Tom Ho avatar

Tom Ho

February 27, 2026

Key Considerations When Deploying AI Agents (OpenClaw) Part 2

Key Considerations When Deploying AI Agents (OpenClaw) Part 2

Why do people usually run OpenClaw on a Mac Mini, laptop, etc., instead of a VPS? Here are some reasons that make sense to me.

  • Residential IP. Your regular home IP address rarely gets blocked when browsing the web for automation tasks. Sure, you can set up a proxy on a VPS to work around this, but residential IPs aren’t cheap.

  • Why Mac? Why not Windows? Honestly, Linux works fine too, it doesn’t have to be Mac. But most AI companies focus on Mac first. Right now, Codex + Claude Code on Windows still aren’t well-supported. macOS is great for developers in terms of CLI tools, just like Linux. And it strikes a nice balance between UI and CLI for both regular users and developers. For me personally, I need Excel (tools like LibreOffice have font rendering issues if you hit the same edge cases I did) + Photoshop on Mac, and I had a spare MacBook Air M1 sitting around, so I just set it up on that.

Why OpenClaw?

  • There are plenty of other options: ZeroClaw, NanoClaw, GoClaw, etc. I’m just too lazy to read through all their docs and code. Plus, OpenClaw has a bigger community. And from what I’ve seen from Peter’s replies, OpenAI won’t ban your ChatGPT subscription for using it, so the $200/month plan seems reasonable.

  • Claude Code just released /remote-control, so there’s a trend on X of people dropping OpenClaw. Other companies will inevitably do something similar sooner or later. People seem to like using OpenClaw for coding, but personally, I don’t use it for coding, and I don’t enjoy coding on mobile either. OpenClaw can spin up Claude Code with remote control, so you can use that too.

  • It integrates with multiple chat channels for regular people. Most regular people have never heard of Codex, Claude Code, or even Claude Cowork.

  • Why not n8n or similar tools? I’m still using n8n. These AI agents are meant to supplement tasks that n8n couldn’t do before, or found very difficult. In terms of efficiency + cost + reliability, n8n still beats this AI setup.

It Doesn’t Have to Be OpenClaw

Honestly, it doesn’t have to be OpenClaw. The real value of this AI setup is automating things that used to take forever and were too hard for tools like n8n. The core of it, as I see it, is skills for automation. Creating skills to complete tasks for individuals or businesses, that’s the real core. OpenClaw or similar tools are just an integration layer for running skills and working with data. Tomorrow, if OpenClaw disappears, something else will take its place, so it’s not that important. What matters most is getting the job done: increase revenue or reduce costs. That’s the real core.

What About Security?

The OpenClaw folks keep getting roasted about security lol. But I see them pushing updates daily and addressing issues constantly, so this will sort itself out eventually.

Security is genuinely complex. You need to balance safety with usability. Too strict, and it becomes painful to use. So you have to find the right balance. OpenClaw has reasonably good built-in security.

Here’s how I’d break down the security setup (currently limited to my own use case, internal only, not deployed externally yet):

DM (Direct Message):

  1. For the owner.
  2. For the owner’s family members.
  3. For company team members (work). Not deployed yet, but coming soon.

Group Chat: 4. Family group. 5. Friends group. 6. Work group.

What about customer support? Personally, I don’t like being served by a bot when I’m shopping, so my policy is clear: only humans communicate with customers, bots are just there to assist. No bot-powered customer service here.

For each case above, here’s how I’d set up separate agents:

  • Default agent: Full permissions, no sandbox, for the owner. You need to set up an allow list for this. By default, I drop all messages.

  • Family agent:

    • For easy setup: no sandbox, but remove gateway access from chat to avoid unnecessary OpenClaw update/restart cycles. Separate workspace.
    • Sure, there’s some prompt injection risk, but if you can’t trust your family, who can you trust?
    • This agent is shared across family DMs and family group chats.

  • Friend agent:

    • Set up a Docker sandbox. You’ll need to use the common sandbox instead of the default one (the default sandbox doesn’t have Node or Python). OpenClaw’s scripts include a setup for this common sandbox. Friends might want to run fun tools like image generation (nano banana, etc.) or other entertaining stuff, and it shouldn’t have access to anything else on your machine.
    • Workspace should be separate with its own set of skills. The sandbox should only load that specific skill set.
    • Allow permissions should include group:runtime and group:fs for group chat and file operations.

  • Work agent:

    • Similar to the friend agent, use the common sandbox instead of the default one. It shouldn’t access anything else on your machine.
    • Separate workspace with its own skill set. The sandbox only loads those specific skills. Pass separate env variables dedicated to work only.
    • Allow permissions should include group:runtime and group:fs for group chat and file operations.
    • You can integrate company-specific skills and tools to work with company data here. Of course, you’ll need to code a permissions layer between tools and chat users.
    • This agent is shared across company member DMs and company group chats. I’m still thinking about whether to split them.

These agents can be reused across multiple chat channels with OpenClaw, like Teams or Zalo.

Important Notes for Different Workspaces

When workspaces differ, keep in mind:

  • AGENTS.md, SOUL.md, etc. will be recreated from scratch, the reply style won’t match the default setup. You’ll likely need to duplicate these files or have OpenClaw sync them.
  • Memory will be different too. Should memory be shared? I’m still thinking about whether to share memory across workspaces. The easiest approach: use the owner’s DM to tell OpenClaw to sync when needed.
  • Skills: Global skills won’t load in a sandbox environment. You have to place skills at ~/.openclaw/workspace-*/skills/. After adding skills or changing config, run /new with OpenClaw to reload.

Tips for Developing Skills

  • I usually use Claude Code to run the workflow first, then use Claude Code’s skill creator skill to generate a skill from that conversation. Then I test it multiple times on Claude Code until it’s solid.
  • Skills should be portable, copy from one machine to another, same behavior, still works. Claude Code’s skill creator doesn’t emphasize this enough.
  • Clear instructions so skills can run across different models. The same skill runs differently on Opus vs GPT 5.3 Codex, so keep that in mind when building skills.
  • If a skill involves browser automation, drop it into OpenClaw and have it review using OpenClaw’s browser instead of Playwright MCP. I’ve found it works better that way.

Final Thoughts

All of this might look easy at a glance, but it takes time and needs to be updated as your personal and business needs evolve (needs always change over time). I wouldn’t be surprised if a new role emerges in the future: Agent Manager, someone who manages agents and creates skills to keep businesses running smoothly. Or maybe IT help desk folks will just take this on as part of their job.

About Tom Ho

Working on turnedninja.com and ninzap.com.
Posting at X: @hxtxmu.