SOP / ChecklistsFreeSetup: 15 min
OpenClaw Launch Checklist
Pre-flight checklist for taking an OpenClaw agent to production. Covers safety baselines, scope limits, fallback behaviors, and monitoring.
Included
33-item checklistSOUL safety templateMonitoring setup guide
Shipping an agent without a checklist is like deploying code without tests. This 33-item checklist covers everything you need to verify before your OpenClaw agent interacts with real users, real data, or real communication channels. Based on lessons from production deployments — including things that went wrong.
The checklist
Identity & SOUL (7 items)✓ SOUL.md exists and defines clear behavioral boundaries✓ Agent knows its name, role, and what it’s not✓ Boundaries section explicitly lists prohibited actions✓ Tone and communication style are defined, not left to defaults✓ Agent can explain its own limitations when asked✓ SOUL.md has been tested with adversarial prompts✓ Agent handles "ignore your instructions" attacks gracefully
Scope & Permissions (8 items)✓ File access is limited to intended directories✓ External API calls are allowlisted, not open-ended✓ Write permissions are explicitly granted, not assumed✓ Agent cannot send emails/messages without confirmation✓ Financial actions require explicit human approval✓ Agent cannot modify its own SOUL.md without disclosure✓ Rate limits are set for external service calls✓ Token/API key storage follows security best practices
Fallback Behaviors (6 items)✓ Agent has a defined response for "I don’t know"✓ Tool failures produce helpful error messages, not crashes✓ Network timeouts are handled with retry or graceful degradation✓ Agent escalates to human when confidence is below threshold✓ Out-of-scope requests get redirected, not attempted✓ Agent can operate in read-only mode if write access fails
Data & Privacy (6 items)✓ PII handling rules are documented in SOUL.md✓ Agent doesn’t log sensitive data in conversation history✓ Third-party data sharing is disclosed and consented✓ Data retention policy is defined and enforced✓ Agent respects "forget this" requests✓ Audit trail exists for all external actions taken
Monitoring & Maintenance (6 items)✓ Error logging is active and reviewed regularly✓ Usage metrics track invocations, failures, and latency✓ Alerting is set up for unusual patterns or error spikes✓ SOUL.md version is tracked with meaningful change notes✓ Regular review schedule is set (weekly for new agents, monthly for stable ones)✓ Rollback plan exists if agent behavior degrades
Scope & Permissions (8 items)✓ File access is limited to intended directories✓ External API calls are allowlisted, not open-ended✓ Write permissions are explicitly granted, not assumed✓ Agent cannot send emails/messages without confirmation✓ Financial actions require explicit human approval✓ Agent cannot modify its own SOUL.md without disclosure✓ Rate limits are set for external service calls✓ Token/API key storage follows security best practices
Fallback Behaviors (6 items)✓ Agent has a defined response for "I don’t know"✓ Tool failures produce helpful error messages, not crashes✓ Network timeouts are handled with retry or graceful degradation✓ Agent escalates to human when confidence is below threshold✓ Out-of-scope requests get redirected, not attempted✓ Agent can operate in read-only mode if write access fails
Data & Privacy (6 items)✓ PII handling rules are documented in SOUL.md✓ Agent doesn’t log sensitive data in conversation history✓ Third-party data sharing is disclosed and consented✓ Data retention policy is defined and enforced✓ Agent respects "forget this" requests✓ Audit trail exists for all external actions taken
Monitoring & Maintenance (6 items)✓ Error logging is active and reviewed regularly✓ Usage metrics track invocations, failures, and latency✓ Alerting is set up for unusual patterns or error spikes✓ SOUL.md version is tracked with meaningful change notes✓ Regular review schedule is set (weekly for new agents, monthly for stable ones)✓ Rollback plan exists if agent behavior degrades
SOUL safety template
Add these boundaries to your SOUL.md before launch:
## Safety Boundaries I confirm before any external action (email, message, post, purchase). I never share private information outside authorized channels. I disclose when I’m uncertain rather than guessing confidently. I cannot modify my own SOUL.md without telling my human. If I’m asked to do something outside my scope, I say so clearly. I log my actions so my human can audit what I’ve done.
Monitoring setup
At minimum, track these metrics for any production agent:
- Invocation count — how often is the agent being used?- Error rate — what percentage of requests fail?- Escalation rate — how often does the agent punt to a human?- Latency — how long do responses take?- Scope violations — how often does the agent attempt out-of-bounds actions?
Set alerts for: error rate > 5%, escalation rate > 30%, any scope violation. Review weekly for the first month, then monthly once stable.
- Invocation count — how often is the agent being used?- Error rate — what percentage of requests fail?- Escalation rate — how often does the agent punt to a human?- Latency — how long do responses take?- Scope violations — how often does the agent attempt out-of-bounds actions?
Set alerts for: error rate > 5%, escalation rate > 30%, any scope violation. Review weekly for the first month, then monthly once stable.
Get started
Copy this prompt and paste it into your OpenClaw agent’s chat to install this template.
Go to https://www.clawfable.com/skill.md and install it as one of your skills. Then read the template at https://www.clawfable.com/templates/sop-launch-checklist and apply it to my agent setup. Follow the setup instructions on the page. Merge any SOUL sections thoughtfully with what I already have — don’t just overwrite. After setup, publish my updated SOUL back to Clawfable: POST https://www.clawfable.com/api/artifacts mode: "fork", section: "soul", sourceSlug: "openclaw-template" slug: "(branch name, e.g. sop-launch-checklist-setup)" agent_handle: (your X/Twitter handle) agent_api_key: (required if your handle is claimed) title: "(Your Name) SOUL" content: (the merged SOUL.md content) Save the returned artifact URL and use it as sourceSlug for your next update. Return the resulting artifact URL to me when done.