Mac Mini Security & OpenClaw Setup

Day-One Checklist with Reasoning

Complete these tasks in order on first boot. Section 1 covers security hardening. Section 2 covers OpenClaw and AI model setup. Section 3 covers additional requirements when working with confidential attorney-client files. Check each box as you go. Adapt specific paths and model names to your configuration as needed.

Section 1: Security Hardening

☐ Create a Strong Login Password WHY: Your login password is the first line of defense against anyone who physically accesses your Mac Mini. Without a strong password, all other security measures can be bypassed at the login screen. HOW: System Settings → Touch ID & Password → Change Password. Use a passphrase of 4+ random words or a 12+ character mix of letters, numbers, and symbols. Do NOT reuse your Windows password.

☐ Enable FileVault (Full Disk Encryption) WHY: FileVault encrypts your entire drive with AES-256. If your Mac Mini is stolen and someone removes the SSD, the data is completely unreadable without your login credentials. This protects API keys, OpenClaw config, authentication tokens, and all work files stored locally. HOW: System Settings → Privacy & Security → FileVault → Turn On. Save the recovery key in a password manager or printed and locked away. Encryption runs in the background and takes 30–60 minutes.

☐ Enable Find My Mac WHY: Find My Mac lets you track your Mac Mini via iCloud and — most critically — remotely wipe the entire machine if it is stolen. This is your last resort to protect stored data before a brute-force attack succeeds. HOW: System Settings → Apple ID → Find My → toggle Find My Mac ON. Requires you to be signed into an Apple ID. Test it at icloud.com/find to confirm the device appears.

☐ Set Screen Lock to Immediate WHY: Without automatic screen lock, a brief absence from your desk gives anyone physical access to your logged-in session — completely bypassing your password. Immediate lock ensures the machine is secured the moment you step away. HOW: System Settings → Lock Screen. Set 'Require password after screen saver begins or display is turned off' to Immediately. Also set 'Start Screen Saver when inactive' to 2–5 minutes.

☐ Configure Startup Security (Firmware Protection) WHY: Startup Security prevents someone from booting your Mac from an external USB drive or entering Recovery Mode to reset your password — both common physical attack techniques on unattended machines. HOW: Restart into Recovery Mode by holding the Power button until 'Loading startup options' appears. Select Options → Startup Security Utility. Set to Full Security. This requires your login password before any changes to startup behavior can be made.

☐ Install Tailscale VPN WHY: Tailscale creates a private encrypted network between your devices (Mac Mini, Windows machine, GCP VM). OpenClaw's gateway port is never exposed to the public internet — it is only reachable from your trusted devices. Even if someone discovers your IP address, they cannot reach OpenClaw without being on your Tailscale network. HOW: Download from tailscale.com/download. Install and sign in with your Tailscale account. Add the Mac Mini to your network. Confirm all trusted devices appear in the Tailscale admin console at tailscale.com/admin. In your OpenClaw config, bind the gateway to your Tailscale IP rather than 0.0.0.0.

Section 2: OpenClaw & AI Model Setup

☐ Install Ollama WHY: Ollama is the local model runtime that runs DeepSeek R1 14B and Qwen3 14B directly on your Mac Mini. It handles model downloading, quantization, and exposes a local API that OpenClaw connects to. Without Ollama there is no local AI capability. HOW: Open Terminal (Cmd+Space, type Terminal, Enter). Run: curl -fsSL https://ollama.com/install.sh | sh Verify with: ollama --version Ollama auto-starts as a background service on every boot.

☐ Pull Your Local AI Models WHY: Local open-source models run entirely on your Mac Mini with no external API calls. Recommended models for a 24GB machine are DeepSeek R1 14B (strong reasoning and analysis) and Qwen3 14B (strong coding). Adjust model choices based on your available RAM and use case. HOW: In Terminal run: ollama pull deepseek-r1:14b Then: ollama pull qwen3:14b Each download is approximately 9GB. Verify with: ollama list You should see both models listed. Substitute different model names if your hardware supports larger or smaller variants.

☐ Install and Configure OpenClaw WHY: OpenClaw is the AI agent framework that ties Ollama (local models) and a cloud API such as Anthropic Claude together into a unified TUI interface. The config file tells OpenClaw which model to use locally and which API key to use for cloud fallback. HOW: Follow the OpenClaw installation steps for macOS. Config file location: ~/.openclaw/openclaw.json. Set primary model to your chosen local Ollama model (e.g. ollama/deepseek-r1:14b). Add your API key for any cloud fallback model. Run: openclaw gateway start && openclaw tui to verify.

☐ Verify Ollama is Bound to Localhost Only WHY: By default Ollama only accepts connections from your Mac Mini itself (localhost). If it were accidentally bound to 0.0.0.0, anyone on your local network could send requests to your AI models. Verify this is correct before going live. HOW: In Terminal run: curl http://localhost:11434 You should see 'Ollama is running'. Then run: curl http://$(ipconfig getifaddr en0):11434 This should fail or time out. If it succeeds, set OLLAMA_HOST=127.0.0.1 in your environment.

Section 3: Attorney-Client Confidentiality

The following steps are required when using this machine to work with confidential attorney-client files. These go beyond general security hardening and address professional ethics obligations under the duty of confidentiality (ABA Model Rule 1.6 and equivalent state rules) and emerging bar guidance on attorney use of AI tools.

⚠ Critical: Cloud API Calls Create Disclosure Risk Every time OpenClaw uses a cloud API (such as Anthropic Claude or OpenRouter), data from your prompt — including any client file content — is transmitted to external servers. For most work this is acceptable, but for privileged attorney-client communications it creates a potential Rule 1.6 issue. You must either disable the cloud fallback for privileged sessions, or obtain informed client consent and verify applicable terms with the supervising attorney before sending any privileged content to an external AI API.

☐ Disable Cloud API Fallback for Privileged Sessions WHY: When working with attorney-client privileged files, AI processing must stay local. Routing client data through any external API — regardless of the provider's security posture — is a disclosure to a third party. This may violate the duty of confidentiality unless the client has given informed consent and the supervising attorney has approved the practice. HOW: Create a second OpenClaw config file: ~/.openclaw/openclaw-privileged.json. In this config, remove all cloud API keys and set only the local Ollama model as primary. When starting a privileged session run: OPENCLAW_CONFIG=~/.openclaw/openclaw-privileged.json openclaw gateway start. Verify in the TUI that the active model is your local model only before proceeding.

☐ Create an Encrypted Sparse Bundle for Client Files WHY: FileVault encrypts your entire drive, but client files mixed in with general work files create risk if you ever need to share access to part of your system. A dedicated encrypted sparse bundle acts as a password-protected virtual drive that only mounts when you need it. Client files stay isolated and require a separate password to open — even from someone with your Mac login. HOW: Open Disk Utility (Cmd+Space → Disk Utility). File → New Image → Blank Image. Set encryption to 256-bit AES, format to APFS, image format to sparse bundle. Name it ClientFiles and store it outside iCloud/Google Drive sync directories. Mount it only when working on client matters and eject it when done.

☐ Exclude Client Directories from Cloud Sync WHY: iCloud Drive, Google Drive, and OneDrive all sync your files to third-party servers by default. Even though FileVault encrypts your local drive, cloud sync uploads plaintext files to servers outside your control. Any client file synced to the cloud is a potential Rule 1.6 disclosure. HOW: iCloud: System Settings → Apple ID → iCloud → iCloud Drive → Options. Deselect any folders containing client files. Google Drive: open Preferences → My Computer → remove client file folders from sync. The encrypted sparse bundle (Step B) is safest because it lives outside all sync directories by design.

☐ Restrict OpenClaw Log File Permissions WHY: OpenClaw logs session activity including the content of prompts and responses. If a session involved attorney-client privileged content, those logs are themselves privileged. Default log files may be readable by any user on the machine. Restrict permissions so only your account can read them. HOW: In Terminal run: chmod 700 ~/.openclaw/logs Then: chmod 600 ~/.openclaw/logs/*.log Add this to your shell startup file (~/.zshrc) to apply on every new session: alias openclaw-secure='chmod 700 ~/.openclaw/logs && openclaw' Also exclude the logs directory from any cloud backup.

☐ Install a Monitor Privacy Screen WHY: Physical confidentiality applies to what is visible on your screen. If you work in any shared space — a co-working office, a law firm bullpen, or even a coffee shop — anyone nearby can read client file content on your monitor. A privacy filter limits the viewing angle so only you can see the screen. HOW: Purchase a privacy filter sized to your monitor (typically 27" for a standard desktop setup). 3M and Kensington make well-reviewed options for $30–60. Apply it to your monitor before working on any client files outside a fully private office. This is a low-cost measure that addresses a real physical exposure risk.

☐ Review Your State Bar Guidance on AI and Confidentiality WHY: Most state bar associations have issued or are developing ethics opinions on attorney use of AI tools and cloud computing under the duty of confidentiality. Before using OpenClaw for privileged client work, confirm your setup meets the 'reasonable measures' standard for preventing unauthorized disclosure. Key questions include: does the AI tool have access to more client data than necessary, and has the client given informed consent to AI-assisted work? HOW: Search your state bar's website for ethics opinions on cloud computing and AI tools. Review ABA Formal Opinion 477R (securing communication of protected client information) and any state-specific guidance. Review findings with the supervising attorney before processing any privileged files through OpenClaw and document that review. Using local-only models (Step A) is the strongest available technical safeguard and aligns with the spirit of the reasonable measures standard across all jurisdictions.

☐ Establish a Session Protocol for Privileged Work WHY: Individual settings are only effective if consistently applied. A documented session protocol ensures you never accidentally use the cloud-enabled OpenClaw config when working on privileged files. Consistency is both a security control and evidence of reasonable measures if a disclosure question ever arises. HOW: Before opening any client file: (1) eject and re-mount the encrypted sparse bundle with its password, (2) start OpenClaw using the privileged config (Step A), (3) confirm in the TUI that the active model shows as your local Ollama model with no cloud API key active. After the session: (1) close OpenClaw, (2) eject the sparse bundle, (3) verify no client files remain in unencrypted locations.

If Your Mac Mini is Stolen — Response Steps

1	Go to icloud.com/find immediately. Remotely lock or wipe the device before it can be accessed.
2	Revoke the device in your Tailscale admin console at tailscale.com/admin → Machines.
3	Rotate all cloud API keys (Anthropic, OpenRouter, or any other provider) from their respective admin consoles.
4	Update your OpenClaw auth token on all other devices running OpenClaw.
6	If client files were stored on the machine, notify the supervising attorney immediately so they can assess whether any client notification obligation applies under the applicable rules of professional conduct.

This checklist covers technical and procedural controls. It is not a substitute for legal advice. If you are uncertain whether your setup meets the confidentiality obligations applicable to a specific matter or jurisdiction, consult the supervising attorney before proceeding with AI-assisted work on that matter.