How to Prevent Runaway Automations in OpenClaw

Intermediate30-60 minutesUpdated 2025-01-12

OpenClaw automations are powerful but dangerous. A single misconfigured loop — like an automation that checks a condition that never becomes true — can generate thousands of API calls overnight, burning $500-2000 in tokens before you notice. This guide shows you how to set up guardrails that prevent runaway automations while keeping legitimate automation functional.

Why This Is Hard to Do Yourself

These are the common pitfalls that trip people up.

♾️

Infinite loops

Automation waits for condition X, but X never happens. Loop runs forever until you manually kill it or run out of money

⏰

No timeout protection

Default OpenClaw has no maximum runtime for automations. They can run for hours or days if not manually stopped

🔥

Cascading failures

One automation triggers another which triggers another. A bug in the chain causes exponential API usage

📱

No alerts

Automation runs overnight. You wake up to a $800 API bill and have no idea what happened until you dig through logs

Step-by-Step Guide

Step 1

Identify automation risks

Audit your current automations for danger patterns.

# List all active automations:
curl http://localhost:3000/api/automations

# Red flags:
# - No max_iterations set
# - No timeout
# - Checks external condition (API, file, etc)
# - Triggers on every message
# - Calls another automation

# Example dangerous automation:
# while (api.status != "complete") {
#   wait(30);
#   checkStatus();
# }
# ← If "complete" never comes, this runs forever

Step 2

Set iteration limits per automation

Cap maximum loop iterations.

# In config/automations.yaml:
automations:
  - name: status-checker
    max_iterations: 50  # Stop after 50 loops
    on_limit_reached: alert_and_stop

  - name: data-processor
    max_iterations: 100
    on_limit_reached: alert_and_continue  # Log but don't stop

  - name: one-time-task
    max_iterations: 1  # Not a loop at all

Warning: Setting max_iterations too high (1000+) defeats the purpose. Most legitimate automations complete in under 50 iterations. If you need more, you probably have a design problem.

Step 3

Configure token-per-run caps

Limit total tokens any single automation can use.

# In config/automations.yaml (continued):
guardrails:
  global:
    max_tokens_per_automation_run: 100000
    max_tokens_per_hour: 500000

  per_automation:
    status-checker:
      max_tokens_per_run: 10000
    data-processor:
      max_tokens_per_run: 50000

  on_token_limit:
    action: pause_and_alert
    message: "Automation exceeded token budget"

Step 4

Add timeout limits

Kill automations that run too long.

# In config/automations.yaml (continued):
timeouts:
  global:
    max_runtime_minutes: 30  # Kill any automation after 30min

  per_automation:
    status-checker:
      max_runtime_minutes: 10
    long-runner:
      max_runtime_minutes: 120  # 2 hours max

  on_timeout:
    action: stop_and_alert
    save_partial_results: true

Warning: Timeouts are your last line of defense. Even if iteration and token limits fail, timeout will kill runaway processes.

Step 5

Set up kill switches

Create emergency stop mechanisms.

# In config/automations.yaml (continued):
kill_switches:
  - type: manual
    endpoint: POST /api/automations/emergency-stop
    requires_auth: true

  - type: cost_threshold
    daily_cost_limit: 50.00  # USD
    action: pause_all_automations

  - type: error_rate
    threshold: 0.5  # 50% of iterations fail
    window_minutes: 10
    action: pause_automation

# Create emergency stop script:
# emergency-stop.sh
curl -X POST http://localhost:3000/api/automations/emergency-stop \
  -H "Authorization: Bearer $ADMIN_TOKEN"

Step 6

Configure alerts

Get notified when automations misbehave.

# In config/alerts.yaml:
automation_alerts:
  - trigger: iteration_limit_reached
    channel: email
    recipients: ["admin@company.com"]

  - trigger: token_budget_exceeded
    channel: slack
    webhook: $SLACK_WEBHOOK

  - trigger: timeout
    channel: sms  # Critical
    phone: "+1-555-0123"

  - trigger: error_rate_high
    channel: email
    threshold: 0.3  # 30% errors

Step 7

Test guardrails with intentional runaway

Verify limits work before production.

# Create test automation that intentionally loops:
# test-automations/runaway-test.yaml
name: runaway-test
max_iterations: 5  # Should stop here
script: |
  iteration = 0
  while true:
    iteration += 1
    log(f"Iteration {iteration}")
    sleep(1)

# Run test:
npm run automation -- runaway-test

# Expected: Stops at 5 iterations with alert
# If it doesn't stop, your guardrails aren't working

Protect Your API Budget from Automation Disasters

One runaway automation can cost $500-2000 before you notice. Our experts audit your automations, identify risks, configure guardrails, and set up monitoring so you never wake up to a massive API bill.

Browse Cost Optimization experts →

Learn more about our expert service →

Get matched with a specialist who can help.

Frequently Asked Questions

Related Guides

📉Cost Optimization

How to Reduce Your OpenClaw API Costs

Intermediate1-2 hours

📉Cost Optimization

How to Set Up Token Budgets in OpenClaw

Beginner20-40 minutes