed 61 PDFs sorted into 11 categories in one pass.
- Voice messages: Transcribes locally with Whisper (no cloud), processes, and responds. No audio ever leaves the machine.
- iCloud bridge: Bidirectional file sync. Files dropped into a folder on iPhone get picked up by the agent, which can drop files back the same way.
Security Architecture
The creator emphasizes most setups have exec.security: "off", which is vulnerable to prompt injection. This implementation includes:
- Exec approvals with ~57 allowlisted binaries
- HTTP egress locked to a domain allowlist (no curl to unknown URLs)
- SMTP egress locked to an approved recipient list
- File integrity monitoring on 30+ critical files with SHA256 checksums
- Injection detection on every external input — email, calendar, web, voice
- Memory validation before every write (no poisoning via email content)
- Purple Team audit with MITRE ATT&CK mapping
Security score improved from 3/10 to 7.5/10.
Lessons Learned
sandbox.mode: "all"silently denies every exec call with no error or log- Memory explodes without hard limits. Implemented 200-line cap on daily logs plus weekly distillation into long-term memory
- Shell pipes always trigger approvals even when every binary is allowlisted. Solution: wrapper scripts
exec-approvals.jsonmust NOT be immutable as OpenClaw writes to it on every exec
Repository and Licensing
Everything is open-sourced at https://github.com/Atlas-Cowork/openclaw-reference-setup under MIT license. Includes templates, security architecture, tool catalog, and cron configs.
📖 Read the full source: r/openclaw
👀 See Also
One-Click Cloud Hosting for OpenClaw AI Agents
OpenClaw unveils a game-changing one-click cloud hosting solution for AI agents, simplifying deployment and accessibility. Discover how this innovation is set to transform AI development on the OpenClaw platform.
Browser-based curling game built with Claude Sonnet 4.5 by non-coder
A developer with zero coding experience built a fully playable browser-based curling game using Claude Sonnet 4.5. The game includes physics, scoring, and complete game flow, with Claude handling all code generation, debugging, and refinement based on plain English feedback.
From Zero Code to 25M Game Plays: A Non-Engineer's Journey Building with Claude + Cursor
A developer with no coding experience built three browser games (25M total plays, 200K daily) using Claude via Cursor. Two games are single 8,000-line HTML files. Total tool cost: ~$2K/month.
Replicating Anthropic's Generator-Evaluator Harness with Kiro CLI: A 12-Iteration Website Build
A developer replicated Anthropic's multi-agent Generator-Evaluator harness using Kiro CLI, running 12 adversarial iterations to build a marketing website without writing any code manually. Key takeaways include zero shared context, Playwright-based visual evaluation, and penalizing generic AI design patterns.