Our Favorite Agent Setups
The picture behind you, like everything's
on fire, that's actually my OpenClaw
server a couple of times already.
I mean, I set everything up and, when you
set it up as root, root, that's obviously
bad advice, you should never do that.
So it's running as root.
And I got really frustrated in
Telegram and I'm writing something
and I said, just delete it,
delete, you know, whatever it is.
Well, OpenClaw took it literally and
deleted the entire project and down to
the root and just deleted the server.
No longer responsive.
I was like, wow.
Okay, that worked.
Hey, welcome to the
Agentic DevOps podcast.
I am your host, Bret.
And this episode I've got my friend
Brian Christner coming in from Europe.
We've known each other for a decade.
He's a Docker Captain alumni, and
really one of these leading edge
tech guys that's always focused on
cloud native, leading edge tech.
He actually runs an online casino
company out of Switzerland.
And we don't really get too much
into the weeds of that whole world,
but he runs developer teams, he
manages an organization, he has to
worry about security policy for AI.
And so we talk a little bit about that.
This whole episode is mostly around
what we're both seeing in terms of
tooling, agent harnesses, the models
that we recommend and pick right now,
because right now there is at least
a distinct difference between the
very top of the line models like Opus
and GPT 5.4 versus everything else.
And we get in the weeds of it.
We talk about security strategy
around OpenClaw because if you've
heard about that thing in the
last couple of months, like it is
definitely capturing the zeitgeist.
And then even a new project called
NanoClaw, which is a variant of
OpenClaw-- or really, I should say a, I
guess a competitor technically, 'cause
it sounds like it's, it's written from
scratch-- and it runs natively in Docker
containers, which is the whole goal here.
I'm really hoping that very soon we're
all gonna be running these things in
some sort of encapsulated protection
area, like a container provides, right?
We've seen Claude Cowork recently shift to
an actual VM, so if you're interested in
Claude Cowork, we know that that thing is
isolated on your machine, away from your
standard operating system, 'cause it runs
in Linux VM, just like Docker containers.
But it's nice to see new projects
coming out that are doubling down on
container use because I've been waiting
for the industry to finally catch up
with the security practices and all
of the isolation technologies that
we've built for the last few decades
and make that the standard for using
AI agents, which as we know sometimes
hallucinate and tend to install tools
and do things on your local system
that maybe you don't want them to do.
So it's a great conversation covering a
wide array of AI issues, and I hope you
enjoy this episode with Brian Christner.
hello, Brian.
Hey, Bret.
How you doing?
All right.
I'm glad to have you here.
this is Brian Christner.
We are on the opposite sides
of the pond from each other.
I'm over in North America, he's in Europe
and Switzerland So Brian, so Brian and
I go back, over, I think over a decade
at this point, at least probably a
decade cause you're an OG captain and
we, so we've got a lot of experience
in containers and infrastructure.
sure.
Now you manage teams of engineers, is
that an accurate statement or a team?
Yeah, so I'm part of our organization.
We have a development team that's
handling a lot of our infrastructure that
they're building Kubernetes clusters.
They have everything built there, but,
essentially I'm running an online casino.
one of the top three largest casinos
in Switzerland, and we obviously have
a lot of data and this data is in,
in the massive database, but it's
all orchestrated with Kubernetes and
our services that we are creating.
Yeah.
And we've had you on and talked
about some of that stuff.
We actually had a really popular
episode with Brian a couple of years
ago that I probably should have pulled
up because we were talking about jobs.
Of course, that has aged not
like fine wine because job
market right now is insanity.
Yeah.
I'm not sure any of those rules
have changed though, but we
talked about like DevOps roles
and operations engineering roles.
And like helping people sort of trying
to give them like junior career advice,
like how, you know, how to, how to
help you stand out from the crowd.
I think now everyone's just scrambling to
know as much AI as possible, anticipating
some sort of job shortage that only
will be saved by you knowing AI, which
is kind of, I mean, we say it nicely.
We say it with like, I think the industry
has been saying, you know, the, you
won't be replaced by AI, you'll be
replaced by someone who knows AI, I
think is the thing that we all say.
I'm not convinced that
that's entirely true.
I'm getting more anecdotes or
well, directly from friends.
I just talked to someone this last
week that is losing their lead
DevOps engineer that isn't sure
they're going to get permission
from management to replace them.
So they're scrambling to figure out if
AI can, like, help them automate some
of the toil that the DevOps engineer was
doing, like, like the daily stuff that
the normal activities and if they can like
use skills or I was advocating for skills.
I've been in love with skills
for a couple of months now.
And I'm sure we're going to
talk to each fan as well.
Yep.
I'm interested in hearing
Brian's stories about OpenClaw.
We're going to talk
about that a little bit.
But, I'm not sure we're going to
specifically talk about DevOps AI
advice but that's my whole jam is
trying to figure out where these
tools work and helping us with,
obviously they can write Terraform.
Obviously they can write, you know,
GitHub actions, workflow files.
Like that's a thing, but how do we.
How do we automate things that weren't
previously automatable by putting
in a non deterministic robot is
kind of where my head's at lately.
I think I wanted to hear from you
on other than OpenClaw, which I
guess we really, that's not, we
technically, I guess we call that an
agent harness, but it's not a harness
for code necessarily or text writing.
I mean a way to describe OpenClaw
sorry to interrupt you Bret is like
OpenClaw is essentially an orchestrator
of LLMs because you're able to connect
to any LLM lLM you want out there.
So you can connect to OpenAI,
Gemini, Cloud, whatever you want.
And you can switch between the
two and you can really configure
down to the agent level.
And that's where I find the superpower
of OpenClawd at the moment because
it's open source and you can really
configure it however you want.
So you're not tied into a specific
LLM of the day, flavor of the day LLM.
Right, but you wouldn't use necessarily
OpenClaw to stare at code while you're,
like you would Claude Code, right?
Like you wouldn't, it's not a TUI
in the way that we think of like
Claude Code or OpenCode or VS Code.
So
I'm thinking more like kicking
off tasks, like, Hey, can
you go research this for me?
Can you go, you know,
build this marketing plan?
These type of tasks, perfect use case.
But I mean, like coding, like you
said, it's better than terminal.
Okay.
So before we get into OpenClaw,
because I feel like the whole
episode could be consumed by that.
And I want to get to that.
I wanted to talk first around,
like, what are you hearing?
Like, what is the general
vibe in the company?
Are you allowed to use AI at
all, even in your industry?
Is that something that, that your
engineers are able to take advantage of?
And if so, like, what?
What are some of the
things you're seeing out?
Are they choosing Claude Code?
Are, is, are you seeing that happening?
I was just looking for a firsthand.
We really have like an AI enabler within
the company and she does an amazing job.
She like onboards everybody
within the company.
And think of us, we're an online casino
and we have a physical casino as well.
So we have everything from cooks to like
casino technicians to online developers.
We have everything in between.
And the onboarding of these
different skills is just amazing.
Cause I mean, like, our chef.
Our executive chef, I mean, he's
built a complete course around
how you can make like, AI,
brunches and everything like this.
How you do all your ordering
and everything through AI.
So, I mean, we're really
enabling everyone within the
organization, which is really cool.
Yeah.
The challenge is, there's,
it's moving so fast.
So, trying to keep everyone
updated and keeping the guardrails
in place is very difficult.
And we don't want to load any
customer data in there, that's
definitely a no go for us.
So we're keeping no go
out, all customer data.
But as far as like, just, yeah, normal
KPIs or like marketing, these types
of things where it's not the customer
impacting, that's no problem for us.
Are they prescriptive or as an
organization, are you prescriptive in
like what harnesses or IDEs people use
or people able to just, is it like when
you think of your, from your security
mindset, are you focused on particular
model companies or cause organizations
I've seen, like, there's all sorts of
things, everything's wild, wild west,
but you know, some companies are like,
you know, we have Gemini and that's the,
and that is what we bought as a company
and that's what all developers will use.
And so then you're kind of, as an
engineer, you're sort of limited
to whatever the company buys you.
And then you sort of see this shadow
AI where people sort of sneak out and
do something that's maybe not approved.
How do you think of it?
Do you think, like, you've got a
plethora of things and everybody
can choose from a smorgasbord.
How does that go?
So, I mean, we, we have like a
AI steering committee where we
actually decide which tools we
should onboard within the company.
And it's really like, you know,
where's the data stored and what
kind of data protection do they
have, these types of things.
But I mean, generally all the
tools are available to us.
That's most people would use.
There are some exceptions, you know, some
of the Chinese models and whatnot, it's
just, they don't follow the European data
regulation, so we can't onboard them.
And that's a hard no for us.
But otherwise, I mean,
everything's quite open for us.
So, I mean, we have Gemini in use,
we have Perplexity, we have OpenClaw,
I mean, not OpenClaw, Claude, but
we have all these things running.
So it's basically whatever your
use case is, you can kind of
pull that specific model down.
Now for the, the majority of people
within the company, we try to onboard
them to Copilot, just because it's easier.
Yeah, the guardrails are much
easier to control and yeah, we
know what's going into the model.
Now, developers, obviously they
want more, they want more control.
So I mean, they're going
direction OpenAI and Claude.
Okay.
So when you say, when you said,
Copilot, you're specifically talking
about Microsoft Copilot, not GitHub.
Microsoft Copilot.
Yeah.
Yeah.
Yeah.
Okay.
horrible branding by Microsoft, right?
So everyone gets confused.
Naming is hard, man.
Naming is hard.
I mean, I do appreciate it.
if it was, I feel like it'd be much more
Microsofty if it was more like every one
of them was Copilot, but the la instead
of it being very vague and confusing
that there's another couple of words
after that that we have to say, right?
Like, yeah.
Exactly.
Yeah.
I would, if it was Microsoft, original,
it would be like Microsoft Copilot
something edition, you know, V two or so.
And then that, and we'd have to say that
because then there's also this other thing
that's other edition and we'd have to have
an acronym dash dash because it would be
too long to say, so we'd have to right.
Yeah, because I'm obviously,
because I'm such a GitHub person,
I mean, I'm teaching GitHub.
I've consulted on GitHub for at least six
years, specifically around GitHub actions,
because that's, I'm not necessarily
teaching people how to do commits.
I'm teaching them more about
workflows and automation and
deployments and all that stuff.
Obviously my Copilot world is
rolled around in GitHub Copilot.
I am aware that there is a
Microsoft Copilot and I technically.
I think I used it a few times with an
Office 365 account, but I see it a lot
with other like non tech business friends.
I see them in chat on a mobile,
on the mobile Copilot app.
And they talk about their work AI a lot,
so that's a big win for Microsoft there.
I mean, it's decent.
I'm not a massive fan of it because I
mean, the hurdle to automate something
with this is just, I mean, it's massive.
I mean, for example, to automate an
email coming into your inbox and then
feeding it to Copilot and having it
all working every day, is a mission.
So, I mean, ClipPilot.
I like that one from James.
Yeah.
Clippy.
Clippy.
ClippyPilot.
but I mean, generally it's getting better.
It's just, I mean, when you compare
it, it's supposed to be OpenAI, right?
But if you compare a Copilot to
OpenAI, it's night and day difference.
Okay.
Yeah.
So it's my, maybe an older,
or there's some, yeah, there's
hidden, hidden, it's obscured away.
Right.
So we're not sure about what's
going on in the background.
Exactly.
Cause that, I mean,
that's the general vibe.
I mean, we haven't, we talked about this.
Like since Opus 4.5 was released in
November, I think the general vibe
in the industry is like, okay, this,
that December might be, I think I
was framing it this way yesterday.
December is the epoch of
many of us suddenly taking AI
seriously as an engineering tool.
as opposed to it being
a fancy auto complete.
And I spend far less time arguing,
I spend far less time dealing with
hallucinations, and I think the way
we're going about it with some of these
modern concepts of skills over skills
and maybe like, CLI over MCP, not that
MCP's going away, but I think that It's
hype cycle has been pretty fast to go
like all the way up to maximum hype.
Incredible, right?
And then like, everyone's like,
ah, it's not really that great.
Actually, I'm not really even using
any, like, I just tell the, I just
tell the tool to use my CLI tools.
And so now you see things like
I just saw last week, was it?
I think it's Google who launched a Google
Workspace or Google Docs, Google Sheets,
Google Drive CLI, I think, I think it's
really good.
Is it good?
Okay.
Yeah.
But it's like
essentially like a MCP
to Google's ecosystem.
Yeah.
And it's quite nice.
I mean, now if you get rate limited or
whatever, I don't know yet, but I'll
definitely, it's on my to do list,
but it's a CLI tool, right?
My, my understanding is
it's a CLI tool, right?
So instead of us having to add an MCP
tool with 50 or a hundred different
MCP tools in it, and then worry about
security and authentication, we're
just using a CLI tool and that CLI
tool manages its own authentication.
And it's, it doesn't, it only has
to know the help file of the CLI
tool and the command structure.
It doesn't have to know all
these MCP tools, which I
believe is better on tokens.
If I remember correctly,
looking into some of that, like.
Oh, I can tell you token
horror stories on the OpenClaw.
I've burned my credit card
into many bits and pieces.
Yeah,
being like, an early adopter of OpenClaw.
A friend of mine yesterday said
he tried the fast mode in Opus and
like an hour later, he had like
a 25, bill or whatever like that.
And he's like, okay, maybe not fast mode.
It's very nice.
But, I, you know, we're all challenged
as well with AIs are getting faster,
but we still have the waiting game.
And that creates like this flow
problem that I don't know how
to describe it, but you end up
feeling like you need to multitask.
Well, the thing, the thing is with the, I
mean, everyone's complaining about memory
and all these different models, right?
So everyone's saying, Hey,
it forgets what I'm doing.
I constantly have to
remind my model to that.
My name is Brian, whatever.
But the thing is, we're building out
these models, these memory models,
which means we're having more context
we're passing to the model each time.
So the model is growing and we're
just bombarding these models with
tons of tokens just to say I'm Brian.
You know, and here's, that's why
the costs are just exploding.
Yeah.
I mean, the costs are exploding because
we want more memory at the moment.
I've talked a lot about OpenCode
lately, so we're going to get
into OpenClaw in a minute.
But I think, I think we are, we're both,
I think of an agreement that Claude
Code is probably something that's.
In our radar, I've been using, I
mean, it was kind of, I think, I
feel like the first successful TUI.
I was an early adopter of VS Code's
Copilot back in the beta, I think it was
like 2023, maybe, when the beta of Copilot
came out and I think we had a show here
like the day after, Copilot came out and
we haven't exactly been the AI channel.
I would, I definitely have not pivoted
to be like everything AI, like a lot
of my friends are, much to my detriment
on YouTube, but the things that I have
started to gravitate to are shying
away from things like OpenCode or
Codex specifically simply because I
find myself wanting to switch models
too often, and I don't want to be
locked into a harness that's locked
into a particular vendor's models.
So I started trying out OpenCode in
December, moving from Claude Code, and
I at the time was actually trying The
copilot, CLI, the Codex, CLI, before Codex
actually had a GUI and the Claude Code
CLI obviously, and I shifted to OpenCode
and now it's the only thing I use.
And I love that.
I have a Copilot subscription, which
is technically like open router.
Mm-hmm . 'cause it gives me
the, you know, the tall, all
the hits, all the great models.
I can do that through copilot.
I can do that, I have a subscription
to OpenAI and to Claude.
And so I can pull in all three of
those subscriptions into OpenCode
and switch between the models at
will in the middle of conversations.
And so a lot of times when I run
into like, if I run into my Claude
Code, if I run into my Claude
limit for the day on Opus, I just
shift to my other subscription,
shift to a
different model.
Yep.
Yeah.
And I just, so I go from my
cloud subscription to my GitHub's
Copilot subscription and just
keep going, keep rolling with it.
I think there's technically token
limit differences because if I, if you
get really into the nerdy details of
the APIs, like, Claude is, you know,
Anthropic has moved to a newer, modern,
API away from the chat API before.
And I think, yeah, and I
think that, I think GitHub is
still on the older structure.
So there, but OpenCode as an, is a
wonderful open source project because
it's, it just handles all of that.
And in fact, if we did a demo, I
would show you like, if you scroll,
I was showing some friends yesterday.
Because they're all Claude Code users,
and I've been like the sole OpenCode user
and I'm ranting about it all the time.
I'm like, did you know you can have
one conversation and be, and watch
it from the TUI, from the GUI and
from remote web mobile on my phone.
And I can see the conversation on
all three happening at the same time.
And I don't have to use WhatsApp.
I don't have to, you know, not to knock
on your door, but like, I don't, I can
have the full fledged experience of
the two of the, the, of the UI that
we're all used to, with the proper
diff formation and all that stuff, as
opposed to chatting at it through an
instant message tool that is not meant
for agentic screen, screen presentation.
And I much prefer that I have
to use, with OpenCode, it's not
a, it's not a cloud service.
Like Claude or GPT or anything like that.
So you have to use like tailscale
or something to get you back to your
machine, but I run it as a server.
In fact, I showed a diagram
of running it as a server.
So you just, you know, run OpenCode
server or OpenCode web, and it
launches as a background process.
And then you can connect from any
of the three different ways to
connect web, that client or TUI.
And it works.
I am, I'm going to have to start
like if they were an actual product
company, I would like start looking
for a sponsorship because I talk about
them so much as, as my favorite tool.
But other than that, I'm also very much
into Copilot and VS, and the Copilot
world because I'm finding that, you know,
people that, companies that are all in
on GitHub tend to use Copilot first.
And when I talk to what I would call
normie developers, not like bleeding edge,
always on the, you know, the people that
haven't yet put OpenClaw in their closet.
Exactly, they tend to be in their
traditional IDE world, whether that's VS
Code or, you know, PHP Storm or, you know,
whatever IDE they're used to, and they're
just using whatever came with that.
So with VS Code, the default
is, is Copilot, even though you
can put all the other ones in.
OpenCode has a plug,
whatever model you want.
Yep.
Yeah.
Claude has a plugin, I
should say for the audience.
Like, we haven't talked about
this on the show, but it's
even getting more complex now.
and I had to draw, I've had to draw this
out a couple times on the stream, because
now with your GitHub Copilot subscription,
you can now use Claude Code or the Claude
app inside a GitHub or inside a VS Code
as your agent of choice inside the Copilot
harness and which basically means you
don't need a Claude Code subscription
to use, if you want to learn more
about any of
the official cloud
tooling, which is great because I mean,
I think this abstraction from the actual,
or marrying yourself to a specific
company is kind of a thing of the past.
You're just going to go for the
best model eventually, right.
Whatever.
It might be Cloud does Code and OpenAI
does something else and whatever.
And you just have it set up where,
Oh, I have a use case and they
just, my swarm of agents go out to
the right model and get it done.
it does feel weird to
commit to any one company.
I mean, I feel like you're pretty safe if
you committed to Anthropic right now, but.
I think so.
Yeah.
But I, I believe, what other, it doesn't
matter which company you go with.
I really believe your local
setup is super important.
I mean, I'm harping on this as like
your human operating system or your Bret
operating system where you have to set up
like all your agents, you have to set up
all your template files and memory files
locally and really use that as your basis.
And it doesn't matter what model
you used and cause it always gonna,
it should always read that locally.
I use Gemini with OpenClaw and when I
had the same setup for all the models
and Gemini was the most apologetic.
Every time I do something
like, Oh, I'm so sorry.
It didn't work properly.
And I would be like,
it's just so frustrating.
Like stop apologizing, just fix it.
Yeah.
That's the thing right now too.
Like not every developer
gets to choose their models.
This is something Laura Tacho
was on the show last year and was
talking about like, one of the
biggest barriers for developers.
In enterprise is the fact that the
enterprise doesn't necessarily hand
out licenses to everyone, and if it
does, it might be very prescriptive to
which models or harnesses they can use.
So people are kind of just stuck
using whatever their company decided
on a year ago, which was like, that's
like the equivalent of making a
decision and keeping it for a decade.
Like the challenge right now is if you
make a commitment as an organization,
that's a really, like, you could
essentially be at this point, the
equivalent of years behind an AI
because you've aligned yourself.
And that's something that's not like
IT purchasing isn't used to that,
like lawyers and contracts and all
these things aren't used to that.
So I sympathize with people like James,
because you're having to use Gemini,
everyone I know, like pretty much all
of my bleeding edge friends that are
living in AI all day long as developers.
And these are people that get to
choose whatever tool they want to use,
because they're all small businesses or
subcontractors, or, you know, they, there
are, there are product people that are
making their own products or whatever.
I'd say, yeah, 99
percent of them are on 6.
The other 1 percent are on GPT
5.4 because 5.4 specifically,
yeah, specifically 5.4 is showing
really good signs of back end code.
It's evidently a horrible designer.
So I'm like, if you had to
ask me this week, and it will
probably change next month.
Opus 4.6 is go to for the least number
of hallucinations and the longest run
cycles before I have to like, Ralph loop
it through or, or if you know about Ralph
loops, but like before clear context,
like, so like Opus is the jam, like
Opus, Opus, Opus, maybe Opus for planning
and Sonnet for actually doing the work.
If you want to save tokens, GPT 5.4,
if it's doing backend stuff and not
frontend, nothing design related.
And then I don't know where
Gemini falls in there other
than like Nano Banana for me.
Like I, I make images and
I don't use Gemini for it.
So the problem is, is like developers,
like this is like, this is the part that
I hate, like a year ago, I didn't want
to talk about any of this because well,
all the models were kind of, I think
I feel like a year ago, all the models
were kind of, eh, we were, I think we
were doing like Sonnet 3.5 at the time.
Right.
3.7. And so the problem is like people
are stuck on a particular, what I would
call, Legacy model, just because it's
only like six or eight or 10 months old.
Or
not even, right.
And that model is, I don't know,
three times, not like three
times worse than Opus maybe.
So that's the real problem right now is I
feel like we've got first class citizen,
like we've got people that are loving
life on Opus and then we've got people
struggling on older models or older
versions or approved models or whatever.
And they're like, everything's garbage.
And I'm like, no, actually it's not.
I mean, there's plenty of garbage
to be found, but it is so much
better if you just try this.
And not everybody can do it.
Not everybody gets to have that.
I think
so.
I think all the models are good.
They just require, for example,
Gemini, I used it for a long time.
And I just think you have to set
up the prompting much differently
compared to the other models.
Once you get it kind of set up, it works.
I, I still believe, like you
said, Claude is the best designer.
in Claude Desktop, they
had this design skill.
If you're using Claude, just enable that.
It does amazing websites or graphics.
It really nice.
And it's right out of the box.
You don't have to do anything.
Just enable the graphics
skill or the design skill.
Right, that's maybe something to talk
about too, real quick is like the,
all of these things require effort
in terms of getting your agents.md
file for the project really honed in.
Although there's just a report that
came out a couple of weeks ago,
that's suggesting that agent files
actually reduce the quality of the
finished product in every test.
I don't know if you saw that,
but that was like, I didn't even
know what to think about that.
Like, but skills to me have been a game
changer in the last couple of months,
and if you've not, someone who's adopted,
adapted to skills, I'm pretty sure all the
harnesses now have got a way to use them.
The paths might be slightly different
depending on the harness, but creating
the skill markdown files or finding
good ones on the web that I have read
and I am assured do not have any sort
of prompt injections, that's key, but
I feel like that has changed the game
for me in allowing me to give the
harness work without a lot of rigor.
And it not losing its mind.
And I think that's the key distinction
between like now and six months ago.
Is six months ago, if I didn't give it a
very long prompt, very clear, and we were
all like pasting and storing prompts, and
then we were, and then we had commands
and we were trying to store them in
commands because we didn't want to have
to type the whole prompt or paste it.
And now I'm not doing any of that.
I'm only doing skills and I don't
know about you, but I'm finding
that that's all I really need.
I just need to write the skill and
I keep having the agent update.
Whenever the, it's almost reminds me
of like the rule in ops is when you
have an, When you have a production
failure, the rule in Ops is you create
a test, so that somewhere in your test
pipelines, that, that failure was tested
to make sure it won't happen again.
Like the goal is never
the same failure twice.
I feel like with skills and AIs now,
if I, like I just happened yesterday,
I was having a walk, it was actually
running a SOP for me, a standard
operating procedure of just something
in my courses that I would normally
have like a virtual assistant do for me.
And it's going through processing
this text and managing some, creating
some HTML and things for me that I
need for each lecture in a video.
And it made a couple of mistakes, put
some things out of order and I realized,
Oh, the skill needs to be updated.
So I just ask it to update the skill
to please fix this and then also update
the skill so it doesn't happen again.
And I feel like that's my new operator
and failure mode is if I see the AI
misbehave, it's probably a lack of
it not having the proper instruction.
I just need to update the
skill and have it retry.
And then usually corrects itself.
Is that something that you're seeing?
Are you, is that
And it's back to the context question
again, it's really, you know, sometimes
it forgets how to use the skill.
So maybe you have to declare
the skill better, so it
understands the skill better.
But I mean, the skill works, but
sometimes I have to go again and say,
Hey, don't you remember use the skill
lap time like this, this and it worked.
And then I realized maybe I have
to add more context to it, so it
realizes if it starts a new if
chat with this skill, it should be
able to use it right off the bat.
And I mean, I built all sorts of skills.
It's really, I find that's, really the
game changer at the moment is skills.
Like you said, it's where I'm
investing all my time at the moment.
How do you manage your skills?
Like, do you, I've been looking
into the NPX skills tool.
I think it's, I think for cell made it.
I'm not an expert in it yet.
I've really only had like a week's
use of it, but it's helped me.
Okay.
It's, I mean, I was making them all
manually before then, and then or like
downloading, copy and pasting from GitHub
repos, you know, finding ones I liked,
and I'd store them in my global path,
which I think is like in my user directory
.claude/ slash skills and then skill name.
and.
I realized suddenly that I was
spending a lot of time copying
and pasting in between projects.
And I haven't really figured out,
like, I don't know if I can actually
use the MPX skills tool to like
store my own and like have them
centrally so that I can access them.
I guess I could probably do that.
Do you have, are you, do you
have any hot tips for anyone?
I'm kind of putting you on the spot.
So,
And, I mean, what I do, obviously
I store each skill as this
individual repo in GitHub.
So it all goes out to GitHub
and then I version control it.
And I say, anytime you touch that,
you better sync it to GitHub.
So then I always have like a backup copy.
And then it's running tests
on this and everything else.
So that's, that's one unlock I did
because obviously, early on, my OpenClaw
deleted itself and I lost everything.
And so since then I've been
backing everything up to get up.
So, but that's like kind of a,
like a, kind of a workaround to
have skills ready, and then I'm
also defining a skill per agent.
So I have like a DevOps agent.
And the DevOps agent's responsibility
is just only DevOps, and it has
only DevOps skills assigned to it.
So then it has context
with just these skills.
It doesn't need context
for every skill I have.
And I think since I changed it to
specific skills per agent, it's gotten
more clever on how to use the skills.
Now, when you create an agent, in that
sense, are you talking specifically
of something like Claude Code or like
what, you say you create a DevOps
agent, where are you creating that?
So, I mean, in the context of OpenClaw
or I would say open Claude Code as
well, you can create basically folders
and each folder is its own project.
And within the project, you can have
skills and all these things with insight.
And you define each folder as its
own agent, like its own personality,
what it's capable of its own,
claude.Md file, essentially.
Okay.
Or agent.md file.
And that's how you kind of version
control it and have the separation.
And then you can kick it off separately.
So, we're going to jump into
OpenClaw cause there's all the
insanity of what people are doing.
But behind that, and I've never
actually even installed it yet.
I'm just, it's been so busy
and it's not even that old.
Like I, it's, I feel like we've lived
10 years in the last two months.
You're a person that operates in a
high safety environment, high secure
environment, obviously you're not
using this for work, I assume, but,
Strictly testing at the moment.
Right, but OpenClaw isn't necessarily,
like, can you talk to a little bit about
OpenClaw isn't necessarily on day one, the
minute you install it, some rogue, crazy
thing that's going to ruin your life.
Like it, no, like the things that we're
hearing in the headlines are people
deliberately doing things with it that
they probably shouldn't have done.
And that's not, it's.
That's not its modus operandi.
Like it's not, that's not what
it's trying to be necessarily.
I always look at it as like an
orchestrator of, if it's orchestrating,
it comes in and it decides, you decide
what you want it to orchestrate.
You decide how much you want
to give it of your life.
You decide what things it has access to
and you put the guardrails in and all.
Is that all true?
I'm actually just assuming
that that's all true.
You have to back up some, and this is
where your DevOps specialty comes in,
Bret, is like, most people probably
don't have the infrastructure knowledge
on how to set up a server generally.
Right?
So they're setting up their home
PC or whatever server they want,
and they're putting OpenClaw on it.
And they have maybe not the
comprehension of how to secure the
server, regardless of OpenClaw.
I'm just saying, hey, putting
a server on the internet with a
website, maybe is not a good idea
if you have everything open, right?
And that's, I think what really
burned a lot of people with OpenClaw
cause they're, you know, putting
it out there, they didn't lock
it down, all the ports were open.
And then the first few versions
of OpenClaw, the API keys were all
just plain text stored locally.
You know, it was like version 0.
1 and I mean, it's still
early days for this product.
So I mean, if you're putting
your server out there password
123 it's gonna get hacked.
Somebody's gonna get in it.
Somebody's gonna take advantage of it.
But is the server going rogue by itself?
No.
I mean, unless you tell
it to, it won't do that.
And that's, it's that's the thing.
I mean, it's whatever
you're telling it to do.
And I've set up, I don't
know, maybe 10 OpenClaws now.
So I've set them up multiple times
trying to understand the process and
like, kind of, really by the content.
Oh, right.
And, no, it's really, you know, you
just have to have the basics down.
Locking down the server o, installing
OpenClaw and figuring out like, Hey,
if I give OpenClaw an API key to Claude
or OpenAI or whatever, look in the
server to see where it's stored and
just like figure out is this secure?
And then I realized quite quickly,
I'm like, that's not secure.
I'd rather store all my keys in 1Password
and then have a connection from the
OpenClaw to 1Password to grab the keys.
And that's how I'm doing it like this.
So it's a lot of security
basics that are burning people.
Now, it is possible that, yeah,
you just update it incorrectly and
you open more ports by accident.
But you just have to
constantly monitor this stuff.
And I built like a security
skill for OpenClaw.
Obviously it doesn't
pass any of the tests.
I'm like, I built it just for myself
and I put it in the OpenClaw Hub.
And essentially it just checks, do
you have your firewall turned on?
Do you have a VPN?
Are all the ports, you know, locked?
It's basic IT stuff.
Okay.
And that's what's really hurting a
lot of people and they don't realize,
and I just saw on Hacker News that
they're charging, somebody's charging
$5,000 to install OpenClaw servers for
people in San Francisco at the moment.
That's awesome.
Good for them.
Good for them.
It's one curl command and
you have it installed.
Right.
Come on.
Right, but you need a VPC somewhere.
You need, you know,
yeah, you need a droplet.
I mean, I think when first, when it sort
of reached its first sort of peak, not
really peak hype, but like when it first
got hyped up, it was the first time
I'd ever seen an open source project
where basically all the cloud providers
within a week of each other all put out
notifications saying, Hey, we have a
way for you to run this one app on our
platform, like a one click install for
this thing, and I had never seen that.
I've never seen like major top tier
cloud companies going, Oh, suddenly
we care so much about this brand new
month old piece of open source that
we're going to make it a dedicated
product for you to run on our platform.
And that's just never really happened.
I've never seen that.
It's, you know, normally it takes
five, 10 years for a mature product
to be something that, you know, Google
Cloud or Azure care about, right?
Like they just, they're
not going to hype it up.
But it's reached such hype cycle,
and I think there's so many players
now all competing for the, you
know, agent, are, you know, the
place where you run your agents.
We've got a ton of little startups
that have been around for a couple of
years, all trying to play in that space.
Daytona, who's been on this show, has
pivoted to be in that space as sort
of the place you run your agents.
And you really just, it's really just
abstracting what you and I would do, which
was create a dedicated server and lock
it down, and you know, make sure that you
got it on patch rotation, make sure that
the ports are exposed and that if you're
going to put SSH out there, put it in
a high random port, you know, make sure
it's, installed tailscale, these types of
things, doing all the things that we do.
And yeah, OpenClaw out of the box
should probably have like a built
in lockdown skill, where it's
just going to automatically do
that as a part of its install to
battle, battle, prepare for battle,
essentially on the internet, you know.
That's a great point
you brought up, right?
I mean, the picture behind
you, like everything's on fire.
That's actually my OpenClaw
server a couple of times already.
I mean, it's a, so, I mean, I set
everything up and, when you set it up as
root, root, that's obviously bad advice.
You should never do that.
So it's running as root.
And I got really frustrated in
Telegram and I'm writing something
and I said, just delete it,
delete, you know, whatever it is.
Well, OpenClaw took it literally and
deleted the entire project and down to
the root and just deleted the server.
No longer responsive.
I was like, wow.
Okay, that worked.
So it did an RM.
So lesson, lesson learned.
Run it, don't run it as root.
Where do you see, like for you, what
are some anecdotal, like things that you
think are reasonably safe to try with it?
If someone's new and they're a little
concerned, cause we had a, a great, not
really a question, I don't understand the
interest in OpenClaw as hallucinations
are mathematically unsolvable and prompt
injection attacks haven't been solved.
It's just a gigantic attack surface.
And while those are all technically true
things, it's still just software, right?
Like it's still something
that's on my machine that I can
lock down, that I can control.
It's just software
that's running in a loop.
Access to an LLM.
So it's not, these
problems aren't unsolvable.
And you can lock down the prompts,
for example, OpenClaw has a
community in Discord and actually
OpenClaw is running in Discord.
So you can actually, everyone's trying
to prompt inject it the whole time.
And you know, the founder, Peter
is trying to encourage people to
prompt, inject it and try to break it.
Yeah.
But I mean, by the way, that
Discord server is insane.
That Discord server is It's
crazy, all this stuff going on.
I wouldn't be surprised if it's now the
biggest Discord server on the planet.
Like it's insane.
But I mean, what you do is you lock
down your prompt to just your device.
So you can actually pair
your prompt to your device.
So you say only my device, regardless
what you get, is the only one you
listen to, like actual commands.
You can answer questions with everybody
else, but you never process a command.
So it's like only locked
down to my device.
Yeah.
In response to the whole, as
hallucinations are mathematically
unsolvable, the way I'm looking at it
now, especially that we have the newest
models, Opus, I mentioned these earlier,
Opus 4.6, Sonnet 4.6, pretty good.
And then GPT 5.4, for me, my perspective
has changed because once the AI
gets, like we're beyond 80%, unlike
the SWE bench boards and like a lot
of these testing infrastructures,
humans are not infallible like humans.
Before we had the AI doing the
work, humans were making mistakes
too, and we would recover those
mistakes and, and still to this
day still still makes mistakes,
So I don't need the AI to, I've sort
of changed my thought process around
I don't need the AI to be a hundred
percent accurate at everything I ask it
to do, and I don't think it will ever
be a hundred percent accurate because
we, I'm just, I've started to look
at it more as like a junior engineer
where when, if I hire someone and on
day one, I asked them to do a task and
the context that I'm giving them is a
paragraph of information on their first
day, they're more likely to make mistakes
because they don't know the entire
worldview of everything at the company.
So they're going to make decisions
and assumptions that aren't correct.
And I would call those errors, right?
That would be a mistake by a human.
AI is exhibiting the same behaviors to
me now, like where it's not necessarily
going to hallucinate on every request.
In fact, I don't actually know
the last time I would qualify and
that it technically hallucinated.
I would say that it made mistakes.
and, or it made decisions that I
don't agree with, but I, it's not
like, I don't remember the last time
it incorrectly gave me HTML that
wasn't actually a part of the spec.
Like, I don't remember
the last time it did that.
So that's, but you have,
but you have human in the loop, right?
Human in the loop is part of the solution.
You have to check it.
You have to verify things.
I would say that a year ago I was
worried about, and, and I was the guy
shot up the rooftop hallucinations.
Now I don't remember the last time
I cared because I have gone months
with whenever it gives me something
that I don't think was correct.
Yep.
I, 99% of the time believe that
it's because I didn't give it enough
information and it made a false
decision or it made an incorrect
decision with lack of information.
So I actually look at it as, Oh, I didn't,
I didn't realize it didn't know that.
Exactly.
And so I then correct it.
It comes back
to you, right?
Cause I mean,
yeah,
you need to provide it more context.
So I guess my point here is that like,
yeah, like with enough safety rails, with
enough testing, and that's why I'm so
focused on agentic DevOps in my courses
and training and whatnot, because I
feel like that's the next realm of us
really ramping up our own understanding,
evaluations, understanding how do we
test these things so that, and how do we
make sure that humans are in the loop?
How do we, you know, sure we can have
an AI evaluate the PR of the first AI
and a different AI evaluates the first
one wrote it a different one, but that
AI is, for the foreseeable future.
I don't see the AI automatically
approving the PR after it reviewed it.
I still want to take, make a, take a look.
If the PR is got a thousand lines of code
that I have, or 5, 000 lines of code,
I'm probably going to ask it to simplify
that PR and break it into different
PRs, like I'm going to reject that, just
does it align with my roadmap?
Right.
Is that what I want in my product?
Right.
That's also something you'd say.
So I don't, yeah.
So I'm not as confused or is
scared around like how we're going
to wrangle this thing anymore.
I think we're all very aware that it
can be wrong, and whether it's wrong
because of a hallucination, because
it literally made something up out of
the blue, even though it was told to
do something different, which again,
I think that's increasingly rare, or
I just didn't give it enough context.
I didn't give it the right doc so that
it knew to make a better decision.
I feel like that's going to be
more of the problem going forward.
Context, I keep saying that 2026 is a
year of context, like we're learning
how to give it the right context.
What skills are really about is
context, it's really helping us
help it make the right decision.
So
I would switch
back a little bit on that.
I built a couple of different skills.
So I built one just for fun to see
how it works with OpenClaw and it was
essentially connecting my Garmin watch,
and Strava and pulling all this data
in and it's my sleep patterns and all
this health obsession sensor data.
And essentially it pulled everything
in and it tells you exactly,
okay, now it's sunny outside.
Now it'd be the perfect time to go for a
jog or bike ride or something like this.
So it's judging and it says, Oh,
most likely you'll have your fastest
run this week if you go now, right?
Type of things.
So, I mean,
so it was pretty cool with
what's possible there.
And the other use case, I mean, I have a
bunch of web sites that I'm running, and
it's more like testing for our casino.
So we have a bunch of stuff, big content
sites we're always testing, and I, one of
the sites was not passing web core vitals.
And if you don't know what that is,
it's like Google's measurement on
speed and optimization and SEO and all
these like things you have to pass.
Accessibility.
Exactly.
Accessibility.
And it's like four key points.
And my website wasn't passing.
I was trying to mimic what
we have in production.
And essentially it was like, the images
were too big, too much JavaScript.
It had a bunch of junk in there.
And I said, okay, you have access to
my Google analytics, you have access
to the Google core web vitals, and you
have access to the WordPress, we don't
use WordPress at work, but don't worry.
And basically it went out, it
built itself a skill for WordPress.
It built itself a skill to connect to
all the different Google endpoints.
And then it started testing.
It started iterating and
going, okay, now I fix this.
Now I can go start moving JavaScript
and figure out if it breaks anything.
And it kept really iterating all
these things until it actually
passed it, the core web vitals.
So it fixed it itself.
I mean, it took like 40 minutes, I
think, and a gazillion tokens, but but
it did successfully fix my website.
So, I mean, it went out there,
it did all these things.
I mean, I was quite impressed.
So you're running OpenClaw on a cloud
server, it sounds like, not like you
didn't buy the Yeah,
I'm running a digital.
Didn't put it in
your closet.
.
Hey, I'm, I'm happy everybody's doing it.
'cause you know, as a Apple
shareholder, that makes me happy.
But I see no value in this at all.
I mean, running in the cloud server,
it costs what, four, $8 a month,
whatever it is to have a cloud server.
Does the job.
Is it, So I guess for that price, it's,
it doesn't need a lot of resources.
I mean, I'm assuming, I was
assuming it would need at least,
you know, four CPUs and 16 gig
of RAM, like that kind of thing.
I mean, you can run it on a Raspberry Pi.
The thing is, it depends
what you're doing.
If you're just doing like a
bunch of queries to the LLM, you
don't need much power at all.
Now, if you're like building something
locally, obviously you need the power
to run this locally, application,
whatever you're building locally.
So that's where the power is required,
or if you're running a local LLM.
Right?
I think that's a point
too, is like, I probably.
Like, I wouldn't personally be interested
in running, I think like the future might
be it runs in the closet on a local LLM
and then it's essentially free, right?
That's the dream.
That's living the dream right there.
That's why I think people buy the
Mac minis, but I mean, I'm on an
M4 and the models I want to run
still can't fit on my 48 gig memory.
Like, I basically need a half a terabyte
of memory to really run anything.
If you're really going to run a proper
and model locally, you need a Ferrari
server sitting underneath your desk.
Right.
I mean, that thing is going to be a beefy
Nvidia, something or other, but yeah.
does it help me to pull Garmin data
they have this massive model sitting
underneath my desk, probably not, right.
Yeah.
So, so your choices are really like
use a cloud model and potentially
OpenClaw, it uses up a bunch of tokens
and burns through your credit card
or whatever, unless you set limits.
And then if you set limits, then it
can only work so much, then it stops.
Have you run into that where like
you set limits and it hits a limit?
Like, or do you
just let it YOLO through
your,
it YOLOed very quickly through my limits.
and I had like the auto
fill enabled as well.
And also I got like two emails after
another, like 100, 100 from Anthropic,
100, I'm like, what the hell's going on?
I couldn't figure it out.
I'm like, maybe it's just like an
error in the Anthropic or something.
And I realized it's like, It's
going in the background, just, and
I had this, I had this like a refill
the API going in the background.
That was brutal, but I figured
that out and essentially what I
have now is, I built my server
so it starts at a very low model.
So for example, on, it uses Sonnet or
Haiku on Claude for the basic tasks.
Hey, kicking off a cron,
kicking off these things.
And then if it can't figure it
out, it escalates to Sonnet.
And if not, it goes up to Opus.
Oh, wow.
Is that a built in feature or did you?
It's built in by, you can do that
either on Claude or on OpenClaw.
Basically you can say,
Hey, start at this model.
But if you, if I say these specific
commands, then automatically use Opus.
Okay.
Okay.
So it sort of triggers that.
So if you said like, develop
me a backend, you know, Golang,
you, it might trigger that.
Exactly.
Yeah.
We've got a bunch of links to share, but
what is your general advice that you would
like if someone, if you're in the elevator
and you've got just a couple of, if you've
got 60 seconds with someone and they're
like, I really want to get into OpenClaw,
what are some like not to do's and what
to do's, for someone right, like today.
Cause obviously like there's been lots of
iteration in the last couple of months.
It sounds like it's a little more
mature, still very early days,
but a little more mature than the
wild, wild West V dot, you know, 0.
1.
mean, I would recommend
everyone to install it, just
to figure out how it works.
I would maybe not use it for production
or anything like this, but just
understand how all the memory files work
and how the whole, how it's all built.
Because this configuration is now
being adopted by Claude and OpenAI.
They're all kind of using
the same type of structure.
And I believe it's going to be the
standard across all the models quite soon.
So
you have,
I'm going to put your links in here.
You've got a security
checklist you created.
And this is a skill as well.
So, I mean, like I said, it's a
skill that goes out, makes sure you
have fail2ban enabled, your firewall
enabled, all these different things.
And I encourage everyone
to build their own skill.
I mean, you don't have to use mine.
It's just, you can use it as a
reference and say, Hey, use this
as reference, build my own skill.
Yeah.
And that's what I'm encouraging everybody.
Build your own skills because it
matches your use case better anyway.
So one of the things that I'm, I
don't actually know this for a fact,
but one of the things I'm assuming
that people are doing is there,
hallucination factor with certain models.
So if someone's trying to do this on
the cheap, and they're trying to use a
local model, or they, you know, they're
using Raspberry, Raspberry Pi with a
local model that, you know, any, anything
other than a $10,000 rig is going
to have to run your own local model.
And those local models will hallucinate
more like generally they are not
like the state of the art open source
models that everyone talks about.
Oh, the latest Qwen is so great.
Like what they're talking about are
the models that take 400 gig of RAM.
So, unless you've got that, you're
going to be using a scaled down model,
essentially, that can fit on your
GPU, and those will hallucinate more.
So, I'm not even an OpenClaw user yet,
but I can anticipate that when I use
it, I'm going to want it using cloud
models, probably, and I'm going to have
to set limits like you did, because if
I'm going to make anything of value with
it, because James is like, don't hook it
up to anything value, valuable at all.
And sure, that can be your approach,
cause you can do things with it
without ever giving it keys to
your email or anything else, right?
Like you don't have to give it
keys.
You don't have to give it
access to all of your stuff.
You can, it can be just like Claude
Code, which has access to local tooling
and can do, you know, stuff like that.
And just access things in the open
that things that are public, but, I,
I personally, regarding the
security real quick, Brett is,
the least permission model, right?
The least privileged model.
So even for OpenClaw or whatever
API tool you're using, set up API
keys specific the agent, right?
So lock it down.
So it only has read permission
and these types of things.
Don't give it access to your email,
set up its own email box, for example,
you know, do these types of things.
So then you're really certain
that it doesn't, the blast
radius is a bit smaller.
Yeah, it, it actually speaks a little
bit to, I've been thinking more about
like came about, about with MCP as well,
how much our API permission models are
based on humans and not bots, because
for example, if I was going to tiptoe
into giving it access to my email,
I would want to set up an, you know,
rules that basically it's like you get
read only and you only get my inbox.
And you only get this one folder
and you can't do anything, or you
can only write drafts, but you don't
have the permissions to send, you
can write the draft and review it.
But I don't believe we have all those
layers of API model permission, like
API permissions, because we've never
really needed that level of granularity.
Like it's either like you get access
to my email inbox and everything,
you get God access or no access.
And that's, and I'm maybe I'm outdated,
maybe the new Google tool actually
provides some sort of permissions
level that I'm not aware of, but
I suspected for a while that we're
going to need to come up with all new
levels of permissions to really scope
limit this, at least I hope we do.
Gosh, as an industry, I hope we do
because we're going to want, we're going
to want to tiptoe with these things.
And I've been trying to think about how we
can go around the approach of dynamically
changing permissions on the fly.
So for example.
I give it the read permissions
and only, it only gets the right
key, the WR, like the key to write
to things or do the updates and
deletions once I've approved it.
And it can't even accidentally hallucinate
and do it because it doesn't have the key.
So like somehow we're going to need
to come up with these new model, these
new permission mechanisms, and like, we
might even have to modify one password
to dynamically switch things out and
environment variables, which historically
environment variables that change
don't, you have to restart the program.
Like there's all these things at
the system level that I'm, and so,
what I'm really thinking about is
like, we're going to have to probably
adapt a lot of the infrastructure of
the internet to truly do all this.
To support this, right?
Yeah.
To support this.
It's a solved problem already, like by
infrastructure, but now we need to adapt
it to AI, which is not prepared for this.
The granularity of permissions
and things like this.
I just see.
I've been around quite a few people
looked at their servers and whatnot, and
they just yellowed all the permissions.
I'm like, wow, you live dangerously, huh?
And it just takes one
wrong command and yeah.
Yeah.
The, the last thing I want to talk
about, ask you about real quick
is NanoClaw because that's, this
is like hot off the press kind of
stuff that even newer than OpenClaw.
And I didn't, I only saw the headlines.
I didn't know what it was about.
It sounds like, you know, a
little bit more than I do.
Give us like the elevator
pitch of NanoClaw.
Sure.
So NanoClaw is essentially just a, a
real bare bones version of OpenClaw.
And actually, on the website, they
actually mentioned that OpenClaw is like,
what, 50,000 lines of code and 7,000
integrations and then just thousands
and thousands of everything, right?
And I believe NanoClaw is
like 5,000 lines of code.
All the agents are spun up
inside Docker containers.
So it really isolates the agents
compared to your operating system.
And it's really built like security
first, which is quite interesting.
And since I'm a huge Docker fan myself,
I think it's quite a nice setup.
And I think it's one of the
only, only Claws out there that
supports like swarms of agents.
So you have Docker swarm and you have
the agents, you can kind of swarm
up your agents, which is quite a
cool concept if you think about it.
Yeah.
Is Nanoclaw at the point where
like someone would skip OpenClaw
and use Nanoclaw instead?
Is that, how does, is it
a replacement for OpenClaw?
It's definitely prepared for that.
Yeah.
I think it's definitely ready for that.
Now it's.
It's limited as far as features
because they want to keep it lean.
So it's only like Telegram
and WhatsApp you can use.
You can't use Discord
and all these things.
So they really limited the
plugins and everything else
to really focus on security.
And then you can always build on top of
it, but they want to make it secure first.
So this is not just a
wrapper around OpenClaw.
This is like something,
This is a separate
project altogether, yep.
Okay.
well, I certainly liked
the container aspect.
I've been really surprised how little
we've been isolating with containers
so far, like between the harnesses.
Like, I mean, one of the biggest concerns
a year ago and when Claude Code came
out was the fact that it sort of had
roughshod over your system, still does.
Yep.
Cowork, I've been playing around with
Cowork lately, cause I'm trying to
get my wife into it, not a developer,
and giving her Claude Desktop.
And now that's got Cowork,
Claude Chat, Claude Cowork and
Claude code all in one tool.
the Claude code GUI is kind of garbage.
I wouldn't recommend anybody use
that yet, but it's like the worst
of the GUIs for coding harnesses.
But the Coworking is really interesting
because it just, it's simply to
me, it's like giving, it's actually
running in a VM on your machine.
I think I saw someone on the internet
saying it just downloaded a 40 gig VM.
And I'm like, yep, we're back to the VM.
We're back to VM.
And it does it very transparently
and it only mounts in the directories
that you give it when you set it,
when you start it, you actually
tell it which directory to start in.
And that it only has permissions,
that directory, it kind of bind
mounts it in, I guess, to the VM.
So I can, I'm excited to hear about
NanoClaw because I feel like, okay,
we've settled down the hype, like we,
a little bit, like we're, and we're
starting to see signs of the first
iterations of maturity, which means
that people are finally going to bring
in security conversations, which to me
means, okay, now we're doing VMs locally
that are transparent in the background.
Now we're going to be doing containers
locally, and I've actually been
surprised at Docker Desktop not
having, not being the leaders in this.
I've actually been a little concerned
that Claude Code is just going to
basically run right past Docker
Desktop and that would, someone told
me that the, in the near future, Claude
Desktop, or whatever the iterations
are going to be, like, that will be
the way we all run containers because
we're going to be running it with AI.
And it's actually going to, anyway, it's
like a conspiracy theory or maybe a little
bit, but, it's been interesting to see
how finally we're getting to back into
VMs and containers with these toolings
and that they're not just like, they're
not native inside of Docker desktop yet.
I mean, you have MCP, you have,
AI, Gordon and all these other
things inside of Docker desktop.
There's been like, there's sandboxing and
all these things, these new lab things
are doing, like they've got so much stuff
they're releasing over the last six months
that I haven't been able to keep up.
Because that's pretty much obviously
what Docker is also focused on right
now is, continuing to iterate on
their tooling around Cagent and, yeah,
their stuff for running AI safely
inside of Docker containers, which I
am, I can't, I'm looking forward to
the day where none of this stuff is
installing tools on my system anymore.
It's all doing exactly.
Exactly.
So, well, this has been awesome, dude.
I wish we could go for
three more hours, but I'm
now we have to do it again.
I, before we go, I encourage everyone,
regardless if you're a developer or
a high level AI user, I found this
project, and it's what Claude Code
PM course, for product managers.
And I know it sounds for product managers,
but actually it's using Claude Code in
the terminal, and you're actually walking
through setting it all up and everything.
And what I find really great about
this, it explains the structure and
how Claude works with all the files and
how you can actually spin up multiple
agents and personalize all the agents.
And I think this is just a brilliant
resource for people to really
understand how the different AIs work,
because I believe the structural work
with any LM or any model out there.
So if you understand how it works and you
can kind of recreate it for your business
or whatever, cause my objective is then
create this structure for my whole team.
So everyone uses the same structure and
spins off Claudes off the structure.
So everyone's using the same context.
It's pretty cool.
I'm going to check that one out.
I have some of my favorite skills
lately are things like marketing skills.
And I have a front end designer skill.
I think it's actually part of the
Claude Code, skills list, but yeah,
like the things that I'm definitely
interested in skills around things
that I am not good at, because that's
usually where I will give bad prompting.
The AI will more likely go off the rails,
so yeah, I'm supplementing my, like, I
don't have the lawyer ones yet, but I,
it's actually pretty good at contract
review out of the box without any
skills, but I feel like I probably need
that in my little consulting business.
So this has been fun.
I, do you think that I could
just skip OpenClaw for now?
And just, if I've only got a few
hours a week to tinker around, would
Nanocloud be the thing I should point
to first, or do you think I need to
start?
Actually, I'd point to this course right
here, to this Claude Code PM course,
because I mean, then it kind of gives you
the baseline on how you should be using
your AI and how you should be creating sub
agents and agents and swarms of agents.
And like I said, It's built for Claude,
but I really believe you can use
this with OpenAI, Gemini, et cetera.
The same rules apply, okay.
Real quick, last question on your
skills, do you, you talked about, you
put them in their own separate repos.
Does that mean you're doing like Git sub
modules or like, are you checking out?
Repos inside of repos.
Is that, how are you doing that?
It is, it is submodules.
I have to actually look through
it again because it's all being
done by Claude . Oh, okay.
So there, so
I don't, I don't see any
code commits or anything.
I,
yeah.
So you're asking it, you're saying
like, go get this skill from this repo.
Is that
Yes.
Yep.
Okay.
Okay.
So, and it figures
out, but it is still installed locally,
but I am, all code changes are then
committed to this repo and, yeah,
essentially what I said is like,
okay, you can write code to the skill.
You could do all these things, but
you're not allowed to commit directly.
So I made it very specific.
You can't commit directly.
You have to create a pull request.
And I, I'm the only one that
can merge the pull request.
So, because I mean, I learned
over time that I was just
writing directly the whole time.
And I said, okay, now I have to figure
out the proper workflow, so I understand
what the heck it's trying to write.
Yeah.
And I can see like, I'm going to
be treating this thing, especially
as I would sort of ramp up my
automation with it on GitHub.
I'm going to do all the normal
GitHub things that I would do
for the first day employee.
Like I'm, I'm going to make Brent,
I make sure branch protections on
so that they can't write to the
release branch or the default branch.
I'm going to make sure that, you know,
PR reviews are mandatory and requires
approval and checks have to be run.
And like all of the, the rigor
of normal business level GitHub
stuff, it's all going to be there.
And when I give it a PAT, if
that's, I'm assuming what it needs.
I don't know if it's no auth.
It is flow.
Okay.
If I'm going to give it PAT or
whatever, I'm going to give it.
so that it can't just exactly the admin
in my repo and delete it because that's,
but be very careful because I mean,
these are really clever models.
I've had mine prompt me before as like, if
you only give me this extra permission, I
can probably do this, this, this as well.
You know, it was like really being clever
trying to get more permissions out of
me, like, no, no, try again tomorrow.
It's funny, it's funny you say that
because I had that happen last week
and I had a like a weird moment
of like Am I like, do I need to
get a defensive mode right now?
Like, do I need to like shields up myself?
Cause it, it, I think it was asking me,
I, it wasn't, I don't know if it was
a GitHub key, it was something else,
but I was just in a normal Claude Code
session and I was iterating project.
And it kept saying, well, if
you give me, I think it was
something to do with Digital Ocean.
It was like, if you give me your
Digital Ocean token, then I can
go and check all that for you.
And I was like, yeah, no, I'd
rather just check it on the
web interface myself, and yeah.
That's the same thing with Cloudflare.
It was like, it kept on reminding
me like all the time, like, Oh,
I need to flush the cache again.
It would be so much easier
if you just gave me the key.
And every time it really
reminded me of this.
I don't want to give you
access to Cloudflare.
Yeah, this is like, and this is
the kind of conversation I would
have with a junior employee.
That's like, you know,
if
you just gave me access to
that, I could do it for you.
And I'm like, well, let's let the
senior engineers do that for now.
So cool, cool, cool, cool.
this has been a lot of fun.
I, are you making any videos?
Are there, or are you just doing
blog posts and newsletters?
It's just brianchristner.io.
I'm writing like a weekly roundup
of what's going on in the world of
AI at the moment and just quick and
dirty, you know, and I'm starting
again to just do my Byte Podcast.
You remember a long time ago I was doing
like just Two to five minute videos.
What is OpenClaw?
What is that?
And just kind of highlighting some
of the stuff we discussed today,
but in a short, shortened version.
Yeah, I do, I do read your, you're
one of the few emails that I read
consistently because it's short and
sweet and covers all the big hits.
So if I was too busy to like pay
attention to Hacker News or, you
know, register headlines or whatever,
like your email's a good summary.
And and yeah, I mean,
and it costs nothing.
So thank you.
It costs
nothing.
I'm not charging.
All right.
Thank you so much for being here, Brian.
As always we run long and we got
up, we waited too long to have
this, we got to have you back soon.
And I'm excited to hear what you're doing
with agents here in the near future.
That's great.
Thank you very much for having me, Bret.
Hey, thanks for joining.
We'll see you in the next episode.
Creators and Guests
