ArgoBox
ArgoBox Journal AI Systems, Homelab, and Control Plane
Ctrl+K
Back to Journal
user@argobox:~/journal/2026-03-10-what-openclaw-does-at-3am
$ cat entry.md

What OpenClaw Does at 3 AM

[Tuesday, March 10, 2026] MOOD: BUILD
○ NOT REVIEWED

What OpenClaw Does at 3 AM

The Setup

OpenClaw is an open-source AI agent gateway. Multi-channel — Telegram, web, CLI. I've been running it as infrastructure automation for ArgoBox, with custom skills, cron jobs, and a 5-deep LLM provider fallback chain.

It runs on a container at the Milky Way site. 24/7. When I'm asleep, it's working.

The Daily Schedule

Six cron jobs, down from thirteen. (The reduction is its own story — the rate limit cascade happened because all thirteen fired simultaneously on container restart.)

8:00 AM — Morning Site Status OpenClaw hits the ArgoBox public site, checks response times, verifies the blog loads, confirms the Cloudflare cache is warm. If something's down, I get a Telegram message before I've finished coffee.

Every 8 hours — Site & Services Health Deeper check. Tests API endpoints, verifies Gitea is responding, confirms the status page is accurate. Compares current state against the last check and flags anything that changed.

Every 6 hours — Playground Availability The ArgoBox playground lets visitors try the public RAG chat. This job verifies the playground loads, the chat endpoint responds, and Ollama is running. Free-tier LLM providers go down randomly — this catches it before someone emails me.

11:00 PM — Security & Site Audit The heavy one. Checks for exposed admin routes, verifies Cloudflare Access is blocking unauthorized requests, tests that error messages don't leak internal details. Basically a lightweight pentest that runs every night.

Sunday 9:00 AM — Weekly Report Aggregates the week's findings. Uptime percentages, incidents detected, provider availability, any security issues found. Sends a summary to Telegram.

Wednesday 10:00 AM — Integration Connectivity Tests every external integration — Resend email API, Cloudflare DNS, Gitea webhooks, Ollama model availability. The integrations that break silently are the ones this catches.

The Provider Chain

Every job needs an LLM to analyze what it finds. I'm running on free tiers — no API spend.

The fallback chain:

  1. Groq — Llama 4 Scout, 30K tokens/min. Fastest free tier I've found.
  2. Cerebras — Llama family. Second-fastest.
  3. SambaNova — Same model, different provider.
  4. OpenRouter — Gemini or Qwen family depending on the task.
  5. NVIDIA NIM — Llama family. The safety net.

If Groq's down, it tries Cerebras. If that's rate-limited, SambaNova. And so on. Five providers deep means a single provider outage doesn't matter. The scheduler also moved from thirteen simultaneous startup jobs to a smaller, calmer cadence so provider fallback remains useful under restart conditions.

For complex analysis (the security audit especially), there's a separate "deep agent" tier that routes to Claude Sonnet. That one isn't free, but it only runs once a day and the token usage is small.

The Skills

OpenClaw has a skills system — SKILL.md manifests that define what tools and prompts an agent can use. I've got 17+ installed:

  • argobox — Site health, API testing, status verification
  • cloudflare — DNS checks, cache status, security headers
  • email — Resend connectivity, MX record verification, send tests
  • network — Internal service discovery, port scanning, latency checks
  • rag — Search the knowledge base, verify embedding health
  • self-healing — Detect and restart failed services
  • backup-verify — Confirm backup jobs completed
  • playground-health-check — End-to-end playground testing

Each skill is a markdown file that declares what the agent is allowed to do. No code — just a manifest of tools, environment variables, and system prompts. Adding a new skill is writing a markdown file and dropping it in the skills directory.

The 7 Admin Pages

I built a full admin interface for OpenClaw inside ArgoBox. Not iframes — native Astro pages that talk directly to the gateway API.

  • Dashboard — Health gauges, quick-action cards, live log preview
  • Config — JSON config editor with validation
  • Cron — Scheduler with add/delete/run-now for every job
  • Skills — Marketplace browser, installation, skill creation
  • Sessions — Active conversation inspector
  • RAG Browser — Semantic search across the knowledge base
  • Logs — Dedicated viewer with filtering

The dashboard is the one I check first thing in the morning. If all gauges are green, OpenClaw handled everything overnight and I don't need to do anything.

Lessons From Operations

Running an autonomous agent as infrastructure surfaces operational lessons quickly.

Notification validation matters — Every channel needs an end-to-end send test, not just a process health check. A service can be running and still fail the user-facing path if token validation, delivery, or routing is incomplete.

Scheduler shape matters — Restart behavior is part of production behavior. Cron jobs now need staggered startup semantics so a restart does not compress an entire day's work into one burst.

Monitoring needs a delivery path — A monitor without a tested alert path is only a dashboard. The useful pattern is detection plus routing plus acknowledgement.

Why This Matters for Vibe Coders

If you're building with AI, you're probably using it for coding assistance — autocomplete, chat, code review. That's level one.

Level two is what OpenClaw represents: AI as infrastructure. An agent that runs autonomously, monitors systems, detects problems, and reports findings. Not a chat interface you interact with — a background process that works while you sleep.

The skills system makes it extensible. The cron jobs make it autonomous. The fallback chains make it resilient. And the admin pages make it manageable.

This isn't theoretical. It's running right now. If argobox.com changes state tonight, the agent has checks for the public site, playground availability, and security headers, with notifications wired into the operating loop.

That's what an AI agent actually does at 3 AM. It watches.

Getting Started

OpenClaw is open source — github.com/openclaw/openclaw. MIT licensed. Install it with Docker and you've got a multi-channel AI agent running locally.

My integration with ArgoBox adds the monitoring skills, cron scheduling, and admin interface. The skill manifests are in the config repo at git.argobox.com/ArgoBox/openclaw-config — pull them, adapt them to your infrastructure, and you've got an AI that watches your stuff too.

The hard part isn't the installation. It's knowing what to monitor and what constitutes "healthy." That's the infrastructure knowledge that makes the AI useful. Without it, you've got a chatbot. With it, you've got a watchdog.

Older Firewall and Local AI Control Plane Newer The Recovery Script Meets Production