(no title)

TL;DR Took a while to install and configure, even longer to connect to Telegram. Then ran out of TPM quota from Google Cloud's Gemini API after <100 chat interactions. Had problems and potential security risk due to hallucinations.

I set up a "claw" user account (not admin) on my MacBook Air to isolate it. Looked for and implemented every security measure I could find. Openclaw is open and it has major security risks.

Perplexity was my assistant to give me step-by-step instructions.

I asked it to sum up my very limited dev competencies: Reda is an experienced systems administrator transitioning to modern cloud-native and Node.js-based tooling. Provide explicit, copy-paste-ready commands with brief inline comments explaining why each step matters. Include common failure modes and their symptoms. Assume strong Unix fundamentals but explain JavaScript/Node ecosystem conventions (like where configs live, how env vars override files, and when to use `sudo` vs user-local installs). Always show verification commands after each major step. Security-first approach is essential

This is very generous. Last time I coded anything was in C++. That was in 1990. And I constantly have to look up basic Unix stuff.

The biggest problem is that even Perplexity gets confused by recent but now outdated info about install, configuration, etc. This is probably due to the velocity of development for Openclaw.

For example, its first recommendation was to use npm to install. Turns out the curl command that sits on the http://openclaw.ai home page is much better.

The next problem was how to connect Telegram and Slack. After much wrangling, my claw answered on Telegram.

That was the best moment.

Within a couple of hours, I got two take-aways: 1) It really is transformative 2) It hallucinates and fails at basic stuff. 3) When it fails, in a few instances it found a fix and seemed to successfully implement it.

For example, when I explored how to allow it to view files in my Dropbox and upload its outputs, it claimed it was going to install "dropbook", a plugin that does not exist.

That was scary, because it then said it downloaded the repo for dropbook and installed it, then claimed it had removed it. When asked, it gave me a link to Moltbot plugin site that, of course, has nothing called dropbook.

Then I hit the TPM wall.

My Google Cloud is Tier 1, which just means I have a credit card linked to my account.

My rudimentary understanding is that "TPM" is a measure of how many tokens you have used. My quota is 2 million.

Yes claw used that up in less than 100 chat interactions, over 2-3 hours. (Remember the rest of the time was spent installing and figuring out how to get it to work.)

I looked around for how to increase my quota.

Did not find anything simple. I do not even see the option to make a request to Google.

Not sure when the TPM quota resets, but the rate limits stopped me dead in my tracks.

I was just starting to think through the various things I could do with this new co-worker.

I'm now searching for solutions to this problem...