Follow ZDNET: Add us as a favorite source On Google.
ZDNET Highlights
- NanoClaw has emerged as an alternative to OpenClaw.
- It’s already popular, with nearly 3,000 forks in its GitHub repository.
- Its developer says isolation is important.
If you’ve been following the AI space, you may have heard of OpenClaw — an AI agent that went viral as a system that “actually does things.”
Powered by AI models including ChatGPT and the cloud, OpenClaw is a highly complex AI assistant that can perform tasks on your behalf, whether by sending emails, managing your inbox and calendar, or even booking the services you need. give it more power SkillAnd your OpenClaw build can also control your smart home devices, perform business functions, or handle payments.
Too: Is Perplexity’s new computer a secure version of OpenCL? how it works
Powerful, potentially game-changing, but also a security nightmare. We’ve seen what can happen when AI agents go unchecked, and when you give agent AI the keys to your digital empire, you run the risk of things getting messy – just like one meta researcher found when OpenCL deleted his email inbox.
But could a simpler alternative to OpenCLW enable those interested in agentic AI to safely explore and test its applications? This was the question the developer considered Gavriel CohenWho is the brain behind NanoClaw?
meet nanoclaw
nanoclaw It has been described as a “safe personal AI agent”. It is open source and has over 18,000 stars and nearly 3,000 forks on GitHub.
The codebase of AI agents supported by CloudClaw is much smaller than that of OpenClaw. It relies on a single process and a handful of source files, with less than 4,000 lines of code and less than 10 dependencies. It is much lighter than OpenClaw’s 400,000+ lines of code, but can provide similar functionality when users modify NanoClaw to their needs through methods including skill integration.
secured profit
This OpenClaw option is unique because it uses containers by default. Small, open source codebases can be audited within hours, instantly reducing the attack surface.
OpenClaw is beset with issues, including remote code execution vulnerabilities, susceptibility to instant injection attacks, compromised skills, and exposed examples online, not to mention the risks associated with giving AI systems access to your online accounts and data.
Also: OpenCL is a security nightmare – 5 red flags you shouldn’t ignore (before it’s too late)
So why consider Nanoclaw? Each bot runs in a separate Apple container or Docker container by default, which immediately limits the power and control you can delegate to the NanoClaw instance on your machine.
Why are containers important for AI agent adoption?
If you’re considering adopting OpenClaw, NanoClaw, or any other “Claw” fork, currently, containers seem to be one of the best ways to keep your information secure and maintain control over your builds. There is still inherent risk in these AI bots – especially when Vibe coding shows how many of them are appearing in the community so quickly – but using containers is our first step if you want to explore their benefits.
Speaking to ZDNET, Cohen said that for these agents to run safely, they must be isolated – and not just from your own machine, but from other agents as well. Since NanoClaw runs in a container, it only has access to what is intentionally deployed. According to the project’s GitHub repository, Bash is also more secure, because commands run in the container rather than directly on the host machine.
Also: Destroyed servers and DoS attacks: what can happen when OpenClaw AI agents interact
“With OpenClaw, agents run directly on your machine,” Cohen explained. “Even if you keep the entire OpenClaw instance inside a container or on your Mac Mini, agents can still access the data you want other agents to access. For example, if you have a group with your team at work and your sales rep asks if you can meet at five o’clock to go over the sales pipeline, your agent could potentially respond “No, he’s going to ballet class with his daughter,” sharing private information because a different agent is in your personal group. Have access to your calendar.
Each agent must be in its own isolated container environment to prevent this type of cross-contamination.”
Important NanoClaw security settings and implementation options
When you first download the NanoClaw package, you’ll notice that it installs everything for you without the need for any guides. Then it’s up to you to customize your build using cloud skillsInstead of turning to Wild West storehouses of unverified – and potentially malicious – AI skills.
Cohen said the most important thing to understand is that your main group is your admin/control group, and so it has admin privileges, can see data from other groups, and add agents to other groups.
Also: Why enterprise AI agents could become the ultimate insider threat
In other words, keep that group close to your chest and to yourself, and don’t give anyone else access to this group.
The developer also recommends disabling search and Internet access for the main agent.
“Let it control and install other agents, but it should not be your workhorse,” Cohen said. “This should not be someone who is going on the Internet, being exposed to unverified information, being at risk of prompt injection, or accidentally exposing data.”
What about prompt injection attacks?
Another security benefit is that NanoClaw is based on cloud code, which can provide greater protection against quick injection attacks.
Prompt injection attacks are the bane of AI agent developers and cybersecurity experts right now, who have to try to protect their agents from malicious instructions hidden in online source material and web content that could lead to user data theft or exposure.
Too: Destroyed servers and DoS attacks: what can happen when OpenClaw AI agents interact
However, to further reduce the risk of this attack method, Cohen recommends not placing agents in groups where multi-turn interactions are uncontrolled, as this can gradually weaken anti-prompt-injection hardening. He said:
“NanoClaw’s architecture minimizes the blast radius. So if an agent is immediately injected into a group in which you put them with another person, whether it’s a customer, colleague, or acquaintance, even if they make that agent do everything they want and get full control over it, that agent is still limited to only the exact data you’ve given it access to. It, by default, has no access to the full data on your machine or to other agents. Gives no opportunity to reach.”
NanoClaw’s small codebase, container isolation, and architecture built on optimization through cloud prowess make it potentially a more secure alternative to OpenClaw. However, like any AI agent, you should be cautious about how much control, capabilities, and access you give your creation.
