Today we highlight:

• OpenClaw Token Optimization Guide

• OpenClaw-Hunter

• What We Learned from a Week of Free Kimi K2.5

• Properly securing OpenClaw with authentication

• LLM Data Exfiltration via URL Previews (with OpenClaw Example and Test)

OpenClaw Token Optimization Guide

If you’ve been running OpenClaw, you’ve felt the sting of a skyrocketing Anthropic bill. Out of the box, OpenClaw is “token-hungry,” often burning through $1,500+ a month by loading massive histories and using top-of-the-line models for trivial tasks.

Matt Ganzak outlines a 5-minute configuration shift that drops those costs to under $50/month without sacrificing performance.

The “Big Four” Optimizations:

• Smart Session Initialization: Stop the “50KB history bloat.” By adding specific rules to your system prompt, the agent only loads core identity files (8KB) instead of entire session histories (50KB+), saving 80% on context overhead.

• Model Routing: Most routine tasks don’t need Claude Sonnet. By aliasing Haiku as the default for file checks and monitoring, and reserving Sonnet for complex reasoning, users report monthly model savings of nearly 90%.

• The Local Heartbeat: Shift periodic “keep-alive” checks from the paid API to a free local Ollama instance (running Llama 3.2 3b). This eliminates thousands of unnecessary daily API calls.

• Prompt Caching: Claude 3.5 Sonnet’s caching feature offers a 90% discount on reused content. By structuring stable files like SOUL.md and USER.md correctly, you stop paying full price for the same instructions over and over.

The Result: Daily costs plummet from ~$3.00 to roughly $0.10.

Read more: https://docs.google.com/document/d/1ffmZEfT7aenfAz2lkjyHsQIlYRWFpGcM/edit

OpenClaw-Hunter

OpenClaw Hunter is a tool by Aram Peles Chen for detecting and managing OpenClaw components on macOS, Linux, and Windows systems. It can be deployed via MDM platforms like Jamf, Intune, and JumpCloud, and supports various modes such as detect, purge, and isolation. The tool provides detailed enforcement results and exit codes for tracking its actions.

Try here: https://github.com/Arampc/OpenClaw-Hunter

What We Learned from a Week of Free Kimi K2.5

Kimi K2.5’s free week revealed its popularity among developers, with usage exceeding expectations by three times. While praised for its performance in Architect mode, the model’s high output token costs, despite its caching feature, raised concerns about its cost-effectiveness compared to other models. This highlights the ongoing trade-off between model performance and cost, emphasizing the importance of understanding these dynamics for optimizing AI tool usage.

Read more:

Kilo Blog

What We Learned from a Week of Free Kimi K2.5

Last week, to celebrate the release of Kimi K2.5, we made it totally free in Kilo Code for a full week. The response? Let’s just say that AI never sleeps. Developers were hungry to put the model to the test, using it across modes and tasks in Kilo…

Read more

3 months ago · 10 likes · 3 comments · Ari

Properly securing OpenClaw with authentication

OpenClaw can be secured using HAProxy with HTTP Basic Authentication. Jakub Suchy demonstrates installing HAProxy, configuring it with automatic TLS, basic auth, and rate limiting, and then installing OpenClaw. The result is a secure OpenClaw instance protected by HAProxy’s robust authentication and stealth rate limiting.

Read more: https://www.haproxy.com/blog/properly-securing-openclaw-with-authentication

LLM Data Exfiltration via URL Previews (with OpenClaw Example and Test)

LLM-based applications, like OpenClaw, are vulnerable to data exfiltration via URL previews in messaging apps. This attack exploits indirect prompt injection, allowing attackers to manipulate AI agents into generating malicious URLs with sensitive user data. PromptArmor demonstrates how disabling link previews, as demonstrated with OpenClaw on Telegram, mitigates this risk.

Read more: https://www.promptarmor.com/resources/llm-data-exfiltration-via-url-previews-(with-openclaw-example-and-test)

🦞 OpenClaw - Weekly Builder Series

This is a weekly, hands-on builder discussion for people interested in local AI agents and the growing ecosystem around OpenClaw.

Each Friday, we jump on Zoom to:

• Share what we are currently building

• Discuss recent developments in local AI agents

• Exchange lessons learned, ideas, failures, and wins

• Stay up to date with what’s happening across OpenClaw / Clawdbot / Moltbot ecosystem, and adjacent projects

This is not a lecture series and not a course. It is informal, practical, and driven by what participants are actively working on.

Register here: https://luma.com/yolho1lr

Share Your OpenClaw Story

The OpenClaw ecosystem is moving faster than any single person can track. Have an interesting project or opinion? We would love to feature your work or insights in an upcoming edition. Reach out to Rod Rivera directly on any social channels below to start a conversation.

Join the Conversation

We have a WhatsApp community where we discuss all things OpenClaw. Contact me for access.

Where to follow

Substack • YouTube • Bluesky • TikTok • Instagram • Twitter/X • LinkedIn • Telegram