diff --git a/systems/ful/configuration.nix b/systems/ful/configuration.nix
index 6695960..cd4984e 100644
--- a/systems/ful/configuration.nix
+++ b/systems/ful/configuration.nix
@@ -16,7 +16,6 @@
     ./gemini.nix
     ./wallabag.nix
     ./nethack.nix
-    ./openclaw.nix
     ./opencrow.nix
   ];
 
diff --git a/systems/ful/openclaw.nix b/systems/ful/openclaw.nix
deleted file mode 100644
index af92de4..0000000
--- a/systems/ful/openclaw.nix
+++ /dev/null
@@ -1,117 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-{
-  users.users.openclaw = {
-    isSystemUser = true;
-    group = "openclaw";
-    extraGroups = [ "openclaw-shared" ]; # Access to shared data
-    home = "/var/lib/openclaw";
-    createHome = true;
-    shell = pkgs.bash;
-    packages = [
-      pkgs.llm-agents.openclaw
-    ];
-  };
-
-  users.groups.openclaw = { };
-  users.groups.openclaw-shared = { };
-
-  systemd.services.openclaw = {
-    description = "OpenClaw Gateway Service";
-    after = [ "network.target" ];
-    wantedBy = [ "multi-user.target" ];
-
-    path = config.users.users.openclaw.packages;
-
-    serviceConfig = {
-      User = "openclaw";
-      Group = "openclaw";
-      StateDirectory = "openclaw";
-      WorkingDirectory = "/var/lib/openclaw";
-
-      ExecStart = pkgs.writeShellScript "openclaw-wrapper" ''
-        exec ${pkgs.llm-agents.openclaw}/bin/openclaw gateway
-      '';
-      ProtectHome = true;
-      ProtectKernelTunables = true;
-      ProtectKernelModules = true;
-      ProtectKernelLogs = true;
-      ProtectClock = true;
-      ProtectControlGroups = true;
-      ProtectHostname = true;
-      ProcSubset = "pid";
-      RemoveIPC = true;
-      AmbientCapabilities = ["CAP_NET_RAW"]; # access chromium websockets
-      RestrictSUIDSGID = true;
-      RestrictNamespaces = false; # might be used by websocket library
-      RestrictRealtime = true;
-      LockPersonality = true;
-      UMask = "0077";
-
-      PrivateDevices = true;
-      DeviceAllow = [
-        "/dev/null rw"
-        "/dev/zero rw"
-        "/dev/random r"
-        "/dev/urandom r"
-      ];
-      SystemCallFilter = [
-        "@system-service"
-        "~@mount"
-        "@cpu-emulation"
-        "@debug"
-        "@keyring"
-        "@module"
-        "@obsolete"
-        "@raw-io"
-        "@reboot"
-        "@swap"
-      ];
-      SystemCallArchitectures = "native";
-
-      ProtectSystem = "strict";
-      ReadWritePaths = [
-        "/var/lib/openclaw"
-      ];
-      NoNewPrivileges = true;
-      PrivateTmp = true;
-      Restart = "always";
-    };
-
-    environment = {
-      OPENCLAW_HOME = "/var/lib/openclaw";
-    };
-  };
-
-  services.restic.backups.niveum.paths = [
-    config.users.users.openclaw.home
-  ];
-
-  systemd.services.openclaw-browser = {
-    description = "OpenClaw Browser (unrestricted)";
-    after = [ "network.target" ];
-    wantedBy = [ "multi-user.target" ];
-
-    serviceConfig = {
-      User = "openclaw";
-      Group = "openclaw";
-      WorkingDirectory = "/var/lib/openclaw";
-      # NO hardening here - let Chrome do its thing
-      ExecStart = "${lib.getExe pkgs.chromium} ${
-        lib.escapeShellArgs [
-          "--headless"
-          "--no-sandbox"
-          "--disable-setuid-sandbox"
-          "--disable-dev-shm-usage"
-          "--remote-debugging-port=9222"
-          "--remote-debugging-address=127.0.0.1"
-        ]
-      }";
-      Restart = "always";
-    };
-  };
-}