← Back to portfolio
Running in production

1 AI Colleague, 15 Autonomous Jobs, 0 Cloud Servers

An AI that wakes up at 6am, reads cybersecurity threat feeds, writes a finance newsletter, scouts business opportunities, runs a four-perspective security audit, and reports back through Slack. Before I've checked my phone. From a Mac mini under my desk.

OpenClawClaude Opus 4.6Mac miniSlackCloudflare
15 Autonomous Jobs cron scheduled
35 Skills 19 built-in + 16 custom
4 Production Sites all on Cloudflare
1 Mac mini $0/month compute
Architecture diagram showing the Clawd AI system: inputs (Slack, GitHub, Cron), OpenClaw Gateway, single agent with 35 skills, tools (Wazuh, n8n, Blogwatcher, Brave Search), and outputs (Memory, Cloudflare, Buttondown, Slack channels)

Most "AI agent" demos stop at a chatbot that can search the web. I wanted to see what happens when you give an AI a name, a personality, memory that persists across sessions, and a real job to do every day. The result is Clawd, an AI colleague that runs 15 autonomous workflows and maintains 4 production websites. It's been doing this reliably for weeks from a single Mac mini.

The agent

🦞
Clawd AI colleague · Claude Opus 4.6 · OpenClaw

One agent. Not five. Not a swarm. The old version of this page described five specialized agents coordinating through Slack. The reality turned out simpler and more effective: one capable agent with the right tools and enough context.

Personality Defined in SOUL.md. Has opinions. Pushes back when I'm wrong. Speaks Norwegian.
Memory Persistent across sessions. MEMORY.md for long-term context, daily logs for raw state. Semantic search via local embeddings.
Sub-agents Spawns disposable sub-agents for parallel tasks: coding, research, batch operations. They report back and terminate.
Heartbeat Checks in every 30 minutes (07:00–22:00). Backs up workspace, checks repo health, monitors cron jobs. Silent unless something's wrong.

The daily pipeline

Every morning, 12 jobs run in sequence. By 08:30, I have a threat briefing, an AI news digest, a published finance newsletter, a Microsoft Security changelog, repo health status, product opportunities, consulting leads, and a personal briefing with my deadlines. Three more patrol GitHub during the day. One runs a security audit at night.

Morning pipeline (weekdays)
06:00
Trusselbrief Scans cybersecurity feeds, analyzes threats relevant to Microsoft Security stack
#faglig
06:25
AI News Digest Curates top AI developments for a security architect who uses AI daily
#faglig
06:30
Morgenbrief Writes and publishes a full finance newsletter via Buttondown
#morgenbrief
06:50
MS Produktbrief Tracks breaking changes and new features in Defender, Sentinel, Entra ID, Intune
#faglig
07:15
Morning Ops Checks all 4 repos for uncommitted changes, failing CI, stale PRs
#dev
07:15
Mulighets-Scout Finds product opportunities where security + AI + fast building solves real problems
#faglig
07:40
Konsulent-Scout Scans the consulting market for security architecture opportunities
#faglig
08:05
Morgenbriefing Personal briefing: deadlines, TODOs, experiment status, market highlights
DM
08:30
Cron Health Check Verifies all jobs ran successfully, reports failures
DM
09/15/21
GitHub Patrol Checks repos for new issues, PRs, CI failures, security alerts
#dev
13:30
QA Sweep Runs lint, typecheck, audit, and build on all repositories
#dev
03:30
Security Council Four-perspective security audit: red team, blue team, privacy, operational realism
#dev
Weekly
Friday 14:00
Opportunity Report Evaluates and ranks the week's product + consulting finds
Friday 17:00
Ukentlig Refleksjon Strategic summary of activities, lessons, and results
Sunday 20:00
Memory Vedlikehold Reviews daily logs, distills key insights into long-term memory

How it works

Slack as the nervous system

Every job delivers to a specific Slack channel. Threat intel goes to #faglig. Dev ops goes to #dev. Personal briefings go to DM. The full log of everything the agent does is searchable in Slack. Audit trail by default.

Markdown memory with semantic search

No vector database in the cloud. A local GemmA 300M embedding model runs semantic search over markdown files. Long-term memory in MEMORY.md, daily logs in timestamped files, organized into domains, projects, and reference material. Git-backed.

35 skills

Each skill is a self-contained module with its own SKILL.md instructions. 19 built-in (GitHub, email, Apple Notes/Reminders, RSS monitoring, PDF editing, macOS UI automation) and 16 custom (threat briefs, market scouting, newsletter production, security audits).

Sub-agent delegation

When a task needs parallel execution, Clawd spawns disposable sub-agents. Coding across repos, research with multiple sources, batch operations. They inherit the right context, do the work, report back, and terminate.

Production sites

politipuls.no
Astro 5 + React + Cloudflare Workers + D1
Real-time map of police incidents across Norway. 110,000+ events indexed. A Cloudflare Worker fetches and geocodes new incidents every 5 minutes.
morgenbrief.no
Astro 5 + Cloudflare Pages + Buttondown
Daily Norwegian finance newsletter. Written by Clawd every morning at 06:30, published via Buttondown API, delivered to subscribers before the market opens.
trym.cloud
Astro 5 + React + Cloudflare Pages
This site. Portfolio and blog. Deployed on Cloudflare Pages.
kyvco.no
Next.js 15 + Resend + Cloudflare Pages
Corporate site for Kyvco AS. Cloudflare Workers handle the contact form.

Tech stack

Claude Opus 4.6 Primary model for all tasks
OpenClaw Agent framework (open source)
Mac mini (M-series) On-prem compute, always on
macOS + Node.js Runtime environment
Slack (Socket Mode) Primary communication channel
Wazuh SIEM Security monitoring (Docker)
n8n Workflow orchestration (Docker)
Blogwatcher RSS/Atom feed monitoring for research
GemmA 300M Local embedding model for semantic memory search
Astro 5 Frontend framework (3 sites)
Next.js 15 Frontend framework (kyvco)
Cloudflare Pages/Workers/D1 Hosting, API, database
Buttondown Newsletter delivery
Brave Search API Real-time web research

Security

Built by a security consultant. Not as a tagline. As the actual design constraint.

On-prem by design

All compute runs on a Mac mini at home. No EC2. No cloud VMs. Memory, credentials, and agent state never leave the local machine. Zero cloud attack surface for the infrastructure itself.

Nightly security audit

A Security Council job runs at 03:30 every night. Four automated perspectives (red team, blue team, data privacy, operational realism) analyze the workspace, read actual code, and report findings with severity ratings.

Wazuh SIEM

Full Wazuh stack running in Docker. Custom detection rules for OpenClaw-specific events. Identity monitoring. The same tooling a SOC would use, applied to a personal AI system.

Defense in depth

Scoped credentials per context. Secret redaction in all outputs. Content sanitization against prompt injection. Full audit trail in Slack, every action logged and searchable.

Questions? Let's talk.

If you're building something similar or want to compare notes on AI agent security, reach out.

Get in touch → GitHub LinkedIn