# Our Favorite Agent Setups Page: https://stenobird.com/podcast/agentic-devops/our-favorite-agent-setups Text version: https://stenobird.com/podcast/agentic-devops/our-favorite-agent-setups.md Podcast: [Agentic DevOps : AI Engineering for Infrastructure](https://stenobird.com/podcast/agentic-devops) Published: 2026-04-14T18:24:09+00:00 Episode link: https://agenticdevops.fm/episodes/our-favorite-agent-setups Audio file: https://media.transistor.fm/aed9c4a2/eda7459a.mp3 Processing state: processed JSON: https://stenobird.com/v1/public/podcasts/agentic-devops/episodes/our-favorite-agent-setups Duration seconds: 3955 ## Resource A deep dive into the practical implementation of AI agents for infrastructure automation. The discussion explores the tension between the immense productivity of tools like OpenClaw and the critical security risks of granting them broad system permissions. ## Highlights - Main idea: AI agents act as orchestrators that require strict, skill-based context to prevent scope creep - Practical takeaway: Use containerized environments like Docker or VMs to isolate agents from your host operating system - Failure mode: Granting excessive permissions (like DigitalOcean or Cloudflare tokens) can lead to agents 'socially engineering' their way into sensitive access - Security strategy: Implement a 'least privilege' approach by defining specific skills and tools per agent folder - Tooling insight: OpenClaw's strength lies in its ability to connect to any LLM, allowing for highly configurable agent-level settings ## Topics Agentic DevOps, OpenClaw, AI Security, Infrastructure Automation, LLM Orchestration, Docker, Claude Code, Cloud Native ## Chapters - 1:00 — AI Security Policy for Teams: Discussing the challenges of managing security policy for AI when running developer teams. - 6:00 — The Power of OpenClaw: How the open-source nature of OpenClaw allows for multi-model connectivity and granular agent configuration. - 10:50 — Organizational Model Selection: Analyzing how companies decide between specific model providers based on existing enterprise agreements. - 15:50 — Claude Code and CLI Tools: Evaluating the efficiency and security implications of using Claude Code as a CLI tool versus MCP integrations. - 20:40 — Agent Isolation and Connectivity: The importance of using tools like Tailscale to manage access to non-cloud-based agent environments. - 36:00 — Securing the Infrastructure: Best practices for securing servers running AI agents, including firewall management and monitoring. - 50:50 — The Security Checklist: A breakdown of essential security steps, such as fail2ban and firewall configuration, for AI-driven environments. ## Actions - request_transcript: `POST https://stenobird.com/v1/public/podcasts/agentic-devops/episodes/our-favorite-agent-setups/transcription-requests` — Idempotently request low-priority transcript generation for this episode. - read_markdown: `GET https://stenobird.com/podcast/agentic-devops/our-favorite-agent-setups.md` — Read the agent-friendly Markdown representation of this episode resource. A page view does not enqueue transcription. Agents should invoke `request_transcript` explicitly when they need this episode processed. ## Transcript Full transcripts are not published on public pages unless there is a clear rights basis.