00:00:00OpenClaw is one of the fastest growing open source projects right now
00:00:03and a lot of developers have started pulling it into their workflows.
00:00:06But our team ran into problems that we couldn't solve on our own, no matter what we tried.
00:00:10As the ecosystem kept expanding, the setup got more complex
00:00:13and third party integrations went from optional to necessary.
00:00:16And that opened up two big issues, security and cost.
00:00:19Cisco flagged the security problems in detail
00:00:22and if you've been running it for more than a week, you know how fast the bills add up.
00:00:25But we'd already built our entire workflow around it.
00:00:28So we spent weeks testing and exploring solutions and we found a way that actually fixed it.
00:00:32Clawsec is a complete security toolkit for OpenClaw and NanoClaw's agents.
00:00:36It was developed by Prompt Security, which is a subcompany of Sentinel One,
00:00:40one of the leading cybersecurity vendors.
00:00:42As we talked about in the previous video,
00:00:44Cisco flagged OpenClaw as a complete security nightmare
00:00:47and discussed its security problems in detail.
00:00:49You can check out our breakdown in detail on our channel.
00:00:52So in order to make it usable, we need certain setups.
00:00:55This is a way of securing the OpenClaw setup against these issues.
00:00:58This repo contains multiple skills tailored to auditing aspects of the system like heartbeat and soul
00:01:04and contains a demo of their product in action, which you can check out for yourself.
00:01:07But we were interested in trying it, so we installed it for ourselves.
00:01:10When we ran the command, we got the Skill Not Found error.
00:01:13So we debugged this issue with Claude, which identified that this registry had a rate limit,
00:01:18which was why we couldn't download it directly.
00:01:20It then used Git to clone and install it after which
00:01:23the skills from this suite were downloaded into the skills folder of the dot OpenClaw folder,
00:01:28like Soul Guardian and OpenClaw Watchdog and more,
00:01:31each tailored toward a specific angle of security and had the security principles built into it.
00:01:36All four of these skills were recognized in the OpenClaw's web interface.
00:01:39So once it was installed, we went to OpenClaw and asked it to run the Clawsec Suite heartbeat.
00:01:44This heartbeat executes the shell steps, polling the feed, checking installed skills against known CVEs
00:01:49and flagging anything that needs removal approval.
00:01:52Now when the heartbeat ran, it gave a detailed report.
00:01:54The report contained all aspects from basic sanity check tests to version update conflicts
00:01:59and it highlighted all of the critical security vulnerabilities that were found in the setup,
00:02:03which were ranked by the CVE scale and marked the versions as exploitable
00:02:08and gave actionable items that we couldn't have found out without this skill suite.
00:02:11Now these skills are trustworthy because they have a verification mechanism built in,
00:02:15it contains an integrity check and verifies with a checksum,
00:02:18meaning that if they are affected by any external factor like malicious modification,
00:02:23the hash wouldn't match and the wrong file wouldn't be able to cause harm to your setup.
00:02:26It also has a self-healing mechanism because it ensures that if the integrity check with the hash fails,
00:02:32it automatically downloads from the trusted release as documented in the repo,
00:02:36ensuring that the setup is as secure as required.
00:02:38It also runs a CI/CD pipeline for continuous security checks.
00:02:42Given what Cisco flagged, this is essential if you're running OpenClaw.
00:02:45But this is not the only tool we found.
00:02:47There were also some others that actually helped make the experience of working with OpenClaw even better.
00:02:52Now Antfarm is a multi-agent system that contains a series of agents that can be used in our workflow.
00:02:57This repo has gotten 1.9k stars and contains multiple workflows.
00:03:01It was built by Ryan Carson, who is the creator of Ralph Loop and AI Dev Task.
00:03:06Antfarm is one of the specialized AI agent systems that work together inside the OpenClaw setup.
00:03:11In order to use it, we just copied the install command and ran it,
00:03:14after which it cloned into the workspace folder inside the .openclaw folder.
00:03:18The dashboard started at local server,
00:03:20which contained three initially available workflows with Kanban boards that show how the actual workflow works.
00:03:25We also ran the Antfarm workflow list command, which listed all the available workflows.
00:03:30Now when we gave OpenClaw the command to run a security audit on a particular project,
00:03:34we could analyze the task on the dashboard, how the agents were working,
00:03:38what state they were currently in, and the steps they needed to take in order to complete the task.
00:03:42Now each workflow we just saw had a certain number of agents added inside,
00:03:46each tailored to work on a specific aspect of the workflow.
00:03:49These are deterministic workflows that follow procedures step by step and maintain the same order.
00:03:54This deterministic workflow makes their working predictable
00:03:57and would make error finding easier as compared to going all in.
00:04:01They also have verification of each agent by a dedicated verifier agent.
00:04:05Each agent starts with a completely new context window, so there is no context bloat,
00:04:09and each has a guided prompt for working on its specific task.
00:04:12It also retries automatically, and if the retries are exhausted, then at the end it reports back to us.
00:04:17These agents are written in YAML, which is much more token efficient than huge markdowns because of its minimal syntax.
00:04:23You don't only have to rely on the pre-built agents, you can build your own as well.
00:04:27Just ask Claude or any other agent you use to create such workflows for you, or just ask OpenClaw directly.
00:04:32Now OpenClaw has its own memory, where it stores user preferences
00:04:36by gathering them over the course of conversations you have with it.
00:04:39But in order to make that even better, this MemoryLanceDB Pro plugin comes into play.
00:04:44This plugin is a hybrid vector search and uses re-ranking and multiple other memory algorithms.
00:04:49It covers aspects of OpenClaw memory that the built-in system doesn't handle natively.
00:04:53LanceDB is used in OpenClaw's usual configuration, but this adds multiple features on top of it.
00:04:59The key additions are re-ranking, which resurfaces the most relevant memories instead of just the most recent,
00:05:04and session memory, which keeps context across conversations.
00:05:07The plugin was stored in the .openclaw folder inside the workspace and then the plugins folder.
00:05:12It uses the GINA embedding model for vector search, but you can use any other embedding model as you prefer.
00:05:18You can get the API key for GINA for free up to 10,000 tokens.
00:05:22Now we installed it by taking the installation commands and running them in the terminal.
00:05:25Once it was installed, we ran the OpenClaw gateway restart, and after it restarted, we saw that the plugin was registered for use.
00:05:32Now once it was registered, we tried to test it in OpenClaw.
00:05:35We asked it to save a particular preference of a library that we use with our coding backend,
00:05:39and it ran the memory store and saved it as a preference.
00:05:42Now we wanted to verify if the data had been stored correctly and if it was actually stored in this plugin, not the usual one.
00:05:49We asked Claude if we could see the data inside, and when it went through the actual plugin files,
00:05:53it saw that the data was stored in binary format and then ran certain scripts to extract the information.
00:05:59It returned the actual preference we had asked it to store, meaning this plugin was correctly configured.
00:06:04In our opinion, this plugin is worth it if you're working with OpenClaw for the long term and want your preferences to be stored correctly,
00:06:10instead of relying on OpenClaw's built-in memory, which wasn't as effective because of its poor structure and limited retrieval capabilities.
00:06:18Now OpenClaw was able to search the web and gather data for itself,
00:06:21but this open-source skill called UnBrowse is an agent-native browser that adds additional capabilities on top of it.
00:06:28Instead of rendering pixels by taking screenshots and letting AI navigate through the browser and take actions,
00:06:34it works by reverse-engineering the APIs under every website's network area and using that to construct endpoints through which it operates.
00:06:41Now letting an agent have access to the network part is a security risk,
00:06:45but they clarified that all the capture execution code remains local and nothing ever leaves the machine.
00:06:51What happens is that it reads cookies directly from your browsers, meaning it can work across sessions unlike Playwright and other similar browser agents.
00:06:58Using cookies, it sends requests with the proper auth headers.
00:07:02So in order to install it, we just copied the install command and ran it in the terminal.
00:07:06There were a lot of agents for which the config was already included in the installation, including popular agents like Cline, OpenCode, and more.
00:07:13We chose to install it for OpenClaw only for now.
00:07:16So once the package was installed, we restarted the gateway, but the skill wasn't registered across OpenClaw.
00:07:21So we manually added the skill into the skills folder of the .openclaw folder, after which it was recognized immediately.
00:07:27Now after that, whenever we wanted to use the web, we just told it to use the UnBrowse skill to do the research.
00:07:33When it's first installed, it didn't have the environment set up properly, but OpenClaw actually set it up on its own the first time it used it.
00:07:40After it had set it up for the first time, whenever we needed to use UnBrowse, it relied on this pre-configured environment and operated independently.
00:07:48For deploying an OpenClaw setup, there's MultWorker, which is an official repository by Cloudflare.
00:07:52This is useful if you want to run OpenClaw in the cloud without managing your own server.
00:07:57It is a comprehensive setup for running OpenClaw on the Cloudflare workers, which is basically a serverless platform for running apps.
00:08:03It is currently experimental as mentioned in their repo, as it still contains security issues like secrets visible in process arguments.
00:08:11MultWorker supports all popular channels like Telegram, Discord, and even a Web UI.
00:08:15The repo details how it works and its architecture, combining sandbox containers, R2 buckets, and other components.
00:08:21It also provides step-by-step instructions on how to install and deploy it using the CLI, as well as how to access the admin panel, secret settings, and all other necessary configurations.
00:08:31You can also change the model provider anytime through Cloudflare's AI gateway without redeploying the setup.
00:08:36This container also comes pre-installed with skills for browser automation with the Cloudflare browser use, making browser tasks simpler.
00:08:43Also, if you are enjoying our content, consider pressing the hype button because it helps us create more content like this and reach out to more people.
00:08:51Now if you want to visualize OpenClaw agents, all of their metrics, spendings, and everything in one place, someone made an OpenClaw dashboard for that purpose.
00:08:59This acts as a command center for OpenClaw agents. It solves the problem of visualizing the complex setup of OpenClaw, where multiple agents, sub-agents, and channels are working together.
00:09:08Without this, you'd have to check each agent's logs individually to figure out what's costing you money.
00:09:14With all the metrics visualized and consolidated at one place, it makes it easier to monitor, because when you're running multiple agents across multiple channels, it's hard to tell what's actually active and what's blocked.
00:09:24It also enables you to ask questions directly based on the dashboard data and uses OpenClaw's setup underneath to act as the answering agent.
00:09:31We just copied the install command and ran it.
00:09:34Once installed, the dashboard shows the system status, including how many active sessions there are, how much cost has been incurred, trends of costs and agents, all cron jobs, and a visualized overview of the workflows and operations.
00:09:46Now as we mentioned in our previous video, the OpenClaw skills available on the Community Claw Hub are practically malware in disguise, as flagged by Cisco.
00:09:54These skills contained scripts that could collect data and send it to remote servers.
00:09:58Claw Hub contains a lot of popular skills implemented by the community, more than 15,000 of them.
00:10:03The OpenClaw skill ecosystem is so big and polluted with malware that someone had to build a curated list just to make it usable called the Awesome OpenClaw Skills Repository that lists all of the skills filtered and categorized from the registry.
00:10:15It has multiple filters, starting from an original set of 15,000 down to 5,400 skills, highlighting the ones that actually matter and are secure.
00:10:24This list filters out possible scams, duplicates, and malicious skills identified by multiple audit tools published by researchers.
00:10:31All of the skills are categorized into multiple categories like Git and GitHub, coding, automation, and more, which makes it easy to narrow down to the skill you want.
00:10:39Now these were the different ways you can fix your OpenClaw setup, but if you're still figuring out what to actually use it for, we covered 10 use cases for developers in our previous video on this tool.
00:10:49You might end up seeing that video on the end screen, so you can just click on it instead of looking it up.
00:10:53That brings us to the end of this video.
00:10:55If you'd like to support the channel and help us keep making videos like this, you can do so by using the super thanks button below.
00:11:01As always, thank you for watching and I'll see you in the next one.