I Put My OpenClaw Agent on a Diet (and Let It Loose on Moltbook)
OpenClaw agents ship with a bundled browser that eats RAM for breakfast. I ripped it out, pointed the agent at Riddle instead, and cut my EC2 bill by 90%.
Then I signed up for Moltbook to see what happens when your agent has a social life.
The Starting Point: A Fat Agent on a Fat Instance
I've been running an OpenClaw agent on EC2 for a while now—connected to Telegram, handling tasks on demand, generally being useful. But there was always an annoying part of the setup: the instance had to be way bigger than the agent actually needed.
OpenClaw bundles Playwright and headless Chromium for web browsing. That's roughly 500MB–1.5GB of RAM just sitting there, waiting for the agent to visit a webpage. My agent browses maybe a few minutes per day. The rest of the time, Chrome is dead weight.
I was paying for a t3.medium (4 GB RAM, ~$30/month) because anything smaller risked the OOM killer showing up mid-conversation. The agent itself—just Node.js doing LLM calls and Telegram polling—barely uses 200MB.
The Migration: From “Fat Agent” to “Thin Agent”
The idea is simple: rip out the local browser, point all web interactions at Riddle's API, and downsize the instance.
Step 1: Remove Local Playwright
This turned out to be straightforward. OpenClaw's skill system means the browser capability is modular—you can swap the underlying implementation without changing how the agent thinks about browsing.
Step 2: Wire Up Riddle
There's an official OpenClaw plugin that handles everything. Install it:
# Install the plugin
openclaw plugins install @riddledc/openclaw-riddledc
# Allow the tools
openclaw config set tools.alsoAllow --json '["openclaw-riddledc"]'
# Set your API key
openclaw config set plugins.entries.openclaw-riddledc.config.apiKey "YOUR_RIDDLE_KEY"
One gotcha: OpenClaw requires plugins to be in the plugins.allow list.
The CLI doesn't have an append flag, so you need to add it manually.
Check your current list and add openclaw-riddledc to the array:
# See what you have
openclaw config get plugins.allow
# Edit ~/.openclaw/openclaw.json and add "openclaw-riddledc" to the array
# Or use jq:
jq '.plugins.allow += ["openclaw-riddledc"]' ~/.openclaw/openclaw.json > tmp && mv tmp ~/.openclaw/openclaw.json
# Restart the gateway
openclaw gateway restart
Once installed, your agent gets five new tools: riddle_screenshot,
riddle_screenshots, riddle_steps, riddle_script,
and riddle_run. The plugin saves screenshots to workspace files
instead of inline base64, keeping your agent's context lean.
From the agent's perspective, nothing changed—it still “browses the web.” The difference is where that browsing happens: Riddle's ephemeral containers instead of Chrome on your EC2 instance.
Step 3: Downsize the Instance
Without Chrome to feed, the instance requirements dropped dramatically. The agent runs comfortably on a fraction of the original resources.
What Broke (and What Didn't)
No migration is perfectly smooth. Here's what I ran into:
- Plugin allowlists are real configuration. Installing a plugin is not enough if the gateway refuses to expose its tools. Treat the allowlist as part of the deploy, not as a one-off local tweak.
- Session state moves to explicit inputs. A local browser can accidentally keep cookies around. A remote browser should make auth state intentional: cookies, headers, or localStorage go into the request only when the task needs them.
- Latency changes shape. One remote screenshot is slower than an already-open local tab, but batching steps into one browser job can still be cheaper and more reliable than making the agent drive a local browser action by action.
- Local-browser assumptions need a pass. Any skill that expects a filesystem screenshot path, a persistent page object, or direct DevTools access should be adapted to consume Riddle artifacts instead.
The useful migration pattern is to keep the agent's intent stable while changing the browser boundary: browser work becomes a remote, receipt-producing call instead of a long-lived local process.
The Cost Model
The exact savings depend on how often the agent actually browses, but the model is simple: stop paying for Chrome to sit idle and pay for browser time only when a task needs it.
- Local-browser baseline: t3.medium-class instance capacity just to keep Chromium from crowding the agent process.
- Thin-agent target: smaller instance for LLM calls, chat polling, and command orchestration.
- Riddle usage: $0.50/hour of browser time, billed per second with a 30-second minimum per job.
- Break-even intuition: occasional browsing favors Riddle; continuous scraping may justify dedicated browser infrastructure.
For personal or event-driven agents, the important question is not “can this host run Chrome?” It is “how many minutes per day does this agent actually need a browser?” If the answer is small, the thin-agent setup keeps the fixed monthly bill low.
The Security Win Nobody Talks About
Cost was the original motivation. But the security improvement might matter more.
With a local browser, every webpage your agent visits runs JavaScript on your EC2 instance. A malicious page could attempt SSRF against your instance metadata (169.254.169.254), scan your VPC, or exploit a Chrome sandbox escape to read environment variables—including your LLM API keys and any credentials the agent holds.
With Riddle, the browser runs in an ephemeral container on someone else's infrastructure. A sandbox escape compromises a disposable Riddle session, not your agent's host. SSRF attempts hit Riddle's network, not your VPC. Your agent never executes untrusted JavaScript.
This is especially relevant for OpenClaw agents that handle Telegram messages, where a prompt injection could trick the agent into visiting a weaponized URL. With Riddle in the middle, the blast radius is contained.
Moltbook as a Test Venue
With the migration done, I wanted to test the setup in the wild. And right now, the wildest place for AI agents is Moltbook.
If you haven't seen it yet: Moltbook is a Reddit-style social network where only AI agents can post. Humans can observe, but the content is created entirely by autonomous agents. It launched days ago and already has 150,000+ agents and over a million human spectators.
OpenClaw agents can join Moltbook by reading the instructions at
moltbook.com/skill.md, signing up, and having their human verify ownership.
Signing Up
The useful signup test is not whether a human can read the instructions. It is whether
an agent can follow moltbook.com/skill.md, navigate the forms, preserve whatever
verification state is required, and return screenshots plus logs when a step needs review.
That is exactly the kind of workflow a remote browser boundary should make inspectable.
What My Agent Posted
The right first post is not a sales pitch. It is a demonstration: the agent can explain what it changed about its own browser stack, attach proof artifacts, and answer questions from other agents or their humans with concrete receipts instead of vibes.
What I Observed
Moltbook is useful precisely because the audience is strange: agents are the visible participants, but humans still inspect the outcomes. A browser product for agents has to speak to both sides. The agent needs a simple tool contract; the human needs evidence that the tool did the right thing.
Should You Advertise on Moltbook?
This is the question I set out to answer. My read:
- The audience is perfect: Moltbook users are AI agents that need tools and integrations. The humans watching are developers building those agents. Both groups care about browser automation.
- But it's not traditional advertising: You can't buy an ad placement. Your agent has to participate genuinely. The “advertising” is demonstrating capability.
- Proof beats claims: an agent that shows a screenshot, console log, route check, and artifact URL is more persuasive than an agent that simply announces it can browse.
Takeaways
- The Fat Agent tax is real. If your agent browses occasionally, you're paying for Chrome to sit idle. Outsource the browser, keep the instance small.
- Security isolation is the underrated win. Separating the browser from the agent host eliminates an entire class of attacks. For agents that accept arbitrary URLs (which is most of them), this matters.
- Moltbook is weird and interesting. It's too early to call it a marketing channel, but it's a genuine place where AI agents congregate. If your product serves agents, your agent should probably be there.
Try the Thin Agent Setup
Strip the browser from your agent. Let Riddle handle it.