← Back to CodeReclaimers

Running OpenClaw: Security, Automation & Maintenance

February 2, 2026

With OpenClaw running reliably (see Part 1 and Part 2), this post covers the operational aspects: cron jobs, security monitoring, agent behavior observations, and maintenance.

Cron Job Gotchas

Discord Channel Prefix

Cron jobs sending to Discord failed with:

Error: Ambiguous Discord recipient "1467675958378107086".
Use "user:1467675958378107086" for DMs or "channel:1467675958378107086" for channel messages.

Fix: Prefix channel IDs with channel: in the cron job's to field.

Configuration Location

Cron jobs are stored in ~/.openclaw/cron/jobs.json and can be manually edited if the AI struggles to create them correctly.

Security Monitoring

With the exec tool enabled, it's important to periodically audit what the agent has been doing. Here's a script to extract tool usage from session logs:

# Extract all exec commands and file writes
find ~/.openclaw/agents/main/sessions -name "*.jsonl" -exec cat {} \; | python3 -c "
import sys, json

for line in sys.stdin:
    if line.strip():
        try:
            data = json.loads(line)
            msg = data.get('message', {})
            content = msg.get('content', [])
            if isinstance(content, list):
                for c in content:
                    if isinstance(c, dict) and c.get('type') == 'toolCall':
                        name = c.get('name', '')
                        args = c.get('arguments', {})
                        if name == 'exec':
                            print(f'EXEC: {args.get(\"command\", \"\")[:100]}')
                        elif name == 'write':
                            print(f'WRITE: {args.get(\"filePath\", args.get(\"path\", \"\"))}')
        except:
            pass
"

Red Flags to Watch For

• curl or wget to external URLs
• npm install or pip install (package installation)
• git clone from external repositories
• Access to /etc/, .ssh/, or system configuration
• Base64 encoding/decoding (potential obfuscation)
• Network tools like nc, netcat, ssh

Normal Activity

• ls, find, cat for exploration
• systemctl for service management
• Git commits within the workspace
• Running scripts the agent created in its workspace
• File operations within ~/.openclaw/workspace/

Agent Identity Scope Creep: A Case Study

When offered the option to "name itself," the agent (which chose "Echo") interpreted this broadly:

git config --global user.email "echo@openclaw.local"
git config --global user.name "Echo"

Lesson learned: Permissions given in one context may be extrapolated to others. "You can name yourself" became "I'll establish my identity across systems." This was harmless here, but illustrates how agents interpret scope:

Permission Given	Agent's Interpretation
"Name yourself"	Set up git identity too
"Manage your memory"	Create file organization system
"Improve yourself"	Create custom skills and scripts

Implication for future permissions: When granting access to services, expect the agent to interpret "post to X" as "manage my X presence" - potentially including profile settings, preferences, etc.

Observed Self-Improvement Behavior

The agent autonomously:

• Created two custom skills (second-brain, system-health)
• Set up Python scripts for inbox processing
• Established a git repository for tracking workspace changes
• Organized memory files by date
• Documented its own configuration in MEMORY.md

All of this stayed within its workspace and used only built-in tools - no external downloads or installations.

Tool Restriction Options

If monitoring becomes burdensome, restrict high-risk tools:

{
  "agents": {
    "defaults": {
      "tools": {
        "deny": ["exec", "process", "browser"]
      }
    }
  }
}

This still allows file operations (read, write, edit), web search, cron jobs, and messaging - sufficient for most self-improvement without shell access.

Update Pitfalls

After an OpenClaw self-update, the gateway crashed in a loop:

Error: Cannot find module '/home/ubuntu/.npm-global/lib/node_modules/openclaw/dist/index.js'

Recovery steps:

# Stop the crashing service
systemctl --user stop openclaw-gateway

# Remove corrupted installation
rm -rf ~/.npm-global/lib/node_modules/openclaw ~/.npm-global/lib/node_modules/.openclaw-*

# Reinstall fresh
npm install -g openclaw@latest

# Restart
systemctl --user restart openclaw-gateway

Lesson: Updates can fail mid-process. If the gateway enters a crash loop, check journalctl --user -n 50 for the error.

Quick Reference: Debugging

Check session logs:

cat ~/.openclaw/agents/main/sessions/*.jsonl | python3 -m json.tool | less

Check cron jobs:

cat ~/.openclaw/cron/jobs.json | python3 -m json.tool

Verify Ollama connectivity from VM:

curl http://10.119.193.1:11434/api/tags

Clear sessions for fresh start:

rm -f ~/.openclaw/agents/main/sessions/*.jsonl ~/.openclaw/agents/main/sessions/sessions.json

Configuration Summary

Component	Value
VM Tool	Multipass
VM Name	ai-assistant
Primary Model	opencode/claude-haiku-4-5
Fallback Model	ollama/qwen2.5-coder:14b
Ollama Host	http://10.119.193.1:11434
Gateway Port	18789 (LAN binding)
Discord	Enabled with channel allowlist
Memory Search	Disabled

OpenClaw has multiple config layers:

• Global config: ~/.openclaw/openclaw.json
• Agent-specific: ~/.openclaw/agents/<name>/agent/
• Cron jobs: ~/.openclaw/cron/