Building Secure AI Agents with OpenClaw on AWS

Schedule

The time frames are only estimates and may vary according to how the class is progressing.

OpenClaw architecture and AWS deployment (35 minutes)

• Presentation: What OpenClaw actually is—a prompt builder with a message router; the brain, hands, memory mental model; how OpenClaw connects to LLMs (Bedrock, direct API, local models via Ollama); the gateway architecture and how messaging platforms plug in; why the Lightsail blueprint changes the deployment story
• Hands-on exercises: Launch an OpenClaw instance on Lightsail using the preconfigured blueprint; connect via SSH, copy the gateway token, and pair your browser; run the CloudShell script to enable Bedrock API access; send your first message via the Control UI and observe the agent’s decision flow powered by Bedrock
• Q&A
• Break

Configuration and messaging integration (40 minutes)

• Presentation: SOUL.md (defining who your agent is and how it behaves); configuration anatomy (openclaw.json, tools.allow, and skills.allowBundled); connecting to messaging platforms (Telegram, WhatsApp, Discord); the difference between tools and skills and why that distinction matters for both functionality and security
• Hands-on exercises: Write a SOUL.md that defines your agent’s personality, boundaries, and behavioral rules; configure tools.allow to control what the agent can actually do on the Lightsail instance; connect your agent to Telegram and have a conversation with it from your phone
• Q&A
• Break

Building custom skills (60 minutes)

• Presentation: Skill architecture (SKILL.md frontmatter, body instructions, and supporting scripts); how the three-layer loading system works (frontmatter screening, body loading, script execution); skill precedence (workspace versus local versus bundled; tool declarations and when skills need exec, read, write, or web access; publishing to ClawHub
• Hands-on exercises: Build three custom skills from scratch on your Lightsail instance—a project scaffolder skill that creates directory structures with starter files from a project description, a file organizer skill that sorts downloads by type and date, and a code review skill that analyzes a GitHub PR and flags issues; test each skill via natural language and manual invocation; observe how the agent selects and loads skills at runtime
• Q&A
• Break

Sessions, Memory & Proactive Behavior (45 minutes)

• Presentation: How OpenClaw tracks conversations through sessions, including session keys, DM scoping, and transcript storage; how compaction works; how the memory system works with MEMORY.md for long-term recall, daily diary entries for running context, and the builtin SQLite-backed search engine; HEARTBEAT.md and scheduled tasks with the cron tool; building agents that act proactively without waiting for a prompt; persistence considerations on Lightsail
• Hands-on exercises: Explore session state and memory files on your Lightsail instance; tell your agent something memorable and watch it write to memory; set up a HEARTBEAT.md with a scheduled monitoring task; restart the agent and verify it retains context across restarts; inspect session transcripts and memory files on disk via SSH
• Q&A
• Break

Security hardening on AWS (45 minutes)

• Presentation: The real threat model (prompt injection, malicious skills on ClawHub, data exfiltration, and over-permissioned agents); Docker sandboxing for isolating agent execution; why AWS matters for agent security: Bedrock Guardrails for content filtering and PII redaction on every API call, IAM least-privilege for model access, CloudTrail auditing of every Bedrock invocation, and traffic that never leaves the AWS network
• Hands-on exercise: Patch the OS, restrict the Lightsail firewall to specific IPs, and run openclaw security audit to fix file permission issues; customize the IAM policy to enforce least-privilege Bedrock access for a single model; create a Bedrock Guardrail with content filters; walk through the production security checklist Let me know if you need anything else.
• Q&A

Wrap-up and Q&A (15 minutes)