Lock it down and keep it current.

OpenClaw releases at a pace most commercial software doesn't attempt — features, yes, but critically security patches for an actively-attacked project. The vulnerability you read about in Lesson 2 gets patched fast; the patch only protects people who apply it. Unpatched instances are exactly what internet scanners harvest.

The weekly ritual (10 minutes, calendar it)

After the exposure scandals, the community produced SecureClaw — an open-source tool that audits an OpenClaw instance for the known failure modes: exposed bindings, weak auth, leaky token handling, risky skill configurations. Run it after setup, after major updates, and monthly on the calendar.

Treat its findings the way you'd treat a home inspector's report: most items are small and fixable in minutes, and the two or three serious ones are precisely the things this track taught you to care about. A clean SecureClaw report plus a flat spend curve plus quiet logs — that's your instance's physical, passed.

Plus the two manual checks no tool replaces

• The outside knock (from Lesson 4): once a month, from a network that isn't yours, confirm your gateway answers with silence.
• The key inventory: in your provider console, confirm the agent's API key is still the only one it has, still spend-capped, and that usage matches what your logs say it did.

Six months in, your agent's workspace holds real accumulated value: research archives, watcher histories, your daily digests, the skills you wrote. The machine and the software are disposable by design (that was the whole isolation strategy) — the workspace folder is the only thing worth protecting.

• One-way sync outward (Lesson 8's rule, now doing double duty): workspace → your main storage, nightly. Never the reverse direction.
• Config copy: after any config change, copy your OpenClaw config (minus any embedded tokens) into the workspace so it rides the same backup. Rebuild time after a dead Pi: under an hour.
• The rebuild test: once, deliberately, restore onto a fresh machine or VM. A backup you've never restored is a hypothesis, not a backup.

Maybe life gets busy, maybe the managed alternatives catch up, maybe the maintenance contract stops being worth it — Lesson 2 said it and it's still true: quitting cleanly is a legitimate graduation, not a failure. The exit, in order:

1. Stop and disable the service (so a reboot doesn't resurrect it).
2. Revoke the API key at the provider — the agent is now inert everywhere, forever.
3. Disconnect channels: delete the Telegram bot via BotFather, unlink WhatsApp, kick the Discord bot.
4. Save the workspace (it's already backed up, because section 03), then wipe the box.
5. Uninstall Tailscale / close the tunnel and remove the machine from your network list.

Fifteen minutes, nothing lingering, all the accumulated notes kept. An abandoned half-alive agent is the only truly bad ending — and now it's the one outcome you can't have by accident.