So here's the thing about AI agents: most content about them is written for the person who already knows what they're doing.
You get tutorials that open with "first, activate your virtual environment." You get architecture diagrams that assume you know what an orchestrator is. You get Reddit threads where someone asks a beginner question and gets an answer that requires 3 more Google searches to decode.
And then there's me. Award-winning graphic designer, CS degree (which, in practice, means I understand if/then statements and have strong opinions about monospace fonts).
About 6 weeks ago I watched an OpenClaw demo, thought "that's the most useful thing I've ever seen," and immediately opened a terminal on pure impulse, with nothing resembling a plan.
I'll spare you the full 3-day saga for now (there's a Build Log section below, and honestly it deserves its own edition).
The short version: I broke everything. Rebuilt from scratch. Broke it again.
Eventually got it working, added a second gateway because I was tired of rebuilding, and now I run 4 agents on a $6/month VPS while my HP Envy laptop with the cracked screen handles browser tasks from the corner of my desk.
That's the backstory. Here's what Claw Confidential actually is.
Every Tuesday, I write down what I figured out the week before. What I actually did, what broke, what held, and the specific settings that made the difference.
The audience profile I built for this newsletter before writing a single word says my readers are "designers, marketers, solopreneurs" who are "frustrated by documentation that assumes developer knowledge." That's accurate. That's also exactly who I am.
Welcome to Edition 001. Let's get into it.
Secret of the Week
The setting that would've saved me 2 lost weekends: Hetzner snapshots.
One button. 30 seconds. Your entire server, frozen exactly as it is, ready to restore in under 5 minutes if anything goes wrong.
I didn't know this existed for the first 2 weeks I was running OpenClaw. I thought "backup" meant manually downloading config files and hoping I remembered which version was the right one. I was wrong.
Here's how it works: in your Hetzner console, you click your server, go to "Snapshots," and hit "Take Snapshot." The entire VPS state gets captured.
If you break something, you click "Restore" and you're back exactly where you were.
I take a snapshot before every single config change now. Not once a week. Not before "major" changes.
Every. Single. Change.
Because I've learned the hard way that what looks like a minor tweak at 11PM turns into a "why can't I connect to my own gateway" situation at 1AM.
The cost is basically nothing. Hetzner charges a small fee per snapshot, and I keep 3 at a time. Last month's total: $0.47.
The peace of mind is worth at least 20 times that.
If you're running OpenClaw on any VPS right now and you don't have a recent snapshot: stop reading this, go make one, then come back. I'll wait.
Architecture Deep-Dive
Clearance Level 2
The actual setup: 4 agents, 1 cracked laptop, $6/month.
Let me show you what I actually built, because I think it'll be more useful than showing you what you're supposed to build.
The whole system lives on a Hetzner VPS CX33. That's $5.79/month (I'll round to $6 because it sounds better and the difference buys me almost nothing). Always on, accessible from anywhere, never goes down when my power goes out.
🖥️ If you want to set one up, my referral link gets you €20 in credits: hetzner.cloud/?ref=NSRpwc4mesy0
I've had it running for 6 weeks without a single unplanned restart.
On that VPS, I run 2 OpenClaw gateways. Why 2? Because I burned it all down with 1 (more on that below).
Gateway 1 is the main system: all my agents, all my automations, everything real. Gateway 2 is the backup, sealed off in its own compartment, minimal config, exists purely to rescue Gateway 1 when it breaks.
Gateway 1 runs 4 agents. Here's who they are:
The brain (main)
Codex GPT-5.4
Handles orchestration, infrastructure decisions, and config changes. Needs to actually think, make judgment calls, and hold the whole system together.
OpenAI's Pro plan is more generous with quota than Claude's at the same $20/month, which is the only reason Codex beat Opus for this role.
The researcher
Kimi 2.5
Monitors competitor moves, hunts for trends, digs up studies. I give it a direction and it comes back with more material than I'll ever read.
Handles enormous context windows for almost nothing. Nothing in my stack runs below Kimi 2.5 anymore (Haiku couldn't even manage a heartbeat reliably).
The builder
Kimi 2.5
Keeps the heartbeat running, fires scheduled tasks, executes approved posts, handles the operational repetition that would otherwise eat my mornings.
Reliable, fast, doesn't hallucinate on routine jobs.
The ops agent
Kimi 2.5 / Sonnet
Takes everything the researcher surfaces and transforms it into something useful: content angles, newsletter drafts, knowledge graph entries. Also runs the nightly and weekly consolidation that keeps the shared brain from rotting.
Gets Sonnet when the synthesis requires real judgment. Kimi 2.5 the rest of the time.
Total monthly costs:
Component | Monthly cost |
|---|---|
Hetzner VPS | $5.79 |
Tailscale | $0 (free tier) |
API credits (avg.) | ~$18–25 |
Snapshots | $0.47 |
Total | ~$25–32 |
Worth noting: ChatGPT Plus and Claude Pro are both $20/month subscriptions I was already paying before any of this. Codex comes as a separate bonus on top of ChatGPT Plus, with its own generous quota that has nothing to do with chat credits. Claude's auth is the one exception: it does pull from my Claude Pro quota, which is why Codex took the main orchestrator role instead of Opus.
For context: a Mac Mini starts at $599. I know because half the OpenClaw community is buying them right now and posting photos of the stack on X. We'll come back to this in the Hot Take section.
Build Log
Clearance Level 3
Day 3: I destroyed everything. Here's the exact chain of events.
Day 1: Got OpenClaw running on the VPS. 1 gateway, 1 agent, Telegram wired up the same afternoon. It responded.
I felt like a genius.
Day 2: Added the laptop node. Wiped the HP Envy, connected it to the VPS through Tailscale, and ran the classifieds test: "find me 10 car listings, save them to a spreadsheet." 30 seconds. Every column, every row.
That's the moment I stopped being skeptical. I spent the rest of the day plugging in everything I could find: a fresh Google account created specifically for the agent, GitHub, Supabase, Netlify, Vercel, all the Google services wired together.
I had no idea how to do any of this. The agent walked me through every single one: where to find the settings, what to fill in, what to copy where. When the API route wasn't enough, it connected through the browser node on the laptop and handled the setup directly inside the service dashboards.
Then I told it to build a basic app, push the code to GitHub, spin up a database in Supabase, and deploy it to Netlify through the connected APIs.
It worked.
Day 3: Burned through my entire Codex quota. Didn't pace myself; I'd been pasting configs back and forth all day and hit the limit somewhere around dinner. 2 days until reset.
So I tried to bolt Kimi on as a backup model. Makes sense on paper. Except I was using ChatGPT in thinking mode to guide me through the config change, and it was slow.
Like ordering a coffee and watching the barista stare at the espresso machine for 8 minutes before pressing a single button.
Slow, agonizing, incomplete responses that I kept pasting into my config without fully understanding what they changed.
By midnight: couldn't connect to my own gateway. The thing I'd built to help me fix problems was the broken thing.
The agents were silent. The automations were dark. My single gateway was so mangled that I had no recovery path.
I had no snapshots. I had no backup. I rebuilt everything from scratch, starting at 1AM, finishing the next morning.
Then I messed up the reinstall.
So I rebuilt it again.
By the time it was working, I'd bolted on 2 things I've never removed: a snapshot habit and a second gateway. Both exist because I hit a wall so hard I had to redesign around it.
The lesson I keep coming back to: your backup strategy is the foundation your build strategy rests on. Every system breaks.
The question is whether breaking means "roll back 5 minutes and try again" or "start over from zero."
I now update one gateway at a time. Test it. Then update the other.
Never both at once. Never.
Config Drop
Clearance Level 4
The snapshot habit: exactly how I do it.
Before every config change, I run through this:
1. Go to Hetzner Console → Your Server → Snapshots2. Click "Take Snapshot"3. Name it: [date]-[what you're about to change] Example: 2026-03-25-adding-kimi-routing4. Wait 30-60 seconds5. Make your change6. If it breaks: Snapshots → Select → Restore7. If it works: keep your last 3 snapshots, delete older ones
That's it. That's the whole system.
I know it sounds too simple to be worth documenting but I want you to think about how many times you've made a change, had it break, and wished you could undo it. Every single one of those moments is what this 30-second habit is protecting against.
One thing I learned the hard way: name your snapshots with what you're about to do, not what you just did. Future-you will thank present-you when you're scrolling a list of snapshots at 2AM trying to find the one from before the change that broke everything.
Hot Take
Classified Opinion
The Mac Mini craze is a social media problem, not an infrastructure solution.
Mac Minis are selling out. Apple has month-long wait times.
In OpenClaw communities, people stack them and photograph the stack. Starting price: $599.
For most non-technical builders running OpenClaw, a Mac Mini patches a gap that isn't there while cutting 2 new ones into your setup. Probably excellent hardware. Wrong tool for the job you're actually doing.
Problem 1 - doesn't solve: compute
You're not running local models on your own machine. You're calling APIs. Claude Haiku, Kimi, Sonnet: these run on Anthropic's and Moonshot's servers, not yours. Your machine just routes the requests. A $6 VPS routes requests just as well as a $599 Mac Mini.
Problem 2 - introduces: single point of failure
It only works when your internet works. My VPS runs 24/7 whether I'm home or not, whether my ISP is having a bad day or not, whether I've accidentally unplugged the router or not. A Mac Mini on your desk goes down when your house does.
Problem 3 - introduces: no rollback
No native snapshot/rollback. Time Machine is not the same thing. When I break my VPS config at midnight, I'm back in 5 minutes. I don't know what the Mac Mini equivalent of that is.
I think the Mac Mini thing is mostly about identity. It's a beautiful piece of hardware that signals "I'm serious about this." I get it.
My broken-screen HP Envy does not signal anything except "this person found an old laptop." But my agents run 24/7 on it and it costs me $0 extra per month.
Spend the $599 on 2 years of API credits. Your agents will run more, cost less, and the infrastructure photos on X will keep right on not featuring your VPS dashboard.
📡 Next Week — Incoming Transmission
Edition 002 is about Day 2.
Specifically: how I wired up 30+ integrations in a single afternoon without knowing how to do a single one of them. GitHub, Supabase, Netlify, Vercel, Google services, a fresh account created specifically for the agent. The agent walked me through every setup, and when the API route wasn't enough, it opened a browser on my laptop and handled the configuration directly inside the service dashboards.
I'll show you exactly how that worked and which integrations are actually worth the effort.
That's next Tuesday.
Until then: go make a snapshot.
Cristian / @matrafox77
Claw Confidential publishes every Tuesday. If someone forwarded this to you and you want future editions: clawconfidential.com
If something in here is wrong or broke on your setup: reply to this email. I read everything. Sometimes I even know the answer.