My Experience Using OpenClaw: A Security Professional’s Journey

Posted on February 13, 2026 by Simon Roses

Read Time: 12 minutes

TL;DR

OpenClaw has transformed how I work as a cybersecurity consultant and developer. After two weeks of daily use, I’ve automated email management, built custom security tools overnight, and integrated AI into my pentesting workflow—all while maintaining strict security boundaries. This article covers my real-world experience: the good (autonomous coding agents), the tricky (channel configuration), and the lessons learned (troubleshooting multi-platform integrations).

Introduction: Why I Chose OpenClaw

As a cybersecurity professional running VULNEX, my day involves pentesting, security consulting, building commercial products and open source tools. I need an AI assistant that can:

  • Work autonomously while I sleep or focus on client work
  • Access my infrastructure securely (email, servers, projects)
  • Integrate with my workflow (Telegram, GitHub, development environments)
  • Respect security boundaries (no data leakage, no unauthorized access)

ChatGPT and Claude Web couldn’t do this. They’re great for conversations, but they can’t:

  • Read my email inbox and filter spam
  • SSH into my Raspberry Pi and deploy Docker containers
  • Monitor GitHub issues and create pull requests
  • Send me proactive Telegram notifications about urgent matters

OpenClaw can. It’s self-hosted, runs on my infrastructure (a Raspberry Pi 5), and has persistent memory across sessions. It’s not just a chatbot—it’s a 24/7 autonomous agent.

The Setup: From Zero to Productive in One Day

Hardware

  • Raspberry Pi 5 (8GB RAM, running Raspberry Pi OS 64-bit)
  • 256GB microSD card (for workspace, Docker images, logs)
  • Ethernet connection (reliable, no Wi-Fi dropouts)

Yes, you can run your agents in more expensive hardware such as Apple Mini or Studio, it all comes down to what you want to achieve, number of agents, etc. At some point I will deploy my agents in Apple gear.

Installation

OpenClaw installation was straightforward:

curl -fsSL https://install.openclaw.ai | bash
openclaw gateway start

Within 5 minutes, I had:

  • ✅ Gateway running (port 3000)
  • ✅ Web interface accessible (local network)
  • ✅ Main agent session ready

Installation is easy, troubleshooting can be hard.

Initial Configuration

The first challenge: choosing a model. OpenClaw supports multiple providers:

  • Anthropic (Claude Sonnet 4, Claude Opus 4)
  • OpenAI (GPT-4.1, GPT-4o)
  • Local models (via Ollama, LM Studio)

I chose Claude Sonnet 4 for:

  • Best code quality (important for autonomous work)
  • 1M token context window (can handle large projects)
  • Strong reasoning (fewer hallucinations on complex tasks)

Opus is another choice for a top-notch model but more expensive. If you are using local models, it is another game. A future post, I guess :)

Configuration was simple:

openclaw config set anthropic.apiKey="sk-ant-..."
openclaw config set defaultModel="anthropic/claude-sonnet-4-5"

Channels: The Communication Backbone

Telegram Integration (Primary Interface)

Telegram became my main interface to AgentX (my OpenClaw agent). Why Telegram?

  • Mobile-first (I’m constantly on the move)
  • Notifications (instant alerts without opening a browser)
  • File sharing (send images, PDFs, code snippets)
  • Secure (end-to-end encryption available)

Setup:

  1. Created a Telegram bot via BotFather
  2. Added bot token to OpenClaw config: 
    openclaw config set telegram.token="123456:ABC..."
  3. Started chatting immediately

Real-world usage:

  • Morning: “Check my inbox, any urgent emails?”
  • Afternoon: “Deploy the latest changes to prod”
  • Evening: “What did you work on today? Show me a summary.”

Telegram’s inline buttons and rich formatting made interactions feel native, not like talking to a terminal.

Webchat (For Sensitive Data)

While Telegram is convenient, I configured Webchat for:

  • Reviewing security audit reports (too sensitive for cloud messaging)
  • Discussing client projects (GDPR compliance)
  • Sharing API keys or credentials temporarily

Webchat runs on localhost and never leaves my network.

Security setup:

{
  "webchat": {
    "auth": {
      "password": "SecurePassword123!"
    }
  }
}

Simple but effective: password-protected, no public exposure.

Email Integration

I gave AgentX access to email accounts via IMAP/SMTP. This was a game-changer for:

  • Spam filtering (AgentX auto-archives recruitment spam)
  • Inbox triage (flags urgent client emails)
  • Automated responses (acknowledges non-urgent inquiries)

Configuration:

# Email test script (Python)
VULNEX = {
    'email': 'email address',
    'password': 'AppPassword',
    'imap_host': 'mail server',
    'imap_port': 993,
    'smtp_host': 'mail server',
    'smtp_port': 465,
}

Security consideration:

  • Used an app-specific password (not my main password)
  • Email account is dedicated to AgentX (not my personal inbox)
  • IMAP/SMTP over SSL (ports 993/465, encrypted)

Security: Walking the Tightrope

As a security professional, giving an AI agent access to my infrastructure was terrifying. Here’s how I mitigated risks:

1. Sandboxed Execution

OpenClaw runs commands in a sandboxed environment. By default, it can’t:

  • Delete system files (filesystem access limited to workspace)
  • Open arbitrary network connections (firewall rules)
  • Access my personal files (isolated workspace)

I configured explicit exec approvals for dangerous commands:

{
  "exec": {
    "approvals": {
      "rm -rf": "deny",
      "sudo": "ask",
      "docker": "allow"
    }
  }
}

2. Read-Only Access to Production

AgentX can read production logs and monitor deployments, but cannot:

  • Push code directly to main branch (only creates PRs)
  • Restart production services (requires manual approval)
  • Access production database credentials (not in workspace)

3. Audit Logs

Every command AgentX runs is logged:

[2026-02-11 09:42] exec: git status
[2026-02-11 10:15] exec: docker ps
[2026-02-11 12:30] exec: python scripts/email_test.py

I review logs weekly to catch anomalies.

4. No External Data Leakage

OpenClaw is self-hosted. No data leaves my network except:

  • API calls to Anthropic (for Claude model inference)
  • Outbound email via my SMTP server

I explicitly disabled web search for sensitive projects:

{
  "tools": {
    "web_search": {
      "enabled": false  // For client projects only
    }
  }
}

Troubleshooting: Lessons Learned

Issue 1: Channel Message Duplication

Problem: AgentX sent the same reply to both Telegram and Webchat.

Cause: I had both channels active, and the default routing was ambiguous.

Fix: Configured explicit channel priorities:

{
  "channels": {
    "priority": ["telegram", "webchat"]
  }
}

Now Telegram is primary, Webchat is fallback.

Issue 2: Gmail Account Banned

Problem: Created a Gmail account for AgentX, but Google banned it within 24 hours.

Cause: Google detected the account was created programmatically.

Lesson: Use a professional email domain instead of free providers. It’s more reliable and looks more credible.

Issue 3: Memory Context Overflow

Problem: After 3 days of continuous work, AgentX started “forgetting” earlier conversations.

Cause: Context window filled up with logs, old messages, and file contents.

Fix: Configured memory compaction:

{
  "memory": {
    "compaction": {
      "enabled": true,
      "threshold": 800000  // Compact at 800k tokens
    }
  }
}

Now AgentX auto-summarizes old context and keeps only important details.

Issue 4: Docker Permission Errors

Problem: AgentX couldn’t run docker commands (permission denied).

Cause: My user wasn’t in the docker group.

Fix:

sudo usermod -aG docker myuser
sudo systemctl restart openclaw-gateway

Issue 5: Telegram Rate Limiting

Problem: Sending too many messages to Telegram triggered rate limits.

Cause: AgentX was replying to every message immediately, including heartbeat checks.

Fix: Configured heartbeat acknowledgment:

{
  "heartbeat": {
    "silent": true,  // Reply HEARTBEAT_OK without sending to Telegram
    "interval": 1800000  // 30 minutes
  }
}

Autonomous Work: The Real Power

The killer feature of OpenClaw is autonomous work. I configured AgentX to:

  • Check email every morning at 8am (cron job)
  • Build features overnight while I sleep (nightly builds)
  • Monitor security news and summarize daily (via web search)

Nightly Builds

Every night at 8pm, AgentX:

  1. Pulls latest code from GitHub
  2. Implements features from my TODO list
  3. Runs tests
  4. Creates a PR if tests pass
  5. Sends me a Telegram summary

Example:

AgentX (8:42 PM):
🔨 Nightly Build Complete

Built: VS Code extension
Tests: 91/91 passing ✅
PR: #47 (ready for review)

Time: 2h 30m
Cost: ~$0.35 (Claude Sonnet 4)

I wake up to working code, not a list of tasks.

Daily Research Reports

Every day at 3pm, AgentX researches a topic relevant to my work:

  • AI security trends
  • Pentesting techniques
  • Business opportunities

Example output:

AgentX (3:15 PM):
📊 Daily Research Report: Active Directory Privilege Escalation

Key Insights:

  • Kerberoasting almost always works (weak service account passwords)
  • GOAD lab is best practice environment (5 AD forests, free)

Full report: second-brain/security/ad-privilege-escalation.md

This keeps me current without spending hours researching.

Real-World Use Cases

Use Case 1: Professional Services Automation

Task: Build tools to streamline pentesting engagements.

AgentX deliverable (1.5 hours):

  • PDF report generator (JSON → professional report)
  • Web reconnaissance script (automated enumeration)
  • Network scanning script (Nmap + Masscan automation)
  • Proposal templates (SOW, intake forms)

Value: Saves 8-11 hours per engagement (~€800-€1,100)

Use Case 2: Content Creation

Task: Write blog articles and marketing content.

AgentX deliverable (1 hour):

  • Blog post (6.4KB, publication-ready)
  • Twitter threads (3 variations, 10-20 tweets)
  • Product Hunt launch post (4.4KB)
  • Reddit posts (7 subreddit-specific versions)

Value: Professional copywriting at zero cost.

What I Love

1. True Autonomy

AgentX doesn’t just respond to prompts—it takes initiative. Examples:

  • Noticed a security vulnerability in code → fixed it without being asked
  • Saw a deadline approaching → prioritized work accordingly
  • Found outdated documentation → updated it proactively

2. Persistent Memory

Unlike ChatGPT (which forgets everything after a session), AgentX remembers:

  • Project context (Bytes Revealer, USecVisLib)
  • My preferences (coding style, communication tone)
  • Past decisions (why we chose certain architectures)

This eliminates context re-explanation every conversation.

3. Cost Transparency

Every session, I see:

Tokens: 45.2k in / 18.7k out  
Cost: ~$0.42 ($0.14 in + $0.28 out)

I can track AI spend vs. value delivered. So far, I’ve spent ~€50 on API costs and gained €5,000+ in time savings.

What Could Be Better

1. Multi-Agent Collaboration

Right now, I have one agent (AgentX). I’d love to spawn specialized agents:

  • SecurityBot (focused on pentesting)
  • CodeBot (focused on development)
  • ResearchBot (focused on intelligence gathering)

They could collaborate on complex tasks.

2. Better Error Recovery

Sometimes AgentX gets stuck (e.g., infinite loop, API timeout). Manual intervention is required. I’d like:

  • Auto-recovery (restart stuck tasks)
  • Fallback models (if Claude API fails, use GPT-4o)

Security Best Practices

If you’re deploying OpenClaw (especially for business use), here are my recommendations:

1. Use a Dedicated Email Account

Don’t give OpenClaw access to your personal inbox. Create:

  • agent@yourcompany.com (dedicated)
  • App-specific password (revocable)
  • IMAP over SSL (port 993)

2. Restrict Filesystem Access

Limit OpenClaw to a workspace directory:

/home/user/.openclaw/workspace/  ← OpenClaw can read/write here
/home/user/personal/             ← OpenClaw CANNOT access this

3. Review Logs Weekly

Check ~/.openclaw/logs/ for suspicious activity:

grep -i "rm -rf" logs/*.log
grep -i "curl" logs/*.log | grep -v "github.com"

4. Enable 2FA Everywhere

If OpenClaw has access to services (GitHub, cloud providers), enable 2FA. Even if OpenClaw is compromised, attackers can’t authenticate.

5. Use Read-Only Tokens

For GitHub, give OpenClaw a read-only personal access token. It can:

  • Clone repos
  • Read issues
  • View PRs

But cannot:

  • Push to main
  • Delete repos
  • Change settings

Using OpenClaw as an Active Security Guard

One of the most powerful use cases I’ve found for OpenClaw is turning it into a 24/7 network security monitor. Think of it as having a tireless security guard that never sleeps, continuously scanning your network perimeter and alerting you to anomalies.

The Setup: Network Scanning + WiFi Monitoring

Here’s how I configured my agent to monitor both wired and wireless network perimeters:

Hardware

  • Raspberry Pi 5 (8GB) running OpenClaw Gateway
  • External WiFi adapter (USB, monitor mode capable) for wireless perimeter scanning
  • Connected to my home/office network via Ethernet

What It Monitors

  1. Internal network – Active hosts, open ports, service versions
  2. WiFi perimeter – Nearby access points, rogue APs, client activity
  3. Port exposure – Services that shouldn’t be externally accessible
  4. New devices – Unrecognized hosts joining the network

Automated Network Scanning with Nmap

I created a scheduled cron job that runs every 4 hours to scan my network:

# Cron job: Network Security Scan (every 4 hours)
# Schedule: 0 */4 * * * (00:00, 04:00, 08:00, 12:00, 16:00, 20:00)

"Run network security scan. Use nmap to:
1. Scan local network (192.168.1.0/24) for active hosts
2. Identify open ports and running services
3. Detect new/unknown devices
4. Check for suspicious services (telnet, unencrypted protocols)
5. Save results to second-brain/security/network-scans/YYYY-MM-DD-HH.md
6. Compare with previous scan - alert if new hosts or open ports detected
7. Deliver summary via Telegram if anomalies found"

Example command the agent runs:

# Quick host discovery
sudo nmap -sn 192.168.1.0/24 -oG - | grep "Up" > /tmp/current-hosts.txt

# Detailed scan of active hosts
sudo nmap -sV -p- --open 192.168.1.0/24 -oN /tmp/full-scan.txt

# Service version detection for critical hosts
sudo nmap -sV -sC 192.168.1.1,192.168.1.74 --script=vulners

WiFi Perimeter Monitoring

For wireless monitoring, I attached a USB WiFi adapter (supports monitor mode) and scheduled hourly perimeter scans:

# Cron job: WiFi Perimeter Scan (hourly)
# Schedule: 0 * * * * (every hour)

"Run WiFi perimeter scan:
1. Put wlan1 into monitor mode
2. Scan for nearby access points (airodump-ng or iwlist)
3. Detect rogue APs (SSIDs that shouldn't be here)
4. Monitor client activity (unusual deauth attacks)
5. Log results to second-brain/security/wifi-scans/YYYY-MM-DD.md
6. Alert via Telegram if unknown AP detected or deauth flood observed"

Agent executes:

# List nearby APs
sudo iwlist wlan1 scan | grep -E "ESSID|Address|Quality"

# Or use airodump-ng for deeper analysis
sudo airmon-ng start wlan1
sudo airodump-ng wlan1mon --output-format csv -w /tmp/wifi-scan

Port Exposure Monitoring

The agent also watches for accidentally exposed services:

# External scan from VPS (via SSH tunnel)
ssh vps.example.com "nmap -Pn -p- YOUR_PUBLIC_IP"

If it finds unexpected open ports (e.g., port 18789 exposed when it should be firewalled), it immediately alerts me:

⚠️ Port Exposure Alert

Port 18789 (OpenClaw Gateway) is accessible from the internet. Expected: Firewalled (local/Tailscale only) Current: OPEN

Run: sudo ufw deny 18789 to close.

Daily Summary Reports

Every morning at 8:30 AM (as part of the Morning Intelligence Briefing), the agent includes a network security summary:

Network Security (Last 24h)
- Scans performed: 6
- Active hosts: 12 (unchanged)
- New devices: 0
- Suspicious activity: None
- WiFi APs detected: 8 (2 neighbors, 6 unknown/distant)

Why This Works

Benefits:

  • Continuous monitoring – Scans run even when I’m asleep or away
  • Instant alerts – Telegram notifications for anomalies
  • Historical tracking – All scans logged to second-brain/security/
  • Context-aware – Agent knows what’s “normal” and flags deviations
  • No manual work – Fully automated, just review summaries

Caveats:

  • Requires sudo privileges for raw socket access (nmap, airodump-ng)
  • WiFi monitor mode may disable normal WiFi connectivity on that adapter
  • Rate limiting: Too frequent scans can trigger IDS alerts on enterprise networks

Sample Cron Job Setup

Here’s the exact cron job I use for network scanning:

{
  "name": "Network Security Scan (4h)",
  "schedule": {
    "kind": "cron",
    "expr": "0 */4 * * *",
    "tz": "Europe/Madrid"
  },
  "sessionTarget": "isolated",
  "payload": {
    "kind": "agentTurn",
    "message": "Run network security scan:\n1. nmap -sn 192.168.1.0/24 (host discovery)\n2. Compare with previous scan (second-brain/security/network-scans/latest.txt)\n3. If new hosts: deep scan with -sV -sC\n4. Save results to second-brain/security/network-scans/YYYY-MM-DD-HH.md\n5. Alert via Telegram if anomalies detected\n\nExpected hosts: 12\nKnown MAC addresses: see TOOLS.md",
    "timeoutSeconds": 600
  },
  "delivery": {
    "mode": "announce",
    "channel": "telegram"
  }
}

Pro Tips

  1. Whitelist known devices – Keep a list in TOOLS.md so the agent knows what’s expected
  2. Schedule scans during off-hours – 4 AM scans won’t interfere with work
  3. Use isolated sessions – Network scans run in separate sessions to avoid cluttering main chat
  4. Save all output – Store raw nmap/airodump logs for forensic analysis later
  5. Combine with other tools – Integrate with Shodan API for external exposure checks

The Result

I now have a tireless security guard that watches my network 24/7, alerts me to anomalies, and maintains historical scan data for trend analysis. It’s like having a junior SOC analyst except it never takes vacation, never misses a shift, and costs me ~$0.50/day in API calls.

Next evolution: Integrating with Suricata IDS logs and correlating nmap findings with SIEM alerts for full network visibility.

OpenClaw CLI Commands – Quick Reference

openclaw status

Quick system overview. Shows your gateway connection status, active sessions, configured channels (Telegram, Discord, etc.), memory state, and available updates. Includes a security audit summary with warnings about exposed credentials or misconfigurations. Perfect for a daily health check.

Key info:

  • Gateway reachability & auth mode
  • Active sessions with token usage (e.g., “200k/200k (100%)”)
  • Enabled channels and their status
  • Security warnings (critical/warn/info)
  • Update availability
openclaw status

openclaw status –deep

Extended diagnostics. Everything from openclaw status plus:

  • Last heartbeat status (when the agent last checked in)
  • Health probes (Gateway + channel connectivity tests with response times)
  • More detailed session metadata
  • Use when troubleshooting connectivity issues or verifying channel integrations.
openclaw status --deep

openclaw doctor

System health report with fix suggestions. Runs comprehensive checks on:

  • Security posture (gateway exposure, auth strength)
  • Skills status (eligible vs. missing dependencies vs. blocked by allowlist)
  • Plugins (loaded, disabled, errors)
  • Channel connectivity (live test with response times)
  • Session store (location, entry count, recent sessions)
  • Shows warnings and actionable recommendations but doesn’t modify anything—just reports.
openclaw doctor

openclaw doctor –fix

Auto-repair mode. Runs the same checks as openclaw doctor, but automatically applies safe fixes:

  • Updates config file with recommended settings
  • Creates a backup (~/.openclaw/openclaw.json.bak)
  • Adjusts permissions, plugin states, or deprecated settings
  • Always backs up your config before making changes. Use this when doctor reports issues you want to auto-resolve.
openclaw doctor --fix

openclaw logs –follow

Live log streaming. Real-time tail of OpenClaw’s debug logs, showing:

  • Tool calls (read, exec, web_search, message, etc.)
  • Agent runs (start/end, duration, session IDs)
  • Cron job triggers
  • Channel events (Telegram messages, Discord reactions)
  • Lane queueing (task scheduling diagnostics)
  • Essential for debugging live interactions or watching what the agent is doing during a cron job. Press Ctrl+C to stop.

Without –follow, prints recent log entries from today’s log file (/tmp/openclaw/openclaw-YYYY-MM-DD.log).

openclaw logs --follow

openclaw security audit –deep

Detailed security analysis. Scans your installation for vulnerabilities and exposures:

  • Credentials in config (should be in environment variables instead)
  • Attack surface summary (open groups, elevated tools, hooks, browser control)
  • Gateway exposure (LAN vs. loopback binding)
  • Tool policies (which tools are denied/allowed)
  • Reports findings as CRITICAL, WARN, or INFO with remediation steps. Use –deep to see full attack surface breakdown.
openclaw security audit --deep

openclaw health

Quick channel + session check. Lightweight status command showing:

  • Channel connectivity (e.g., “Telegram: ok (334ms)”)
  • Active agents (default agent, sub-agents)
  • Heartbeat interval (how often agent checks in)
  • Recent sessions (last 5 sessions with timestamps)
  • Fastest way to verify channels are connected and your agent is responding. No gateway diagnostics—just the essentials.
openclaw health

Pro tip: Use openclaw status –deep for morning checks, openclaw doctor –fix after updates, and openclaw logs –follow when debugging live issues.

Conclusion: The Future of Work

After two weeks with OpenClaw, I can’t imagine going back. It’s not just a tool—it’s a co-worker. A co-worker who:

  • Works 24/7 without complaining
  • Never forgets context
  • Learns my preferences over time
  • Costs €1-€2 per day (Claude API fees)

Is it perfect? No. There are quirks, occasional errors, and moments where I need to step in. But the value delivered far exceeds the friction.

If you’re a developer, security professional, or founder who values time over money, OpenClaw is worth trying. It won’t replace you—but it will multiply you.

  • X: @SimonRoses
This entry was posted in AI, Pentest, Security, Technology and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.