Aerostack
Aerostack
#observability#monitoring#risk-scoring#activity-feed#openclaw

Real-Time Activity Monitoring for OpenClaw: What I Track and Why

My agent ran 47 tool calls today. Here's every one, risk-scored — and the 2-minute morning review workflow that keeps me sane.

Navin Sharma

Navin Sharma

@navinsharmacse

May 13, 20266 min read

Real-Time Activity Monitoring for OpenClaw: What I Track and Why

I check my agent's activity feed the same way I check Slack in the morning. Coffee in hand, scroll through what happened overnight, flag anything weird, move on. Two minutes.

But those two minutes are load-bearing. They're the difference between catching a misconfigured deployment at 9 AM and discovering it from a customer ticket at 3 PM. This post is about what you should actually be looking for when you open that activity log.

A Typical Day with 5 MCP Servers

I'm running 5 MCP servers in my workspace right now: Postgres, GitHub, Slack, filesystem access, and a custom internal API. Each one logs every tool call, every action, every interaction with external systems.

Here's what a real morning looks like:

09:47 — Postgres / SELECT query / Low risk
09:48 — GitHub / list pull requests / Low risk
09:49 — Slack / read channel history / Low risk
09:51 — Filesystem / read config.json / Low risk
09:52 — GitHub / create comment / Medium risk
10:15 — Postgres / INSERT user record / Medium risk
10:31 — GitHub / merge pull request / Medium risk
10:45 — Filesystem / write deployment manifest / Medium risk
11:02 — Postgres / ALTER TABLE / High risk
11:03 — Custom API / call with API key / High risk

That's 47 tool calls in one day across all servers. Most of them are reads—noise you can safely ignore. A handful are writes that need a quick scan. Maybe one or two hit that orange "high risk" zone and actually deserve attention.

Full disclosure: I built Aerostack, so I can see exactly what's happening under the hood. If I'm building this workflow for my own agents, I'm building it for yours too.

Real-time activity feed with risk scoring — every tool call color-coded and filterable

Risk Levels, Explained Practically

When I look at that activity log, I'm not reading every entry. I'm scanning by risk level.

Low risk (green): File reads. List operations. Search queries. Anything that only observes the world and doesn't change it. This is noise. I scroll past it unless the volume spikes weirdly.

Medium risk (amber): File writes. Command executions. Config changes. Database inserts or updates. These are fine—agents need to do things—but worth a quick glance. Did that write go to the right file? Did that command finish in a reasonable time?

High risk (orange): Deployments. Package installs. Credential use. When your agent is accessing secrets or touching production infrastructure, you want to know about it. I scan every one of these during my morning review.

Critical risk (red): Destructive operations. rm -rf. DROP TABLE. Repository deletion. File wiping. These should never be silent. A critical action shouldn't just log—it should trigger an approval gate before it runs, not after. (More on approval gates in Post 4 of this series.)

The Events That Actually Matter

Here's my personal priority list—the subset of the activity feed I actually care about:

Command execution. Shell commands can do anything. If your agent is running bash, sh, or exec, you need to see what command it ran and whether it succeeded or failed.

File deletes. Irreversible. If something deletes a file on disk or in a database, I want that in my morning review. Even if it's "correct" behavior, I want to confirm it.

Credential use. If your agent is accessing a secret—an API key, database password, OAuth token—that's notable. Not because it's wrong, but because it's a chokepoint. If an attacker has your workspace access, credential use is how they pivot to your other systems.

Deployments. Code going live changes the blast radius of everything else. If your agent deploys, that's top of my list.

Everything else. Reads, searches, list operations, successful writes to the right files—I mostly ignore these unless something looks abnormal.

Filtering Strategies

The activity log can get noisy. Here's how I cut through it:

Filter by risk level. Start with high + critical. Work down to medium if you have time. Skip low entirely unless you suspect a bug.

Filter by workspace. If you have separate workspaces for development, staging, and production, filter by the one you're reviewing. You don't want production activity mixed in with test noise.

Filter by time. When you come back from a break, check "last hour." For your morning review, "last 24 hours." If something went wrong yesterday, you can zoom in on a specific window—"between 3pm and 5pm"—and see exactly what happened.

These filters stack. You can say, "Show me high-risk actions in production from the last hour," and immediately see the three most important things you need to know about.

When Multiple AI Apps Hit the Same Workspace

OpenClaw isn't the only thing that touches your workspace. You might also have Claude Code connected, or a Cursor agent, or a custom bot.

When that happens, the activity feed tells you which client made each call. You'll see:

11:30 — OpenClaw agent-xyz / Postgres SELECT / Low risk
11:31 — Claude Code session-abc / Slack post / Medium risk
11:32 — OpenClaw agent-xyz / GitHub merge / High risk

This is useful for debugging. If something unexpected happened, you can ask: "Wait, who triggered that deployment?" The activity feed has the answer.

It also means you can filter by client. If you're only interested in what OpenClaw did, you filter out Claude Code and Cursor. If you're chasing a bug, you can isolate one client and see its activity in isolation.

The 2-Minute Workflow

You don't need to watch the activity feed constantly. That's not scalable and it's not healthy.

Instead: set up approval gates for critical actions (that's Post 4 of this series—worth reading). Use the activity feed for the 2-minute morning review. Scan high-risk and critical. Confirm everything looks normal. Move on.

If something looks off—a deploy that shouldn't have happened, a file write to the wrong path, an unusual command—dig in. Click into the event, see what the agent was trying to do, check the logs, understand the failure or success.

But most days? Most mornings? You'll scroll through, see reads and normal writes, and confirm everything is working as designed.

That's the workflow. Two minutes. Every morning. Peace of mind.

Try Aerostack's activity monitor: aerostack.dev

Part of the Agent Operations series. Start with the full guide: "I Run 5 MCP Servers on OpenClaw"

Navin Sharma
Navin Sharma
More from Navin Sharma

Related articles

#audit-trail#observability

Your OpenClaw Agent Can Delete Its Own Logs. That's a Problem.

An agent with filesystem access can modify or erase its own audit trail. The community is building solutions. I built prevention instead.

Navin Sharma
Navin Sharma
4m
Back to Blog