How to Build a Safer 24/7 AI Email & Calendar Agent (Full Transcript)

[00:00:00] Speaker 1: So you've seen the open-claw horror stories, deleted inboxes, leaked passwords, hacker attacks, and you still want it to be your 24-7 assistant. Good, let's do it safely. I'm David, and by the end of this video, you'll have the start of a 24-7 AI assistant that can read your email and calendar without blindly handing it the keys to your life. This time, there's no technical skills required, and we're gonna take security seriously the entire way through. Let's go. Here's what makes open-claw different, and why that should scare you. By default, it has full access to every file on your computer. It connects to your phone through telegram so you can message it from just about anywhere, which is cool until you realize that other people can message it too. And it plugs into thousands of apps, and many of those connectors are not reviewed for security. So build it right, and open-claw handles your email, preps for your meetings, and runs reports, all while you're away from your desk. But build it wrong, and someone you've never met is reading your bank statements. Security researchers have a name for what makes it go wrong. It's called the lethal trifecta. See, an AI agent becomes dangerous when it has three things at once. One, access to your private data. Two, exposure to content you don't control, that includes your inbox. And three, the ability to send information outward. See, when all three of these combine, an attacker doesn't hack you, they hack your AI. One email with a prompt ejection attack, and your assistant is forwarding your passwords to a stranger. Now, there's no 100% secure open-claw setup that's still useful, but you get to choose which of those three ingredients you hand over. Instead of giving it a master key to every room, we're giving it a badge, and that badge only opens specific doors. For most of this tutorial, those doors are read-only. I partnered with Zapier to make this possible. It sits between open-claw and the rest of your apps, so you can control exactly what the AI can and can't access. Let's get this set up now. We're going to install open-claw on a separate server in the cloud, not on your laptop. That way, your AI runs 24-7, and it can't touch your personal files. We'll use DigitalOcean for our virtual server. You can access it from the link at the bottom of the screen. Once you're here, click on the Sign Up button in the top right. From here, it's free to set up an account. Just use your Google email, GitHub, or your email address, and I'll see you on the other side. After you confirm your email address, you'll get a few questions to answer. Answer the first two questions however you like, and then on the third question, make sure you select Droplet. If you're advanced, you can choose some other stuff here, but it's not required. Click Get Started when you're ready. Now, Droplets are virtual machines in the cloud, and to get them to run, you have to pay for them. So use this white button to add your payment method, and then come meet me back on the Create Droplets page. You can find that page by clicking on this green Create button, and then clicking on Droplets. Now, let's walk through all the required options, starting with Region. Choose the region which is closest to you geographically. For me, that's San Francisco. Skip over Data Center, and then go down to Choose an Image, and then click on the Marketplace tab. It'll take a few seconds to load. The option you're looking for is OpenClaw 3.2 on Ubuntu. Click on that. Next, scroll down to Choose Size. Now, since we're just starting off, we don't need a super hefty machine. Click on the Regular option under CPU Options. I wouldn't recommend anyone choose less than four gigs of RAM for OpenClaw, so we'll stick with this 24 bucks a month option. Scrolling down, the next setting is choosing your authentication method. If you know how to use SSH keys, choose this option and add your key. Otherwise, set a password that no one will be able to guess. I'll just show a password here because it's simpler. Then scroll down until the end so you can give your server a name. I'll call mine OC1. Congratulations, you finished the first step. Click the Create Droplet button, and then wait about 20 seconds for your server to be created. Once it's ready, you should see it's good to go. Next, move your mouse over the IP address and click this Copy link. This is literally an address for your server. We'll use this to connect to it. We're done with DigitalOcean for now, so let's get rid of this window. Next, open your command prompt. You can get there on Windows by clicking on your Start menu and then typing C-M-D. You should see the command prompt pop up. Press the Enter key to launch it. Now, if you're on a Mac, you'll want to launch something called the Terminal. You can find that in your list of applications in the Launchpad. We're now going to connect to your server, so type this with me, SSH space root, and then the at sign. Then right-click on Windows to paste that IP address and then press Enter. By the way, all the commands that I'm typing, you can copy and paste from a document you'll find in the Resources section of the description. All right, so you're gonna see this message that says the authenticity of this host can't be established and then a bunch of random characters. Looks scary, but it's really not. This is your computer asking, hey, I've never talked to this server before. Are you sure you want to connect? So type yes and then hit Enter. If you take too long to respond, this connection might close. That's okay, just retype the same command and hit Enter. You'll be prompted for that password that you just set, so copy it and then right-click to paste and then press Enter. If you were successful, you should see a banner welcoming you to OpenClaw. Now down below, you'll see a bunch of info that we'll refer to throughout the rest of this tutorial. Make sure you keep it handy. Now let's scroll back to the bottom. There are a couple of questions we need to answer to complete the setup. First up is the AI model. Let's choose number five and press Enter to break out of this menu and get a few more options. We're now directly in OpenClaw's setup, not a digital ocean wrapper. So this first question, where will the gateway run? Let's stick with local by pressing Enter. Now we have a much larger selection of models to choose from. Choose your favorite here and if you don't have one, follow me and use Anthropic. Then use the down arrow to select Anthropic API Key. Select Paste API Key now and then let's head over to platform.clawd.com to create an API Key together. Sign in or sign up for an account and I'll see you on the Claw dashboard. From the homepage, you should see a button that says Get API Key. If you do not see that, you can always find it on the left sidebar under the Manage section. Go ahead and click it. Next, click on Create Key in the top right. I like to have a single key for each purpose, so I'll call this one OpenClaw1. Then click Add. Now copy this key. Make sure you save it in a safe place like a password manager. You won't be able to access it on this website again. And before we paste this into OpenClaw, let's set a spending limit by clicking the Limits button. It takes money to run these AI models, but that doesn't mean we have to be surprised by how much it costs. On this page, you can scroll down to Spend Limits and then select Change Limit. Change the limit to what you're comfortable with. 20 bucks is a decent default and then click Update Limit. The last thing is to make sure you have some money loaded, so scroll up and click on Billing. AI usage is pay as you go, so buy some credits using these buttons while you're here. Otherwise, OpenClaw is not going to work for you. Finally, let's head back to the command prompt, paste in your API key, and then press Enter. Now onto the actual model choice. Here are my recommendations. If you're cost-conscious, go ahead with Haiku. If you are into intelligence maxing, even though it might not be necessary for today's demo, go with Opus. Otherwise, if you're in between, let's stick with Sonnet. Now setup is complete, OpenClaw should start successfully, and it runs through a pairing process automatically. Next, it's going to ask if you would like to run pairing. This gives you access to a web dashboard. So after this, you can manage everything from a browser instead of typing commands. Let's type yes here. In the response, you should see a dashboard URL as well as a gateway token. Go ahead and select the gateway token and then right-click to copy it. Then move your mouse over to the dashboard URL, hold the Control key or Command key on Mac, and then click it to open it in your browser. From here, first click the Overview button in the left sidebar. Then you should see a gateway token text box somewhere on the screen. Paste the token you just copied into that text box, and then click Connect. Now sometimes you'll run into errors like this, which you can't explain. That's because this product is getting updated every single day, and sometimes there are bugs. My best advice here is to screenshot the error or at least type it up into your favorite AI model, turn on the search functionality, and then ask for help. Once you're through that, you should see Pairing Required somewhere on the dashboard. That means it was successful. It's time to head back to the command prompt. From here, type Continue to finish the setup process. Once pairing completes, you should have full access in the dashboard, and you might even see a banner to update. Go ahead and update now. Now hopefully on the version of OpenClaw you're running, this button actually works, but it doesn't for me. In case that's the same for you too, go back to the command prompt and type in OpenClaw update, and then press Enter. This should take a few minutes to complete. When you see this question about enabling Bash shell completion, just select Yes. Okay, this next part looks ugly, but it's important. There are four settings the server needs to work properly for today, and you can copy them from the Resources section in the description. I'll put what they do in the guide there. Just copy these exactly and press Enter. Each update should only take a couple of seconds, and when it's completed, you can type or paste in systemctl restart OpenClaw to restart the service. Now you can head back to the web dashboard. That update notice should be gone. Click on Chat. If you've set up everything correctly, you should be able to type in hi into the OpenClaw chat and get a response back. It'll probably ask who you are like it does here. It might even ask who it is. Just chat with it back and forth for a few prompts and see where you get. So in my case, it's asking for a name and a vibe. Let's call it Claudie, my new assistant. I'm gonna ask it to keep it casual, tell it a little bit about what I do, and then send it off. Now this is fun, OpenClaw is starting to come to life, but let's get out of this dashboard. It's currently available to anyone who wants to access it, which isn't good. So we're gonna go through Telegram instead. Tell your OpenClaw to set up Telegram. You'll get some instructions which look like this. Let's perform them together. First, you need to download and install Telegram and then open up a chat with the bot father. To create a new bot, type slash new bot, and then press Enter. Give your bot a name. I'll call mine Cal because it's gonna manage my email and calendar. And it needs a username, so I'm just gonna call it CalBot. Or maybe not. Try using your name or your company name to make a unique username. You'll get a bot token. Go ahead and copy that. Make sure to keep it safe and secure. Do not post it on a YouTube video. And then let's head back to the web dashboard. Now paste that token back into the chat. Again, don't share this with anyone. When the model responds, you should be set up in Telegram. Back in Telegram, click on this link from the bot father's last message to open up a chat with your bot. Click the Start button at the bottom of the screen and you should get a pairing code. Copy that pairing code and head back to your chat, paste it in, and then click Send. Now just a side note, because you will see different messages from me here. If for whatever reason, OpenClaw does not ask for a bot token or a pairing code, modify your responses accordingly. For example, answer any question it does have and then say, here is my bot token, paste the token. That said, Telegram is now live. Let's message it and see what happens. OpenClaw is live. It's running on its own server, talking to you through Telegram, and it can't touch anything on your computer. But right now, it actually can't do anything either. So let's make it useful. Let's head back to the OpenClaw dashboard. This time, click on Skills in the left sidebar. Skills are how you connect OpenClaw to outside apps so it can do things outside of a chat box. On this page, you'll only see built-in trusted skills, but be careful if you look outside this page, there are a lot of skills out there that are actually security risks. We're going to increase the security of this by connecting to our apps through Zapier. To use Zapier, click on that link in the description below and follow along with me here. Sign in with your existing account if you have one, or you can set up everything I do here with a free Zapier account by clicking the signup link. No credit card required. Once you've filled in your details, click Get Started for free, follow the prompts, and I'll meet you on the other side. You'll land on this Zapier MCP page. So first off, click the New MCP Server button. Then for client you want to connect to the server, click on Open Claw. Now an MCP server is like a general purpose integration engine for your agent. To give it powers to connect to your apps, you have to add tools, so let's click that button. We'll have our agent take on two tasks. The first is to prepare a brief every morning at 5 a.m. to prepare us for our meetings for that day. And the second, we'll find the most important email in our inbox to respond to. So first, let's connect to our calendar. I'll use Google Calendar here, but you can use Outlook by scrolling down the page. A big advantage of using Zapier is that you can restrict what your agent has access to inside of this list. So for instance, we can filter this list to just the read-only tools, that's the find data tools, so we don't inadvertently give access to Open Claw to create, update, or delete calendar events. Now we do want it to get all of the events in our day, so we're just going to check all of these different tools. Once you've checked them, click Connect. Click Connect again, and you can sign in to your Google account. Then click the Add Five Tools button when you're done. Now we need to connect your email tool to do email triage. I'll use Gmail here, you can also use Outlook down below. Again, we'll just use read-only tools. You can tell those by the magnifying glass next to their name. Click Connect, and then click Connect again to connect to your Gmail. Then click Add Two Tools to commit the change. Our MCP server is ready to go. Click on the Connect button up at the top. Now you'll need to generate a token to connect to this server. Now once you click Generate Token twice, this will only be shown once. Make sure you keep it secure, and definitely don't show it on a YouTube video. Click Copy on option two, say you've saved your credentials and actually do that, and then click Close. Time for a quick security check. We now have private data access, the AI can read our email and calendar. It's exposed to untrusted content, which includes whatever's in those emails and calendar invites, but notice what's missing. There's no Send, there's no Delete, and no Write. Two out of the three, not the full trifecta. Now let's head back to Telegram and install this. We're actually going to install a skill like I just showed you, and the magic words are Install MC Porter. MC Porter allows you to connect to MCP servers. It's asking, do we want to connect to anything specific? So let's say yes, let's give the server a name, I'll call it G Suite, and then I'll paste in the Zapier URL we just copied. Again, keep your token private. You should get a message like this that it was successful. Just for good measure, ask it, what tools do you have access to? So you should see that all the tools here match what you configured in Zapier. Now that OpenClaw has some apps to work with, we're going to set up a daily briefing that runs at 5 a.m. It'll read your calendar and send you a summary of your day before you even open your laptop. To do that, let's send this detailed prompt. I'll run through it as it's working. So using this Zapier MCP server, set up a job to check our calendar every morning and send us a morning briefing of our meetings via telegram at 5 a.m. Pacific. It should include meeting agendas, past conversation history, to remind me what we had talked about before and allow me to pull the briefing early on demand for a specific day if desired. This one will take a little bit of time. You might get some intermediate messages like I'm getting here. Once you finish though, you'll probably get a test run as well as a clear description of what it did. I didn't have any calendar events today, but let's see what happens when I ask it for my briefing tomorrow. By the way, you know that your OpenClaw is working when you see typing either up here or inside the left sidebar. And after a minute or two, you'll see your full morning briefing for the next day. Now, did you spot the main problem here? It doesn't actually tell us when our meetings are. If you're unsatisfied with the output like this, tell your bot by writing a new message. Keep iterating until it works for you. That's how these agents work. Now, notice what just happened. OpenClaw read the calendar through Zapier, not through raw Google access. And it sent that summary through telegram, not email. The Zapier side stayed completely read-only. That takes care of your calendar, so now let's tackle email. We don't need to set up anything new. See, the Gmail read access we added for the briefing works here too. This time we'll create a skill inside of telegram that looks like this. Give it a few minutes and it'll complete the skill. Now, a skill is a way for an agent to remember how to perform a repetitive task. And in OpenClaw, you can associate slash commands with that skill. A slash command is just a fancy way of saying you hit the forward slash key and then a keyword to invoke that skill. Your OpenClaw agent should give you something that looks like this. Obviously, the specific emails will be different, but what may surprise you is that the formatting is probably different too. That's because we weren't specific about how to lay out the response we wanted, and so it made something up. You might also find that it categorized emails incorrectly. If that's the case, take this opportunity to pause the video and give your agent some feedback about how it can do a better job for you. That's how you make this work for real life beyond just a flashy demo. Now, watch what happens when I try to respond to one of these emails using OpenClaw. Now, like a good assistant, it's asked us for a few details that we really should cover in the response, but let's just plow through and see what happens. It just fails with a clear error. That's by design. It told you which emails need replies, but you're the one sending those replies. The AI can read your email. It cannot send anything on your behalf, but at some point you're going to wonder, what if it could draft replies for me? Let's make that happen. Head back to Zapier and then click on Configure. Click on the Add Tool button and then go back to Gmail or Outlook if you used that before. This time, find the tools to create drafts. There are two in Gmail. One is called Create Draft, and the other is Create Draft Reply. Select both and then click Add to Tools. Keep the email account the same as last time and then click Add to Tools again. Your server's updated just like that. You don't need to do anything else in OpenClaw. To demo that, let's just ask it to create a draft reply instead. Now, yours might work right away or you might run into the same error I have. If it still thinks there's no way to draft emails, tell it to refresh its tool list and try again. That time it worked. You see it discovered the new tools and then it used them. Now let's see how this looks in Gmail. We see all the emails it reported earlier plus this draft message to Adele. The email's already filled out in the draft box, but you'll notice there's a bug. There's no one on the to line. These little bugs are going to happen to you and it's important to know how to fix them. So here's the principle. If something goes wrong, tell OpenClaw what it did wrong specifically and share your expectations. Try to do that over having a bunch of unfinished agent workflows. One of the best ways to do this is to issue the correction and then package all of the changes into a skill. For example, here's my correction. Make sure to add the recipient and then the second line is just to package this into a skill. Now these rules will be used when it drafts its next email. Notice also we didn't create a slash command for this skill. That's because it should be invoked automatically when drafting emails. That's when you should be able to use it for either ad hoc or even part of other skills. We've built the AI workflows, but right now OpenClaw can still talk to any server on the internet, which is a big security risk. Let's fix that. First, let me show you the actual risk here. Type this into your chat and send it to your agent. You'll get a response like this. This is the HTML for the page example.com. Now you might think, what's the big deal? What happens, for instance, when your agent tries to access a website like this? If your agent reads some email where an attacker has put in a prompt injection attack, which then tells your agent to go leak data by accessing a website like this, then you're screwed. One way to fix that is to turn on a firewall. Fortunately, our friends at DigitalOcean can help us there. So back in DigitalOcean, go to the left sidebar and click on the networking link. Then click on firewalls and scroll down to click create firewall. We'll call this one OpenClaw to protect all of our servers with OpenClaw installed. For the demo today, we're gonna lock this down as much as possible. First, we're gonna shut down all inbound traffic, so click delete next to this SSH row. That means no one can SSH in like we did earlier on the command prompt, and no one can access the dashboard anymore. That's all fine because you've still got Telegram. Now let's go down to the outbound rules. We'll remove ICMP and UDP first. Then let's change all TCP to DNS TCP. Now here's where we restrict outbound web traffic. Under new rule, select HTTPS. Then there are a couple of IP address ranges to copy and paste from the guide. First, remove the all IPv4 and IPv6 options, then paste each one from the guide and press enter. This first one is Telegram. That's followed by Anthropic, and finally followed by Zapier. Note that you might need something different for Zapier. It really depends on your location. If this doesn't work for you, the resource guide in the description will help you fix it. Our last step is to apply this firewall to our droplet. Inside the search for a droplet text box, type the name of your server and then select it. Finally, click create firewall. Wait about a minute, head back to your Telegram bot, and then ask it to try it again. And it doesn't work in either of the attempts that it tries. It even thinks it can get around it with a different tool, but even that doesn't work. But here's the cool thing. If it couldn't talk to Anthropic's model, then we wouldn't have even gotten a response. So we know that's working. And just to prove a point, I reran the email triage command and it proved we can still talk to Zapier. Your AI can now only talk to three places, Telegram, Anthropic, and Zapier. Even if someone managed to inject a malicious prompt, the AI physically can't send your data anywhere else. We set up Gmail and Calendar today, but Zapier actually connects to over 8,000 apps like Airtable, HubSpot, Google Sheets, and Outlook. It's the same process. Pick the app, pick the tools, and then tell OpenClaw what you want it to do. Here's my parting advice. Start with read-only access to your apps, then get comfortable, only then give more access when you're ready, and only if you need to. And remember, if you ever get stuck, you can just ask OpenClaw for help. Now, everything from today, including prompts, commands, and firewall rules is linked in the resource guide down in the description. Check out Zapier MCP to get started. That link's in the description too. And if you wanna see the possibilities firsthand, RSVP for the OpenClaw How to Build Agents Safely webinar on March 18th, you'll find that link in the pinned comment. I'm David, and I'll see you in the next video.