Make money doing the work you believe in

Paweł Huryn's avatar
Paweł Huryn
Feb 12
The Product Compass

OpenClaw has 186K GitHub stars and 1.5M compromised API keys. I needed a secure alternative.

So, I built it with n8n.

It can already:

  • Reply to your Telegram messages

  • Access selected folders from your laptop

  • Access Gmail, Drive, Notion, Linear, etc.

  • Install new local tools in a sandbox

  • Run autonomously for hours

  • Create multiple subagents

  • Learn from experience

  • Wake up regularly

But, unlike OpenClaw, it:

  • Can't access your API keys

  • Can't modify its environment

  • Can't access folders you haven't shared

  • Can't access tools you haven't approved

  • Must get your confirmation, e.g., when sending emails

These aren’t prompt instructions. They’re hard architectural boundaries — Docker isolation, mounted folder permissions, n8n’s tool approval system.

Key components:

  1. The VPS on Hostinger hosts n8n and a sandbox container. Agents can also connect to my laptop's sandbox via a Claudeflare tunnel + Desktop Commander MCP.

  2. The Manager agent is the brain. It plans, decides, delegates, and talks to the user. It never touches files. It never runs scripts. It works entirely from executor summaries.

  3. The Executor agents are the hands. Each receives a task (what to do + why it matters), decides how to execute it, and reports back. They can install new tools and execute code only in their dedicated sandboxes.

  4. Data Tables in n8n store both memories and sessions — no external database, no vector store, no infrastructure. Just rows in a table. Turns out, that's enough. Two memory types:

    1. Manager memory: user preferences, facts, corrections, relationship, skills, context

    2. Executor memory: what tools are installed, what’s broken, workarounds

  5. Sessions are short-term state for multi-step tasks. Original request, plan, assumptions, and what happened so far. When the Manager loops with fresh context, the session is all it gets. That's a Ralph Wiggum loop.

I've been using it for 5 days. And already can't imagine not having it on my phone.

What's next:

  • Heartbeat via Cron (a scheduled prompt)

  • Civic Nexus governance + MCPs

  • Supermemory integration

  • WhatsApp as an additional surface

The architecture supports all of it without changes.

OpenClaw proved people want personal AI agents. It also proved that 'just trust the prompt' isn't a security model.

Docker isolation, mounted folder permissions, tool approval — none of this is new technology. It's just discipline.

You can easily do this with n8n — no coding required.

Want to try it or read more?

A demo video, what I learned, and a setup guide: productcompass.pm/p/sec…

Feb 12
at
7:36 AM
Relevant people

Log in or sign up

Join the most interesting and insightful discussions.