๐Ÿ›ก๏ธ Keeping Your AI Safe & Your Wallet Happy

Your AI is powerful โ€” here's how to keep it working FOR you, not against your bank account
Smart protection for smart business owners
Don't worry โ€” this isn't about scary technical stuff. It's about understanding what you've built and how to stay in control.

๐Ÿ’ฐ Understanding the Costs

Think of AI billing like texting โ€” each message costs a fraction of a cent. But those fractions can add up.
๐Ÿ’ฌ

How AI billing works

Every message you send to your AI costs a tiny amount. Like texting โ€” each text costs a fraction of a cent. But if your AI is running 24/7 doing complex tasks, those fractions add up.

๐Ÿ’ธ

What costs money

  • Each conversation message (input + output)
  • Longer conversations cost more (AI re-reads the history)
  • Complex tasks (coding, analysis) cost more than simple questions
  • Background tasks (heartbeats, cron jobs) also cost
๐Ÿ†“

What doesn't cost money

  • The dashboard itself
  • Storing files on your machine
  • The OpenClaw software (it's free)
  • Reading your existing files

โš ๏ธ Real examples from actual users:

  • Casual chatting: ~$1-5/day
  • Heavy coding/building: $10-30/day
  • A runaway task once burned through $103 in one day (real story)

The danger: An AI that gets stuck in a loop can burn through your budget fast. Set limits.

๐Ÿšง Setting Up Cost Guardrails

Your first line of defense is spending limits and smart model choices.
๐Ÿ”’

Essential Limits

Set my daily spending limit to $20
Alert me if any session costs more than $5
Never auto-reload credits without asking me first
๐Ÿง 

Smart Model Usage

Use Claude Sonnet for routine tasks, and only use Opus for complex work
What model am I currently using?
Show me my spending from the last 7 days

Model Cost Comparison

Model Rough Cost per Message Best For
Claude Haiku ~$0.001 Quick lookups, simple tasks
Claude Sonnet ~$0.01-0.03 Most daily work โ€” the sweet spot
Claude Opus ~$0.05-0.15 Complex analysis, big coding projects
GPT-4o ~$0.01-0.03 Good general alternative

๐Ÿค– What Your AI Can Do (And What to Watch For)

Your AI is powerful. Here's what it can do โ€” and how to keep it under control.
๐Ÿ“

Read your files

It can see everything in your workspace. This is usually what you want โ€” but be aware that anything you put there is visible to your AI.

๐Ÿ’ป

Run terminal commands

It can install software, delete files, restart services. This is incredibly powerful but needs guardrails.

๐ŸŒ

Browse the web

It can visit any website, take screenshots, fill out forms, research topics โ€” like having a research assistant.

๐Ÿ“ฑ

Send messages

WhatsApp, Telegram, Discord โ€” it can communicate on your behalf. Make sure you control who it talks to.

โš™๏ธ

Modify its own config

It can change how it behaves, update settings, install new features. Usually helpful, but you should know when it happens.

๐Ÿ’ณ

Spend money

API calls, potentially purchasing things online if you give it payment access. This is why spending limits are crucial.

๐Ÿšช The "approval gate" system

OpenClaw has an approval system for risky commands. You can configure what needs your permission vs. what the AI can do on its own.

Always ask before deleting files, sending messages to anyone except me, or spending money

๐Ÿ” Protecting Your Secrets

๐Ÿšซ

Never do this

  • Paste API keys in social media, forums, emails
  • Share screenshots that show your keys
  • Store keys in plain text files
  • Email keys to yourself
โœ…

This IS safe

  • Sharing keys with your OpenClaw AI
  • Storing keys in the .secrets vault
  • Backing up keys in a password manager
  • Talking about keys with OpenClaw support

โœ… Why it's safe to share keys with your OpenClaw AI

Your AI runs on YOUR machine. Messages pass through your AI provider (Anthropic, OpenAI, etc.) to generate responses, but under API terms they commit to not training on your data. That's very different from consumer AI chat products like claude.ai or chatgpt.com.

๐Ÿ“ chmod 600 explained in plain English

This makes the file readable only by you โ€” not even other programs on your computer can see it. Think of it like putting your secrets in a safe that only you have the combination to.

Set up my secrets vault with proper permissions

๐Ÿšจ If a key is compromised

Act fast:

  1. Go to the provider's website (Claude, OpenAI, SendGrid, etc.)
  2. Revoke the compromised key immediately
  3. Generate a new one
  4. Tell your AI to update it

๐Ÿ› ๏ธ Safe Coding Practices

When your AI builds things for you, follow these guidelines to avoid disasters.
๐Ÿ‘€

Always review before deploying

Show me what you built before putting it live

Never let your AI deploy directly to production without showing you first.

๐Ÿงช

Test locally first

Test this on my local machine first

Don't deploy directly to production. Test everything on your own computer first.

๐Ÿ’พ

Back up before changing

Back up the current version before making changes

Always have a way to undo changes if something goes wrong.

๐Ÿšซ

Don't fix what works

If something is running fine, don't let your AI "improve" it without asking you first. Working code is precious.

๐Ÿ“š

Use version control

Use git to track changes

Git is like "undo" for your entire project. Essential for any serious development work.

๐Ÿ”’

Never edit production directly

Always edit a copy, test it, then deploy. Production systems should be treated like delicate flowers.

๐ŸŒ Network Security Basics

Your Mac Mini is a server now โ€” treat it with respect.
๐Ÿ”

Keep your password strong

Especially if you enabled auto-login. Your Mac Mini is now running services 24/7.

๐Ÿ”ฅ

Your VPS is internet-facing

Firewall is critical (ufw). If you have a VPS, it's visible to the entire internet.

๐Ÿ”’

SSL everywhere

Never run anything over plain HTTP on the internet. Always use HTTPS.

๐Ÿšซ

Don't expose your gateway to the internet

Use a tunnel (SSH tunnel or Tailscale) instead of opening port 18789 directly.

โฌ†๏ธ

Update regularly

Check for OpenClaw updates

Software updates often include security fixes.

๐Ÿšจ Emergency Procedures

When things go wrong, here's how to regain control quickly.

๐Ÿšจ AI is spending too much

Immediate action: openclaw gateway stop

This stops everything immediately. Your AI can't spend money if it's not running.

๐Ÿ”„ AI is stuck in a loop

Same solution: openclaw gateway stop

Stop the gateway, figure out what went wrong, then restart when you're ready.

๐Ÿ’ฅ Something broke

Try the classic: openclaw gateway stop then openclaw gateway start

Restart fixes most things. Like rebooting your phone when it acts weird.

๐Ÿ“Š Website/dashboard is down

If you have a VPS: SSH to VPS โ†’ pm2 restart all

Restarts all your web services. Usually fixes dashboard issues.

๐Ÿ”‘ API key compromised

Steps:
  1. Go to the provider's website
  2. Revoke the key immediately
  3. Generate a new one
  4. Tell your AI to update it

โ“ You don't understand what happened

Don't panic:
  1. Stop the gateway: openclaw gateway stop
  2. Take a breath
  3. Ask in the OpenClaw Discord
  4. Post your gateway logs if needed

โœ… Security Checklist

Run through this list periodically to make sure you're protected.
โœ… Gateway auth is set (token or password) โ€” never "none"
โœ… WhatsApp/Telegram is on allowlist (only your number)
โœ… .secrets file has chmod 600
โœ… VPS firewall is on (ufw enabled)
โœ… SSL is active on all public URLs
โœ… Daily spending limit is set
โœ… Auto-reload is off
โœ… Gateway is loopback only (not exposed to internet directly)
โœ… Backup strategy exists
Run a complete security audit on my setup