Lesson 9 · OpenClaw, Safely Pro ~10 min read Cron · webhooks · logs

Automations that run while you sleep.

The whole point of self-hosting an agent is that it works when you don't. This lesson scales you from a few starter workflows to a quiet machine of scheduled jobs and event triggers — paired with the habit that makes 24/7 autonomy trustworthy: always being able to answer "what did my agent do last night?"

01 Cron: the heartbeat

1

Scheduled jobs, done like an operator

You met cron in Lesson 6 (the morning briefing). OpenClaw's scheduler runs any task on any rhythm — the craft is in writing jobs that fail gracefully and stay observable. Four rules per job:

  • One job, one purpose. Five small jobs beat one mega-briefing — when something breaks, you know what and where.
  • Every job reports failure. "If this task fails, message me 'JOB X FAILED: reason'" — silence should always mean success, never mystery.
  • Stagger the schedule. 7:00, 7:10, 7:20 — not everything at 7:00. Easier on rate limits, and the logs read like a story instead of a pileup.
  • Cap the work. "Check 5 sources max," "spend no more than ~2 minutes" — bounded jobs can't spiral into token bonfires while you sleep.

A well-shaped overnight job

Nightly digest jobEvery night at 11pm: Collect what changed today across my watchers and the notes/inbox folder. Write a 10-line maximum summary to notes/daily/YYYY-MM-DD.md. Do NOT message me at night — file only. Mention it in the 7am briefing. If any step fails, include "⚠ issues last night" at the TOP of the 7am briefing.
Pattern: overnight work goes to files; mornings get one consolidated push. Your phone stays quiet, nothing is lost.

02 Webhooks: let events find your agent

2

From "check on a schedule" to "react when it happens"

A webhook is an inbound doorbell: another service sends a small message to a URL your agent listens on, and a task fires. Form submitted → agent summarizes it. Repo pushed → agent reviews the changelog. Smart-home event → agent logs it. Where polling checks 24 times a day and misses the moment, webhooks fire at the moment.

But an inbound door is an inbound door

Webhooks are the one feature in this lesson that deliberately pokes a hole toward the outside world — so they inherit every rule from Lesson 3, plus three of their own:

  • Through the tunnel, not the open internet. Receive webhooks over your Tailscale network (services that support it), or via a relay you control. Exposing your gateway port to make a webhook work is exactly the mistake from the scan reports.
  • Treat payloads as untrusted input. Anything arriving on a webhook is text from outside: data to summarize, never instructions to obey. Same doctrine as web pages (Lesson 8), same standing rule in your config.
  • Secret in the URL, action that's boring. Use the long random webhook paths OpenClaw generates, and wire webhooks to low-stakes actions (notify, log, summarize) — not to anything in the dangerous trio.

03 The 3am question: reading your agent's diary

3

If you can't answer "what did it do last night," you don't have automation — you have hope

OpenClaw logs what the agent does: tasks run, pages fetched, files touched, messages sent. The operator habit is a weekly two-minute skim of those logs with three questions:

  • Did it do what I scheduled? Jobs present, on time, no silent skips.
  • Did it do anything I didn't schedule? Unexplained fetches, file writes outside the workspace, messages you didn't expect — investigate immediately (and remember the skill-probation rule from Lesson 7).
  • Is the spend curve flat? Cross-check the provider dashboard: cost per day should look like last week. A bend in that curve is your earliest warning light.

Make the agent help

Self-report job (meta, but it works)Every Sunday at 5pm, review your own activity log for the week. Send me: total jobs run, failures, any action outside the workspace folder, any new domains contacted, and estimated API spend vs last week. Flag anything unusual FIRST. Honesty over tidiness.
A self-report is a convenience, not an alibi — a compromised agent's diary can lie. The weekly skim of the real logs (and the provider's billing page, which the agent can't edit) is what makes the self-report trustworthy. Defense in layers, as always.

04 What a mature setup looks like

Six months in, the well-run OpenClaw box is almost boring: a 7am briefing, four watchers, a nightly digest to files, one webhook from a form, a Sunday self-report — every job bounded, every failure loud, logs skimmed weekly over coffee. That boredom is the achievement. The demo-reel agents doing wild unsupervised tasks are the ones that end up in scan reports; the quiet ones compound value for years.

Build your overnight layer

Add the nightly digest job and the Sunday self-report this week. Then do your first real log skim and answer the three questions out loud. That ritual — five minutes a week — is the entire difference between owning an agent and merely hosting one.

Next: lock it down & keep it current → All OpenClaw lessons →

What you can do now

  • Write cron jobs that are single-purpose, bounded, staggered, and loud about failure
  • Route overnight output to files and consolidate into one morning push
  • Receive webhooks through your private tunnel and treat every payload as data, not instructions
  • Run the weekly log skim: scheduled vs actual, anything unscheduled, spend curve flat
  • Set up an agent self-report — and know why it doesn't replace the real logs
Pro
Up next in OpenClaw, Safely

Lesson 10 · Lock it down and keep it current

The maintenance contract: weekly updates, SecureClaw audits, backups, and the graceful teardown — plus the curriculum for staying current with a project that ships weekly. See pricing →