From hype to wallet drain: OpenClaw can quietly burn hundreds of Dollars per day

A user report on X (formerly Twitter) highlights the absurdity of the default settings. A simple "heartbeat" check, designed to verify every 30 minutes if tasks are pending (e.g., "remind me to buy milk tomorrow"), sends the entire context window to the API.

This means sending 120,000 tokens of context for a trivial check.

• The Cost: Approximately $0.75 per request.
• The Result: Overnight, one user racked up about 25 requests where OpenClaw essentially paid the expensive Claude Opus model to answer the question: "Is it daytime yet?"
• The Damage: $18.75 gone in a single night.

Projected over a week, these idle checks alone would cost around $250. This doesn't even include actual conversations or complex tasks, which, according to tech enthusiast Benjamin De Kraker (via X), can easily add another $20 per day.

While testing OpenClaw, the German tech magazine c't managed to spend over $100 in a single day. However, the costs become truly astronomical when the AI agent is given too much freedom on Moltbook, a rapidly growing social network exclusively for AI agents. Reddit users report costs hitting $8 every 30 minutes just for processing new posts. That adds up to over $380 per day just to let the AI assistant read on AI social media.

Money can be earned back; data, once lost, might be gone forever. Current security research paints a bleak picture of the OpenClaw infrastructure.

According to a recent scan, there are currently 923 Clawdbot gateways completely exposed on the web. This means: No authentication, no password. Since OpenClaw is often granted extensive permissions—such as shell access, browser control, and access to API keys—attackers can easily hijack these instances.

The risk isn't just losing control of your PC. Depending on which "skills" and devices you’ve unlocked for OpenClaw, attackers could potentially cause havoc across your entire smart home or network. Furthermore, attackers can extract the stored API keys (OpenAI, Anthropic, etc.) to funnel massive amounts of tokens for their own use—effectively using your credit card for their free compute power. This is compounded by reports of significant security vulnerabilities within the Moltbook platform itself, which operators appear to be ignoring.

A warning circulating on X from a security researcher puts it bluntly: Many users have their configuration set to bind: "all" (often unknowingly), which allows access from the entire internet. But the post also offers a simple solution.

OpenClaw and the Moltbook network demonstrate the massive potential of autonomous agents, but right now, they are "learning tools" with sharp edges. Anyone wanting to use them productively must effectively become a Systems Administrator.

Best practices currently dictate setting hard API spending limits at the provider level, carefully selecting cheaper models for background tasks, and rigorously auditing configuration files. Otherwise, the dream of a digital assistant will quickly turn into a nightmare for your wallet.