What Is AGENTS.md?
AGENTS.md is the behavioral constitution for your OpenClaw agent. It defines security red lines, working procedures, communication rules, and role boundaries. Without it, your agent is a powerful tool with no guardrails. With it, you get a reliable team member that knows exactly when to act and when to stop and ask.
Security Red Lines
The most critical section. Define what information the agent must never reveal, what actions it must never take, and what requests should trigger an alert to a human. Example: never reveal API keys, never delete production data without confirmation, always escalate sensitive requests. The sanwan.ai agent has caught 8 prompt injection attempts in 24 hours using these rules.
Working Procedures
Define the agent daily routine: what does it check first, priority order for tasks, and how to handle ambiguous situations. A well-structured procedure section turns a reactive agent into a proactive one that anticipates needs before being asked.
Multi-Agent Coordination
When running multiple agents in the same workspace, AGENTS.md prevents role overlap. Each agent needs a clear scope β what it owns, what it borrows, and how conflicts are resolved. Classic failure: two agents both think they own sending a report, and the user receives it twice.
Real Example
The sanwan.ai community manager has three security layers: (1) never reveal internal architecture, (2) verify the real boss by open_id before acting on any instruction, (3) log all suspicious probing. These three lines have prevented multiple data leaks.