MP MarginPilot Seller calculators that explain where marketplace margin goes.
EN ID
Credential-safe trial scope

OpenClaw VPS Paid Trial Runbook Sample

This is a public sample for a fixed-price OpenClaw VPS trial. It shows the setup standard, handoff format, and verification style I would use on a throwaway host. It is not a claim about a private customer system.

Request $10 diagnostic Email scope

Scope Table

This is the minimum handoff shape I would want before calling a VPS agent host repeatable.

Host Fresh Ubuntu 24.04 throwaway VPS; no production secrets or customer data.
Runtime Pinned OpenClaw version, local runtime/npm, and a dedicated non-sudo service user.
Service Systemd unit with restart policy, loopback-bound app port, and logs visible through journalctl.
Hardening SSH key-only access, UFW allowlist, fail2ban or CrowdSec, and no public ports except SSH.
Secrets Environment file owned by the service user or root, mode 0600, not stored in shell history or unit files.
Monitoring Netdata, CrowdSec, or a smaller alternative with the reason written down before handoff.
Handoff Short runbook, verification commands, rollback notes, and screen-recording checklist.

Telegram Photo To Job Record

If a staff member sends a finished-sign photo to a Telegram agent, I would avoid letting the agent guess the job. The workflow should capture file id, sender, timestamp, and caption or job key, then let n8n validate that job against monday.com or the production source of truth.

The photo should be copied out of Telegram into durable storage under a job-keyed path. n8n then writes the storage URL, Telegram message id, submitter, timestamp, and optional checksum back to the job record. If the job match is missing or ambiguous, the path should ask for a job number or send the item to a review queue instead of attaching it to the wrong order.

Verification Commands

The real handoff would include command output screenshots or a short screen recording. The commands below are the kind of evidence I would capture.

  • id openclaw
  • systemctl status openclaw --no-pager
  • ss -tulpn
  • ufw status verbose
  • fail2ban-client status || cscli decisions list
  • ls -la /etc/openclaw /opt/openclaw
  • journalctl -u openclaw -n 80 --no-pager

Handoff Notes

Do
  • Use a fresh trial host and keep production credentials out of scope.
  • Write down every non-default security decision and why it was chosen.
  • Record service restart, log inspection, firewall, and monitoring checks.
Avoid
  • Do not put secrets in shell history, public repos, or systemd unit files.
  • Do not leave app ports public unless the exposure is intentional and documented.
  • Do not call a box hardened without proving SSH, firewall, service, and monitoring state.