This sounds awesome and exactly like the easy and safe on-ramp to OpenClaw that I've been looking for! I want to believe.

Two questions as a potential user who knows the gist of OpenClaw but has been afraid to try it: 1. I don't understand how the two consumption credits play into the total cost of ownership. E.g. how long will $20 of Orthogonal credits last me? I have no idea what it will actually cost to use Klaus/OpenClaw for a month. 2. Batteries included sounds great, but what are those batteries? I've never heard of Apollo or Hunter.io so I don't know the value of them being included.

In general, a lot of your copy sounds like it's written for people already deep into OpenClaw. Since you're not targeting those folks, I would steer more towards e.g. articulating use cases that work ootb and a TCO estimate for less technical folks. Good luck, and I'm eager to try it!

I imagine this would be quite a good fit for people who don't want to manage their own OpenClaw instance on their home network which is near zero cost especially if you use it with Gemini free tier + a low power arm board.

I don't get it. The point of OpenClaw is it's supposed to be an assistant, helping you with whatever random tasks you happen to have, in natural language. But for that to work, it has to have access to your personal data, your calendar, your emails, your credit card, etc., no?

Are there other tasks that people commonly want to run, that don't require this, that I'm not aware of? If so I'd love to hear about them.

The ClawBert thing makes a lot more sense to me, but implementing this with just a Claude Code instance again seems like a really easy way to get pwned. Without a human in the loop and heavy sandboxing, a agent can just get prompt injected by some user-controlled log or database entry and leak your entire database and whatever else it has access to.

Hmm. OK, I guess. But I are you going to stick to just OpenClaw, or look into variants? (I created https://github.com/rcarmo/piclaw, which is a leaner, less hype-driven and more utilitarian thing)

> Connecting your email is still a risk.

> If you’ve built something agents want, please let us know. Comments welcome!

I'll bite! I've built a self-hosted open source tool that's intended to solve this problem specifically. It allows you to approve an agent purpose rather than specific scopes. An LLM then makes sure that all requests fit that purpose, and only inject the credentials if they're in line with the approved purpose. I (and my early users) have found substantially reduces the likelihood of agent drift or injection attacks.

https://github.com/clawvisor/clawvisor

Do you run a dedicated "AI SRE" instance for each customer or how do you ensure there is no potential for cross-contamination or data leakage across customers?

Basically how do you make sure your "AI SRE" does not deviate from it's task and cause mayhem in the VM, or worse. Exfiltrates secrets, or other nasty things? :)

Not a fan of OpenClaw but if you're going to do that, why not on a service that gives you multiple VM's? https://exe.dev/docs/use-case-openclaw

I found ZeroClaw plus Hetzner to be a good option. I've been using it for a week, and it's stable and robust.

Complex abilities unlocked calling a FastAPI server with one skill for each endpoint

The biggest value IMHO of OpenClaw is that it's in the Apple ecosystem, so it leverages Reminders, iCloud sync for Obsidian values, etc., so not having a Mac option is pretty limiting for anyone who's relying on those integrations currently.

Is this not just Claude Code? Genuinely hoping someone could spell it out for me

What's the best "docker with openclaw" currently available? I have my own computers to run it on (I don't need a server). I want to play around, but containerized to avoid the security risk of MacOS app.

There seem to be about 20 options, and new ones every day. Any consensus on the best few are, and their tradeoffs?

Klaus looks great! It's definitely looks like a step up from the one-click VPS deploys that are terribly insecure.

I spent the past month hacking on openclaw to play nice in a docker container for my own VPS use.

This project has a lot of useful debugging tools for running multiple claws on a single VPS:

https://github.com/simple10/openclaw-stack

For average users, Klaus is a much better fit.

Nice turn key solution I like that it comes with it's own email and you don't need to add anything .... I was a fan of this VPS setup service for a beads agent system up from end to end but you need to BYO everything still it's free as in open source so got to thank Sir Dicklesworthstone for putting it together --

https://agent-flywheel.com/

Does the claw in the VM have proven capability (verified by your team) to track changes it makes to itself and persist across reboots? What about rollback capability?

I get impression that this is automation tool for sales people. Does it do robotic phone calls to try to book meetings with customers?

VM hosting is good. But I want to go step further and have a local model in this VM.

Focusing on where the agent runs instead of what it can do is basically the wrong strategy. Hosting these agents is hardly the problem and frankly AWS is not the most cost effective or secure path forward.

What is more important is making them do actual useful things that are net positive and right now the use-case are pretty limited.

OpenClaw indeed breaks with every update haha, nicely done

What does the VM consist of? Is the image available?

For a product that supposedly handles the most private bits of one's personal life, I would've expected much stronger wording in the privacy section. Instead, privacy and security are meshed up in one soup, there is no mention of internal access controls, and no promise that this info won't be shared under no shape or form or derivative beyond providing the functions necessary for the service. CCPA is mentioned but only for California residents. Generally, use at your own risk.

That's a cool idea, i'll be sure to check it out

I tried this service a few weeks ago, and I commend the goal - but there were a few issues I ran into:

1. There are many interactions I just could not get to work. I may have done something wrong, but in general, I have the perspective that most products should "just work" if it's as simple as clicking a button or directing something. In this case, I'm tangibly talking about the Browser feature, and the Canvas feature. In my account, I tried many times to have OpenClaw use the Browser to access a website and send me a screenshot, and it regularly reported the Browser was inaccessible, even though I had enabled it via Klaus UI. Secondly, I asked it to write certain reports to the Canvas as HTML pages that I could review - the entries would show up as files I could click on, but the files themselves were always empty. 2. OpenClaw with tokens is insanely expensive - I blew through the $15 tokens in a matter of a day.

For the first, my guess is I misconfigured something, but it's really difficult to identify what is wrong. My expectation was that I could prompt via Telegram to configure anything and everything, but some link was missing. Although I am a technical person, my expectation was that I would not need to muck around via `ssh` to figure out where my files ended up.

For the latter - and more broadly - OpenClaw is not well understood for most, and I think they will be caught off guard just how expensive it is. $15 in tokens is not a lot with how inefficient OpenClaw can be. My suggestion would be:

1. Pre-configure OpenClaw with already extremely memory-efficient rules and skills. 2. Provide clear guidance/documentation on ideal agent setup with different models as necessary. I think OpenRouter attempts to achieve this pretty well, but you are providing a layer on top of OpenRouter that may not be obvious to less-well-versed people. 3. Batteries-included options should "just work" - I felt I wasted a lot of tokens just figuring out how to get the thing to do simple tasks for me.

---

A lot of the notes I made are less about your product and what you've achieved, and more to do with OpenClaw. However, you've achieved one major milestone - which is the one-click setup of OpenClaw. But if your target demographic is the less technically inclined folks that want to be able to play with the bleeding edge of AI practices, I think your platform needs to guide users to how to actually use this thing, and become useful right away.

It may even be beneficial to showcase extremely clear workflows for users to get started and sell why they even want OpenClaw.

---

Anyway, kudos on the release! It is not easy to ship and you've done that hard bit! I bid you good luck on the next phase!

"The week after our launch we spent 20+ hours fixing broken machines by hand."

oh fuck yea, sounds great.

Hard pass on this (and OpenClaw) thanks.

Sounds like a perfect data leak any% speedrun to me... :P

Acknowledging the reality of history and business here that there's a 99% chance you don't exist in a few years, I would encourage you nonetheless to break EC2 and AWS in every single way you can possibly imagine and in ways you can't, obviously not in your customer account, but in a separate one. I was doing consulting services for a machine learning company that sold pre-configured EC2s and associated data infra to third-party researchers at a markup and basically stood up and ran their whole environment for about two years. Networking is probably the most frustrating thing you'll ever encounter and beware when they change their APIs and parameters that used to default to null no longer do. It's especially fun when the Linux kernel on the hypervisors you can't see messes with your packets.

Feels like most agent security discussions focus on where the agent runs (VMs, sandboxes, etc), but not whether the action itself should execute.

Even in a locked-down VM the agent can still send emails, spin up infra, hit APIs, burn tokens.

A pattern we've been experimenting with is putting an authorization boundary between the runtime and the tools it calls. The runtime proposes an action, a policy evaluates it, and the action only runs if authorization verifies.

Curious if others building agent runtimes are exploring similar patterns.

[dead]

No comment availabe

[dead]

[dead]

[dead]

[dead]

[dead]

this is reallly fucking interesting

mind if I write an article about this on ijustvibecodedthis.com ?

[dead]