Old Man Shouts at Cloud

Adventures with OpenClaw

It has been an interesting couple of weeks in the LLM world. Clawdbot, sorry Moltbotoh, wait – OpenClaw, has burst into the common psyche because, well, it is an incredibly interesting tool that sits in front of mainstream LLMs.

We’ve all seen the usual chat interface used by ChatGPT, Anthropic’s Claude, and the rest. In some ways, OpenClaw (OC) is yet another chat UI. But it doesn’t stop there.

Given the right configuration, and access, OC can access your calendar, email, todo list, and more. Install it onto a Mac and it can access your installed apps and do work on your behalf.

It is probably the closest we have come, for now, to having a useable, user-facing, agentic tool that can do things on your behalf.

But with great power comes, as we know, great responsibility. And some folks have left their OC instances open to the Internet, exposing access to their personal information, confidential API keys, and more.

Doing this requires you to change the defaults that OC uses during installation. By default it will only listen to localhost, and opening it to the internet requires you to actively change the configuration to do this. Which is something that you really do not want to do. The OC docs are filled with warnings about the risks of doing this. And the built in security tool will repeat those warnings. But heed those warnings, run it securely, and you have access to a very useful tool.

And although some fun projects have emerged in the last week or so, maybe folks should focus a bit more on the coding, and a bit less on the vibing.

I’ve been running an OC instance for a couple of weeks now. I already had an ageing Intel NUC sat around running Linux and not doing much at the moment, so I decided to install onto that.

Here are a few things that I learned in the first day or two.

Talking to OpenClaw

The default comms channel that is used to talk to OC uses WhatsApp, and it is very easy to set up, even showing the device linking QR code in a text-based terminal. But it uses a tool call Baileys to automate access to WhatsApp, and to Meta this can look like a spambot, resulting in your account being banned.

So instead I created a free Slack instance, created a Slack App using the manifest in the OC instructions, and after added the relevant authentication details to OC, added the App to a channel. It works great. No notes. You can add the app to multiple channels if you want to, to keep projects and discussions separated.

Remote access

By default, the OC instructions show you how to access the bot, and it’s Control UI, via a SSH tunnel. This is fine, but not always convenient. The instructions also cover using Tailscale to securely access the backend via your Tailnet. I was already using Tailscale, with the NUC connected, so this was a no-brainer.

It took a minute to configure though. The docs were a little outdated at the time, and I had some connection problems. So I jumped into the Slack channel and worked the problem with my OC instance, backed by Anthropic Claude. After a little back and forth I had browser access to the Control UI. Well, almost.

For browser access to work you need to set up a device pairing between your browser and the OC backend. While doing this I learned that Safari would require frequent repairing, as OC uses the browser Device ID as a unique ID for sessions, and Safari resets this ID frequently for privacy reasons. Chrome-based browsers do not have this constraint, and I was already using Vivaldi, so it was an easy switch.

Approving device pairing can be done via the command line. But my OC instance in Slack told me that it could handle it, so I let it.

In case it’s helpful, this is a redacted version of the Gateway configuration for my instance:

  "gateway": {
    "port": 18789,
    "mode": "local",
    "bind": "loopback",
    "controlUi": {
      "allowInsecureAuth": false
    },
    "auth": {
      "mode": "token",
      "token": "[[SECRET ACCESS TOKEN]]",
      "allowTailscale": true
    },
    "trustedProxies": [
      "127.0.0.1",
      "[[OC HOST TAILNET IP]]"
    ],
    "tailscale": {
      "mode": "serve",
      "resetOnExit": false
    }
  },

As you can see, the host Tailnet IP works as a proxy to OpenClaw running on localhost. This is much better than opening up your OC instance to the internet.

Giving your bot some skills

There are a few different ways to add skills to your bot. Clawhub is a central repository of skills created by the community. You need to handle with care though. There have already been instances of people uploading skills that have stolen Bitcoin wallets.

That being said, if you handle with care you will find some useful skills in there.

Or, you can ask your bot to create a skill for you. So far I have used this method to create skills that:

  • On days that I commute into London, I get an early morning summary of the weather, my train times, and a heads up of any problems on the Tube.
  • At 6pm each day my bot gives me a summary of what it has helped me to do that day.
  • And at the same time it also checks if there are any updates available.
  • Creates a weekly summary of URLs that I have pasted into the OC chat. It also gets a summary of the URL contents. Every Sunday morning the bot posts a summary of the saved links to Slack, and also adds a “Weekly Links” page to my Notion site.

Each of these skills were added by having a short chat with the bot.

Job scheduling

OC has a built in cron capability. When asking your OC instance to do something on a schedule it will use this capability to run tasks at a set time and/or day. When adding a scheduled task always be specific and when you want the job to run. If you give more vague instructions like “in the morning”, you will burn a lot of tokens. The Heartbeat process that runs every few minutes will query your configured LLM to ask “is it morning where my user lives?”

So take a minute to think about when you need a reminder, or a task to run, and be specific about it.

Getting fancy

This morning I was working on something, and I thought that it would be handy to have access to my OC bot while working in Obsidian. I wanted to ask questions about the page I was working on, and maybe even use OC to manipulate the contents.

So I asked my bot if that was possible, and in less than 10 minutes I was installing a new plugin from a Git repo using BRAT.

I also wanted my OC bot to be able to send documents that it creates into my Obsidian Vault, and after some tweaking ans security changes, that was up and running too as an optional feature. And as the OC bot needs some backend configuration, we also published a skill to Clawhub that can be installed to your own OC instance.

In conclusion…

…there is no conclusion. This is a developing technology that will improve. OpenClaw is a powerful tool that, when used correctly, can do a lot for you. Is it better than using the official clients? In some ways, yes. I find the interactions to be more productive. Maybe it’s related to using Slack, and I feel more like I’m talking to a colleague? Whereas with ChatGPT, Claude, Codex, Claude Code, et al, I’m subconsciously putting myself into a certain mode, and that is limiting.

Whatever the reason, I’ll be sticking with OpenClaw for a while, it seems. More to come…

Andy Bold Avatar

Published by

Andy Bold
Categories: , ,
Tags: , , , , ,

Discover more from Old Man Shouts at Cloud

Subscribe now to keep reading and get access to the full archive.

Continue reading