The secrets question that keeps coming up here is worth unpacking. When your agent runs in the cloud, the question isn't just "did the VM get compromised." It's what keys the agent had in the first place. Most setups dump long-lived API keys into environment variables and call it a day. That works until it doesn't.
We built API Stronghold specifically for this: instead of baking keys into the agent's environment, you issue scoped, short-lived credentials at runtime. The agent gets exactly what it needs for that task, nothing more. If the agent misbehaves or gets hijacked, the blast radius is the credential TTL, not your entire API account.
What's the best "docker with openclaw" currently available? I have my own computers to run it on (I don't need a server). I want to play around, but containerized to avoid the security risk of MacOS app.
There seem to be about 20 options, and new ones every day. Any consensus on the best few are, and their tradeoffs?
This sounds awesome and exactly like the easy and safe on-ramp to OpenClaw that I've been looking for! I want to believe.
Two questions as a potential user who knows the gist of OpenClaw but has been afraid to try it:
1. I don't understand how the two consumption credits play into the total cost of ownership. E.g. how long will $20 of Orthogonal credits last me? I have no idea what it will actually cost to use Klaus/OpenClaw for a month.
2. Batteries included sounds great, but what are those batteries? I've never heard of Apollo or Hunter.io so I don't know the value of them being included.
In general, a lot of your copy sounds like it's written for people already deep into OpenClaw. Since you're not targeting those folks, I would steer more towards e.g. articulating use cases that work ootb and a TCO estimate for less technical folks. Good luck, and I'm eager to try it!
The cost of ownership for an OpenClaw, and how many credits you'll use, is really hard to estimate since it depends so wildly on what you do.
I can give you an openclaw instruction that will burn over $20k worth of credits in a matter of hours.
You could also not talk to your claw at all for the entire month, setup no crons / reoccurring activities / webhooks / etc, and get a bill of under $1 for token usage.
My usage of OpenClaw ends up costing on the order of $200/mo in tokens with the claude code max plan (which you're technically not allowed to use with OpenClaw anymore), or over $2000 if I were using API credits I think (which Klause is I believe, based on their FAQ mentioning OpenRouter).
So yeah, what I consider fairly light and normal usage of OpenClaw can quite easily hit $2000/mo, but it's also very possible to hit only $5/mo.
Most of my tokens are eaten up by having it write small pieces of code, and doing a good amount of web browser orchestration. I've had 2 sentence prompts that result in it spinning up subagents to browse and summarize thousands of webpages, which really eats a lot of tokens.
I've also given my OpenClaw access to its own AWS account, and it's capable of spinning up lambdas, ec2 instances, writing to s3, etc, and so it also right now has an AWS bill of around $100/mo (which I only expect to go up).
I haven't given it access to my credit card directly yet, so it hasn't managed to buy gift cards for any of the friendly nigerian princes that email it to chat, but I assume that's only a matter of time.
Our average user spends $50 a month all-in (tokens and subscription). If you're budget conscious you can use a cheap model (eg Gemini Flash) or even a free one. I confess I am a snob and only use Claude Opus, but even using OpenClaw all day every day I only spend about $500 a month on tokens.
Orthogonal credits are used more frequently by power users. For everyday tasks they'll last a very long time, I don't think any of our users have run out.
Some example Orthogonal user cases:
* customers in sales uses Apollo to get contact info for leads
* I use Exa search to help me prepare for calls by getting background info on customers and businesses
* I used SearchAPI to help find AirBnbs.
Point taken on the copy! We made this writing more technical for the HackerNews audience and try to use less jargon on other platforms.
Do you run a dedicated "AI SRE" instance for each customer or how do you ensure there is no potential for cross-contamination or data leakage across customers?
Basically how do you make sure your "AI SRE" does not deviate from it's task and cause mayhem in the VM, or worse. Exfiltrates secrets, or other nasty things? :)
We run a dedicated AI SRE for each instance with scoped creds for just their instance. OpenClaw by nature has security risks so we want to limit those as much as possible. We only provision integrations the user has explicitly configured.
Does the claw in the VM have proven capability (verified by your team) to track changes it makes to itself and persist across reboots? What about rollback capability?
We allow you to backup to a private Github repo you own so if you want to version control your setup that way you can. Otherwise most changes are tracked in the chat history and the LLM has some ability to repair itself or validate changes before they are made.
OpenClaw doesn't play well with SDKs like that. It expects to be able to run on a full machine (or container), to execute commands, to write files to disk. If we wanted we could fork and run something like this but we want to stay as close to the OSS as possible.
We certainly have customers who work in sales, but that's not the only use case.
OpenClaw is capable of using ElevenLabs or other providers to make phone calls, but I personally haven't done this and as far as I know none of our customers have either. Is AI good enough at cold calling yet for this to work? I personally would never entertain such a call.
You're right that security is a major risk. Our perspective here is that by defaulting to an EC2 instance, you're in control of what data is at risk. If you connect Google Workspace, you are exposing yourself to some security risk risk there, but tons of users do email through AgentMail which doesn't have access to your personal data. Also no risk of filesystem access/Apple ID access by default.
The secrets question that keeps coming up here is worth unpacking. When your agent runs in the cloud, the question isn't just "did the VM get compromised." It's what keys the agent had in the first place. Most setups dump long-lived API keys into environment variables and call it a day. That works until it doesn't.
We built API Stronghold specifically for this: instead of baking keys into the agent's environment, you issue scoped, short-lived credentials at runtime. The agent gets exactly what it needs for that task, nothing more. If the agent misbehaves or gets hijacked, the blast radius is the credential TTL, not your entire API account.
Worth thinking about regardless of which agent runtime you use: https://apistronghold.com
What's the best "docker with openclaw" currently available? I have my own computers to run it on (I don't need a server). I want to play around, but containerized to avoid the security risk of MacOS app.
There seem to be about 20 options, and new ones every day. Any consensus on the best few are, and their tradeoffs?
This sounds awesome and exactly like the easy and safe on-ramp to OpenClaw that I've been looking for! I want to believe.
Two questions as a potential user who knows the gist of OpenClaw but has been afraid to try it: 1. I don't understand how the two consumption credits play into the total cost of ownership. E.g. how long will $20 of Orthogonal credits last me? I have no idea what it will actually cost to use Klaus/OpenClaw for a month. 2. Batteries included sounds great, but what are those batteries? I've never heard of Apollo or Hunter.io so I don't know the value of them being included.
In general, a lot of your copy sounds like it's written for people already deep into OpenClaw. Since you're not targeting those folks, I would steer more towards e.g. articulating use cases that work ootb and a TCO estimate for less technical folks. Good luck, and I'm eager to try it!
The cost of ownership for an OpenClaw, and how many credits you'll use, is really hard to estimate since it depends so wildly on what you do.
I can give you an openclaw instruction that will burn over $20k worth of credits in a matter of hours.
You could also not talk to your claw at all for the entire month, setup no crons / reoccurring activities / webhooks / etc, and get a bill of under $1 for token usage.
My usage of OpenClaw ends up costing on the order of $200/mo in tokens with the claude code max plan (which you're technically not allowed to use with OpenClaw anymore), or over $2000 if I were using API credits I think (which Klause is I believe, based on their FAQ mentioning OpenRouter).
So yeah, what I consider fairly light and normal usage of OpenClaw can quite easily hit $2000/mo, but it's also very possible to hit only $5/mo.
Most of my tokens are eaten up by having it write small pieces of code, and doing a good amount of web browser orchestration. I've had 2 sentence prompts that result in it spinning up subagents to browse and summarize thousands of webpages, which really eats a lot of tokens.
I've also given my OpenClaw access to its own AWS account, and it's capable of spinning up lambdas, ec2 instances, writing to s3, etc, and so it also right now has an AWS bill of around $100/mo (which I only expect to go up).
I haven't given it access to my credit card directly yet, so it hasn't managed to buy gift cards for any of the friendly nigerian princes that email it to chat, but I assume that's only a matter of time.
Absolute madman :)
Giving an agent access to AWS is effectively giving it your credit card.
At the max, I would give it ssh access to a Hetzner VM with its own user, capable of running rootles podman containers.
Not at all. AWS IAM policy is a complex maze, but incredibly powerful. It solves this exact problem very well.
Just have to know... What the heck are you building?
Our average user spends $50 a month all-in (tokens and subscription). If you're budget conscious you can use a cheap model (eg Gemini Flash) or even a free one. I confess I am a snob and only use Claude Opus, but even using OpenClaw all day every day I only spend about $500 a month on tokens.
Orthogonal credits are used more frequently by power users. For everyday tasks they'll last a very long time, I don't think any of our users have run out.
Some example Orthogonal user cases:
* customers in sales uses Apollo to get contact info for leads
* I use Exa search to help me prepare for calls by getting background info on customers and businesses
* I used SearchAPI to help find AirBnbs.
Point taken on the copy! We made this writing more technical for the HackerNews audience and try to use less jargon on other platforms.
You may want to also look into AWS's OpenClaw offering (I was surprised to see this): https://aws.amazon.com/blogs/aws/introducing-openclaw-on-ama...
Do you run a dedicated "AI SRE" instance for each customer or how do you ensure there is no potential for cross-contamination or data leakage across customers?
Basically how do you make sure your "AI SRE" does not deviate from it's task and cause mayhem in the VM, or worse. Exfiltrates secrets, or other nasty things? :)
We run a dedicated AI SRE for each instance with scoped creds for just their instance. OpenClaw by nature has security risks so we want to limit those as much as possible. We only provision integrations the user has explicitly configured.
Is this not just Claude Code? Genuinely hoping someone could spell it out for me
Does the claw in the VM have proven capability (verified by your team) to track changes it makes to itself and persist across reboots? What about rollback capability?
We allow you to backup to a private Github repo you own so if you want to version control your setup that way you can. Otherwise most changes are tracked in the chat history and the LLM has some ability to repair itself or validate changes before they are made.
Why not use something like Temporal to recover state?
OpenClaw doesn't play well with SDKs like that. It expects to be able to run on a full machine (or container), to execute commands, to write files to disk. If we wanted we could fork and run something like this but we want to stay as close to the OSS as possible.
I get impression that this is automation tool for sales people. Does it do robotic phone calls to try to book meetings with customers?
We certainly have customers who work in sales, but that's not the only use case.
OpenClaw is capable of using ElevenLabs or other providers to make phone calls, but I personally haven't done this and as far as I know none of our customers have either. Is AI good enough at cold calling yet for this to work? I personally would never entertain such a call.
What does the VM consist of? Is the image available?
It's an Amazon Linux image on an EC2 instance. We install some custom packages too.
Sounds like a perfect data leak any% speedrun to me... :P
You're right that security is a major risk. Our perspective here is that by defaulting to an EC2 instance, you're in control of what data is at risk. If you connect Google Workspace, you are exposing yourself to some security risk risk there, but tons of users do email through AgentMail which doesn't have access to your personal data. Also no risk of filesystem access/Apple ID access by default.