The Burner Stack Guide

Set up throwaway accounts in 10 minutes. Keep your real digital life completely separate from your AI sandbox.

OpenClaw is powerful — it can read email, send messages, manage calendars, and run commands. That's exactly why you should test it with throwaway accounts first. This guide walks you through creating a clean "burner stack" so nothing touches your real accounts.

0 of 4 steps completed Progress saved automatically

Phone

API Key

Payment

You need a fresh email that is NOT your real one. OpenClaw can interact with email — you don't want it anywhere near your real inbox.

Option A — Gmail (Recommended for beginners)

1. Go to accounts.google.com →
2. Click "Create account" → "For my personal use"
3. Use any name you want — it doesn't have to be real
4. Pick a new address like yourname.sandbox@gmail.com
5. Use a strong unique password — don't reuse one from your real accounts
6. Skip phone verification if possible, or use your real number just for verification then remove it after

Option B — ProtonMail (More private)

1. Go to proton.me →
2. Click "Create a free account"
3. No phone number required for basic account
4. Based in Switzerland, more privacy-focused

Larry says: Don't overthink the name. This is a sandbox email. Call yourself Sandbox McTestface for all I care.

I have a burner email ready

OpenClaw needs an AI model to think with. You bring your own API key. This is the only part that costs real money — and you control exactly how much.

💡 Don't have an API key yet? No problem! You can still deploy your sandbox and explore the interface. Skip this step for now — you'll add your API key later in the setup wizard when you're ready to chat with AI.

💡 What will this actually cost me?

• Light testing (a few chats per day): $0.50 - $2/month
• Regular usage (daily assistant tasks): $5 - $15/month
• Heavy usage (always-on automation): $20 - $50/month

Start with a $10 limit. You can always increase later.

Option A — Anthropic Claude (Recommended by OpenClaw community)

1. Go to console.anthropic.com/settings/keys → — Create account with your BURNER email
2. Click "Create Key" → Name it "LobsterSandbox" → Copy the key immediately (you won't see it again!)

⚠️ CRITICAL — Set a $10 spending limit NOW:

Go to Settings → Spend Limits → Set monthly limit to $10

Start with $10. You can always increase later if needed.

Model guide:

• Claude Haiku 3.5 — cheapest, great for sandbox testing (~$0.25/million input tokens)
• Claude Sonnet 3.5 — balanced performance (~$3/million input tokens)
• Claude Opus 3 — most powerful but expensive (~$15/million input tokens)

Larry says: Start with Haiku and a $10 cap. It's shockingly good and dirt cheap. You can always switch models later.

Option B — OpenAI

1. Go to platform.openai.com → — Create account with BURNER email
2. Go to API Keys → Create new secret key → Copy it
3. Set monthly budget: Settings → Billing → Set budget to $10
4. GPT-4o-mini is cheapest, GPT-4o is more capable

Option C — OpenRouter (one key, many models)

1. Go to openrouter.ai → — Create account
2. Add $10 credit
3. One API key works with Claude, GPT, Gemini, Llama, and 200+ models
4. The "Auto" model (openrouter/auto) automatically picks the cheapest capable model per task

Larry says: OpenRouter Auto is the budget hack. Simple tasks get routed to cheap models automatically.

Option D — Moonshot AI Kimi K2 (powerful & cheap)

1. Go to platform.moonshot.ai → — Create account
2. Add $5 credit (you get a $5 bonus on first deposit!)
3. Go to Console → Create API Key
4. Set spending limit in billing settings

🔥 Why Kimi K2? 1 trillion parameters, 256K context window, frontier-level coding performance — at just $0.60/M input tokens. That's 5x cheaper than Claude Sonnet.

Larry says: Kimi K2 is the new hotness. Incredible value if you want power without breaking the bank.

Option E — Run models locally for free

1. Install Ollama from ollama.ai →
2. Run in terminal: ollama pull llama3
3. Completely free, no API key needed, no data leaves your machine
⚠️ Tradeoff: needs decent hardware (8GB+ RAM minimum)

Larry says: Zero dollars. Zero data leaving your machine. You just need a beefy computer.

I have an API key with a spending limit set

🔒 Security Best Practices

Lessons from the OpenClaw community

Start Read-Only

When connecting external services, use read-only permissions first. Don't give your agent write access until you've tested it thoroughly.

Twitter/X: Use read-only API access (no posting)
Email: Read-only access (no sending)
Calendar: Read-only (no creating or deleting events)
Files: Read access to specific folders only

Prove it works safely before expanding permissions.

Define Clear Boundaries

Create a clear list of what your agent does and doesn't do. The boundaries are as important as the capabilities.

            What My Agent Doesn't Do:

            - Send messages to anyone except me

            - Make purchases or financial transactions

            - Post on social media

            - Delete or modify important files

            - Install new tools without my approval

Write this down before you start. It's your safety contract with yourself.

Review your agent's memories regularly to see what your agent has learned and delete sensitive information you don't want stored. Open Memory Viewer →

Planning to share your bot? See Mission 8: Share Your Bot Safely

Scope Your API Tokens

For every API token you add, document:

What service is it for?
What permissions does it have?
When does it expire?
When will you rotate it?

Set a calendar reminder to rotate your API keys monthly. If a key is compromised, you want to limit the exposure window.

Know Your Emergency Procedures

Before something goes wrong, know what to do when it does.

Read our Emergency Procedures →

💡 Note: OpenClaw v2026.2.9+ handles context overflow automatically. If you're on an older version, update to get this fix.

📱 Phone Control Safety (New in v2026.2.9)

OpenClaw v2026.2.9 introduced device pairing — your agent can now control your iOS or Android device via Telegram. This is powerful but dangerous. Before enabling:

            ## Phone Control Boundaries (for soul.md)

            - Never open banking or payment apps

            - Never send messages without showing me first

            - Never make purchases

            - Never access photos or camera without permission

            - Never change system settings

            - Ask before any action that can't be undone

Start with read-only actions — Let your agent check your calendar or read notifications before allowing it to take actions.
Use a secondary device for testing — If possible, test phone control on an old phone first before connecting your primary device.
Monitor closely for the first week — Watch what your agent does. Check logs. Adjust boundaries as needed.
Keep Kill Switch accessible — Make sure you can hit Kill Switch from ANOTHER device (your computer, a family member's phone) in case your phone becomes unresponsive.

📱 iOS App (Alpha)

OpenClaw now has an iOS app in alpha testing

Setup

Request TestFlight access at openclaw.ai
Install the app on your iPhone
In Telegram, use the /pair command to get a setup code
Enter the code in the iOS app

⚠️ Safety first:

All LobsterSandbox safety practices apply to mobile
Set budget limits before connecting
Review soul.md boundaries for phone-specific actions
The iOS app has the same power as desktop — treat it seriously

Note: This is alpha software. Expect bugs. Keep backups of your configuration.

⏰ Keeping Your Sandbox Always-On

Options for 24/7 uptime

Replit's free tier may sleep after inactivity. To keep your OpenClaw running 24/7:

Option 1: Free monitoring services

UptimeRobot — ping your Replit URL every 5 minutes
Cron-job.org — free scheduled pings
Freshping — monitors uptime

Option 2: Upgrade Replit ($7/month)

Replit's paid tier keeps your app always-on with no sleeping.

Option 3: Use Railway or Render

Both offer always-on hosting with generous free tiers.

Larry says: For most users, UptimeRobot + free Replit is enough to start.

💾 Backing Up Your Agent

Your agent's brain lives in a few key files

What to backup:

soul.md — your agent's personality and boundaries
memories/ folder — everything your agent remembers
config files — .env, settings
Custom skills you've created

How to backup:

Download files manually from Replit
Or use the "Download as ZIP" option in Replit
Store backups somewhere safe (Google Drive, Dropbox, local)

Recommended: Backup weekly, or after any major changes.

Restoring:

If something breaks, upload your backup files to a fresh Replit deployment and you're back in business.

❓ Frequently Asked Questions

What happens if my agent goes rogue?

Hit the Kill Switch. It immediately stops all agent activity. Then check logs to see what happened, and tighten your boundaries before restarting.

Will I get surprise API bills?

Not with LobsterSandbox. Set a budget limit, enable auto-pause, and your agent stops before you overspend.

Can my agent access my bank account?

Only if you give it access. We strongly recommend adding explicit boundaries in your soul.md: "Never access banking or financial apps."

Is my data private?

Yes. LobsterSandbox runs on YOUR server (Replit, Railway, etc.). Your data never touches our servers.

What's the difference between Safe Mode and Power Mode?

Safe Mode requires approval for potentially dangerous actions. Power Mode lets your agent act freely. Start with Safe Mode.

How do I stop a runaway task?

Kill Switch stops everything immediately. Wipe Everything clears all tasks and memory. Use Kill Switch first, Wipe only if needed.

Ready to deploy?

Get setup tips and updates delivered to your inbox.

Skip to deploy →

← Back to homepage