OpenClaw is amazing, but it’s challenging to configure in a secure way. While it’s no secret that OpenClaw has major security concerns, we can learn a lot from it about how we can enhance our own agents. Here are 5 principles that you should be using in your workflows.

1. The heartbeat

Most agents are built to run for short windows after receiving a prompt or trigger, either returning a response immediately or taking some brief actions before replying. By having a system that checks for ongoing tasks, your agents can continue to work until tasks are completed, or even perform ongoing work. For example, you can have a job scheduled that pings the agent every 30 minutes to ask “do you have any pending tasks?” And if you want to avoid spam, make sure to include silence criteria like “only notify me if an upcoming meeting doesn’t have an agenda”.

2. The soul

Are you still relying on your system prompt to enforce personality, guidelines, directions, and more? Stop trying to shove everything into your system prompt. Break up different parts of the agent’s memory into discrete files. Make distinctions between personality, rules for chatting, procedures, and long term memory. By breaking these into separate files, you are making your agent easier to develop and debug, while giving it longevity and the ability to learn how it should work. For instance, if you tell it “stop using em dashes, I want it to look like I actually wrote these”, it writes that to the personality or rules file to remember that in future sessions.

3. Work in plain text files

And speaking of memory, work in markdown. One of the biggest advantages of this is that a significant amount of training data was in markdown format, which means that agents are fantastic at following directions from markdown files. This means that any skills, instructions, or personalities that you create can be easily read by both the agent AND you. Additionally, that makes it more accessible to everyone else on your team as well, since anyone can open and edit these files in any text editor.

4. One gateway

OpenClaw has a single point of contact for the entire system. Messages from all inbound platforms go through this before getting routed or handled appropriately. This has three major benefits.

1. Authorization - As discussed in a previous post, authorization and permissions are paramount. Having a single entry point lets you enforce these one time and one time only.
2. Observability - This allows you to trace all sessions from a single point to analyze token usage, tool calls, heartbeats, and much more.
3. Routing - There isn’t one LLM to rule them all. Funnelling everything through one place lets you make sure that requests are dispatched to the right agent for the job. Whether you need a flagship model or a custom small language model, you’re able to make sure you can address any prompt.

5. Expect bad actors

With how quickly the agentic AI space is progressing, there’s no doubt that there will always be new zero-days found. Don’t ask yourself if you can trust the LLM. Ask yourself how well can I compartmentalize my agent so that even if malicious users get into the system, they cannot do any serious damage. This includes patterns such as two agent systems, locking down persistent memory, and scoping permissions to the bare minimum needed. Just make sure you’re not giving bad actors access to sensitive systems. With great access comes great responsibility.

”We have OpenClaw at home”

We know OpenClaw isn’t getting approved by your IT org. That’s ok though because we have OpenClaw at home. It might not have all the bells and whistles out of the box, but by borrowing some of the design patterns, we can make our own agents more powerful and tailored to our needs.